Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
Which of the following is the reason the CISO has not been able to advance the security agenda in this organization?
A. Lack of business continuity process
B. Lack of identification of technology stake holders
C. Lack of a security awareness program
D. Lack of influence with leaders outside IT
Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years. This global retail company is expected to accept credit card payments.
Which of the following is of MOST concern when defining a security program for this organization?
A. Adherence to local data breach notification laws
B. Compliance to Payment Card Industry (PCI) data security standards
C. Compliance with local government privacy laws
D. International encryption restrictions
Scenario: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization's needs. The CISO is unsure of the information provided and orders a vendor proof of concept to validate the system's scalability.
This demonstrates which of the following?
A. A methodology-based approach to ensure authentication mechanism functions
B. An approach providing minimum time impact to the implementation schedules
C. An approach that allows for minimum budget impact if the solution is unsuitable
D. A risk-based approach to determine if the solution is suitable for investment
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
What type of control is being implemented by supervisors and data owners?
A. Management
B. Technical
C. Operational
D. Administrative
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda. The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization.
From an organizational perspective, which of the following is the LIKELY reason for this?
A. The CISO reports to the IT organization
B. The CISO has not implemented a policy management framework
C. The CISO does not report directly to the CEO of the organization
D. The CISO has not implemented a security awareness program
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN. Recently, members of your organization have been targeted through a number of sophisticated phishing attempts, resulting in compromised credentials.
What action can you take to prevent external misuse of compromised credentials while still allowing employees to manage their bank information?
A. Turn off VPN access for users originating from outside the country
B. Remove VPN access for all employees except for senior management
C. Enable monitoring on the VPN for suspicious activity
D. Block access to the Employee-Self Service application via VPN
You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget. Using the best business practices for project management you determine that the project correctly aligns with the company goals and the scope of the project is correct.
What is the NEXT step?
A. Verify resources
B. Review time schedules
C. Verify budget
D. Verify constraints
Scenario: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.
What phase of the response provides measures to reduce the likelihood of an incident from recurring?
A. Recovery
B. Follow-up
C. Response
D. Investigation
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?
A. Never
B. Quarterly
C. Annually
D. Semi-annually
Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified. The CISO has implemented remediation activities.
Which of the following is the MOST logical next step?
A. Validate the effectiveness of applied controls
B. Report the audit findings and remediation status to business stake holders
C. Validate security program resource requirements
D. Review security procedures to determine if they need modified according to findings
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.