Which of the following is a benefit of information security governance?
A. Direct involvement of senior management in developing control processes
B. Reduction of the potential for civil and legal liability
C. Questioning the trust in vendor relationships
D. Increasing the risk of decisions based on incomplete management information
You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the
A. Relative likelihood of event
B. Controlled mitigation effort
C. Risk impact comparison
D. Comparative threat analysis
When dealing with a risk management process, asset classification is important because it will impact the overall:
A. Threat identification
B. Risk treatment
C. Risk monitoring
D. Risk tolerance
If your organization operates under a model of "assumption of breach", you should:
A. Establish active firewall monitoring protocols
B. Purchase insurance for your compliance liability
C. Focus your security efforts on high value assets
D. Protect all information resource assets equally
Which of the following is a MAJOR consideration when an organization retains sensitive customer data and uses this data to better target the organization's products and services?
A. Strong authentication technologies
B. Financial reporting regulations
C. Credit card compliance and regulations
D. Local privacy laws
The single most important consideration to make when developing your security program, policies, and processes is:
A. Alignment with the business
B. Budgeting for unforeseen data compromises
C. Establishing your authority as the Security Executive
D. Streaming for efficiency
In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?
A. Every 18 months
B. Every 12 months
C. High risk environments 6 months, low-risk environments 12 months
D. Every 6 months
An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied.
What is the NEXT logical step in applying the controls in the organization?
A. Determine the risk tolerance
B. Perform an asset classification
C. Analyze existing controls on systems
D. Create an architecture gap analysis
The alerting, monitoring and life-cycle management of security related events is typically handled by the_________________.
A. risk management process
B. risk assessment process
C. governance, risk, and compliance tools
D. security threat and vulnerability management process
A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen, and the database server was disconnected.
Who must be informed of this incident?
A. Internal audit
B. The data owner
C. All executive staff
D. Government regulators
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.