A method to transfer risk is to______________.
A. Implement redundancy
B. Move operations to another region
C. Align to business operations
D. Purchase breach insurance
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised.
What kind of law would require notifying the owner or licensee of this incident?
A. Consumer right disclosure
B. Data breach disclosure
C. Special circumstance disclosure
D. Security incident disclosure
A security manager regularly checks work areas after business hours for security violations; such as unsecured files or unattended computers with active sessions.
This activity BEST demonstrates what part of a security program?
A. Compliance management
B. Audit validation
C. Physical control testing
D. Security awareness training
Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?
A. Need to comply with breach disclosure laws
B. Fiduciary responsibility to safeguard credit information
C. Need to transfer the risk associated with hosting PII data
D. Need to better understand the risk associated with using PII data
Which of the following is the MOST important benefit of an effective security governance process?
A. Senior management participation in the incident response process
B. Better vendor management
C. Reduction of security breaches
D. Reduction of liability and overall risk to the organization
A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units.
Which of the following standards and guidelines can BEST address this organization's need?
A. International Organization for Standardizations ?22301 (ISO-22301)
B. Information Technology Infrastructure Library (ITIL)
C. Payment Card Industry Data Security Standards (PCI-DSS)
D. International Organization for Standardizations ?27005 (ISO-27005)
When briefing senior management on the creation of a governance process, the MOST important aspect should be:
A. knowledge required to analyze each issue
B. information security metrics
C. linkage to business area objectives
D. baseline against which metrics are evaluated
Which of the following should be determined while defining risk management strategies?
A. Organizational objectives and risk tolerance
B. Enterprise disaster recovery plans
C. Risk assessment criteria
D. IT architecture complexity
When selecting a security solution with recurring maintenance costs after the first year, the CISO should:
A. Defer selection until the market improves and cash flow is positive
B. Implement the solution and ask for the increased operating cost budget when it is time
C. Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution's continued use
D. Cut other essential programs to ensure the new solution's continued use
What does RACI stand for?
A. Reasonable, Actionable, Controlled, and Implemented
B. Responsible, Actors, Consult, and Instigate
C. Responsible, Accountable, Consulted, and Informed
D. Review, Act, Communicate, and Inform
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.