Scenario: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed, and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization's needs.
What is the MOST logical course of action the CISO should take?
A. Cancel the project if the business need was based on internal requirements versus regulatory compliance requirements
B. Review the original solution set to determine if another system would fit the organization's risk appetite and budget regulatory compliance requirements
C. Continue with the project until the scalability issue is validated by others, such as an auditor or third party assessor.
D. Continue with the implementation and submit change requests to the vendor in order to ensure required functionality will be proved when needed
Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?
A. NIST and Privacy Regulations
B. NIST and Data Breach Notification Laws
C. ISO 27000 and Payment Card Industry Data Security Standards
D. ISO 27000 and Human resources best practices
Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations. You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?
A. Set your firewall permissions aggressively and monitor logs regularly.
B. Develop an Information Security Awareness program
C. Conduct background checks on individuals before hiring them
D. Monitor employee drowsing and surfing habits
Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified. The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning.
Which of the following is the MOST logical next step?
A. Create detailed remediation funding and staffing plans
B. Report the audit findings and remediation status to business stake holders
C. Validate the effectiveness of current controls
D. Review security procedures to determine if they need modified according to findings
Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Your Corporate Information Security Policy should include which of the following?
A. Roles and responsibilities
B. Information security theory
C. Incident response contacts
D. Desktop configuration standards
Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates. What is one proven method to account for common elements found within separate regulations and/or standards?
A. Design your program to meet the strictest government standards
B. Develop a crosswalk
C. Hire a GRC expert
D. Use the Find function of your word processor
Which of the following is a symmetric encryption algorithm?
A. 3DES
B. RSA
C. ECC
D. MD5
When analyzing and forecasting an operating expense budget what are not included?
A. New datacenter to operate from
B. Network connectivity costs
C. Software and hardware license fees
D. Utilities and power costs
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When formulating the remediation plan, what is a required input?
A. Board of directors
B. Latest virus definitions file
C. Patching history
D. Risk assessment
Which of the following functions evaluates risk present in IT initiatives and/or systems when implementing an information security program?
A. Risk Assessment
B. Risk Management
C. Vulnerability Assessment
D. System Testing
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.