Information security policies should be reviewed _____________________.
A. by the internal audit semiannually
B. by the CISO when new systems are brought online
C. by the Incident Response team after an audit
D. by stakeholders at least annually
An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security___________.
A. Technical control
B. Management control
C. Procedural control
D. Administrative control
Dataflow diagrams are used by IT auditors to:
A. Graphically summarize data paths and storage processes.
B. Order data hierarchically
C. Highlight high-level data definitions
D. Portray step-by-step details of data generation.
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
A. ISO 27001
B. ISO 27004
C. PRINCE2
D. ITILv3
The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for:
A. Integrity and Availability
B. Assurance, Compliance and Availability
C. International Compliance
D. Confidentiality, Integrity and Availability
The Information Security Management program MUST protect:
A. Audit schedules and findings
B. Intellectual property released into the public domain
C. all organizational assets
D. critical business processes and revenue streams
Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?
A. Value of the asset multiplied by the loss expectancy
B. Replacement cost multiplied by the single loss expectancy
C. Single loss expectancy multiplied by the annual rate of occurrence
D. Total loss expectancy multiplied by the total loss frequency
Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights.
Which of the following would be the MOST concerning?
A. Failure to notify police of an attempted intrusion
B. Lack of reporting of a successful denial of service attack on the network.
C. Lack of periodic examination of access rights
D. Lack of notification to the public of disclosure of confidential information
When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?
A. When there is a variety of technologies deployed in the infrastructure.
B. When it results in an overall lower cost of operating the security program.
C. When there is a need to develop a more unified incident response capability.
D. When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.
Risk that remains after risk mitigation is known as_____________.
A. Accepted risk
B. Residual risk
C. Non-tolerated risk
D. Persistent risk
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.