What is the primary reason for performing a return on investment analysis?
A. To decide between multiple vendors
B. To decide is the solution costs less than the risk it is mitigating
C. To determine the current present value of a project
D. To determine the annual rate of loss
Which of the following provides an independent assessment of a vendor's internal security controls and overall posture?
A. Alignment with business goals
B. ISO27000 accreditation
C. PCI attestation of compliance
D. Financial statements
If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they will be in the organization. How would you prevent such type of attacks?
A. Conduct thorough background checks before you engage them
B. Hire the people through third-party job agencies who will vet them for you
C. Investigate their social networking profiles
D. It is impossible to block these attacks
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
You have identified potential solutions for all of your risks that do not have security controls.
What is the NEXT step?
A. Get approval from the board of directors
B. Screen potential vendor solutions
C. Verify that the cost of mitigation is less than the risk
D. Create a risk metrics for all unmitigated risks
What is the BEST reason for having a formal request for proposal process?
A. Creates a timeline for purchasing and budgeting
B. Allows small companies to compete with larger companies
C. Clearly identifies risks and benefits before funding is spent
D. Informs suppliers a company is going to make a purchase
As the CISO you need to write the IT security strategic plan. Which of the following is the MOST important to review before you start writing the plan?
A. The existing IT environment.
B. The company business plan.
C. The present IT budget.
D. Other corporate technology trends.
When dealing with risk, the information security practitioner may choose to:
A. assign
B. transfer
C. acknowledge
D. defer
During the last decade, what trend has caused the MOST serious issues in relation to physical security?
A. Data is more portable due to the increased use of smartphones and tablets
B. The move from centralized computing to decentralized computing
C. Camera systems have become more economical and expanded in their use
D. The internet of Things allows easy compromise of cloud-based systems
Involvement of senior management is MOST important in the development of:
A. IT security implementation plans.
B. Standards and guidelines.
C. IT security policies.
D. IT security procedures.
A large number of accounts in a hardened system were suddenly compromised to an external party. Which of the following is the MOST probable threat actor involved in this incident?
A. Poorly configured firewalls
B. Malware
C. Advanced Persistent Threat (APT)
D. An insider
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 512-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.