An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?
A. Payment Card Industry Data Security Standards (PCI-DSS)
B. International Organization for Standardizations 27005 (ISO-27005)
C. International Organization for Standardizations 27004 (ISO-27004)
D. Control Objectives for Information Technology (COBIT)
An organization's firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase.
What does this selection indicate?
A. A high threat environment
B. A low vulnerability environment
C. A high risk tolerance environment
D. A low risk tolerance environment
Which of the following is MOST important when dealing with an Information Security Steering committee?
A. Ensure that security policies and procedures have been vetted and approved.
B. Review all past audit and compliance reports.
C. Include a mix of members from different departments and staff levels.
D. Be briefed about new trends and products at each meeting by a vendor.
The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:
A. Getting authority to operate the system from executive management
B. Contacting the Internet Service Provider for an IP scope
C. Changing the default passwords
D. Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities
A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?
A. Enforce the existing security standards and do not allow the deployment of the new technology.
B. If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.
C. Amend the standard to permit the deployment.
D. Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.
What is the definition of Risk in Information Security?
A. Risk = Probability x Impact
B. Risk = Impact x Threat
C. Risk = Threat x Probability
D. Risk = Financial Impact x Probability
What is a difference from the list below between quantitative and qualitative Risk Assessment?
A. Quantitative risk assessments result in an exact number (in monetary terms)
B. Quantitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)
C. Qualitative risk assessments map to business objectives
D. Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)
You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?
A. Risk Mitigation
B. Risk Acceptance
C. Risk Avoidance
D. Risk Transfer
Credit card information, medical data, and government records are all examples of:
A. None
B. Communications Information
C. Bodily Information
D. Confidential/Protected Information
E. Territorial Information
You have implemented a new security control. Which of the following risk strategy options have you engaged in?
A. Risk Transfer
B. Risk Mitigation
C. Risk Avoidance
D. Risk Acceptance
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.