Which type of scan is used on the eye to measure the layer of blood vessels?
A. Facial recognition scan
B. Iris scan
C. Signature kinetics scan
D. Retinal scan
A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company's building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?
A. Shoulder surfing
B. Tailgating
C. Social engineering
D. Mantrap
Which type of physical security control scan a person's external features through a digital video camera before granting access to a restricted area?
A. Iris scan
B. Retinal scan
C. Facial recognition scan
D. Signature kinetics scan
Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target company. Just as the employee opens the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so that he can enter. What is the best way to undermine the social engineering activity of tailgating?
A. Post a sign that states, "no tailgating" next to the special card reader adjacent to the secure door
B. Issue special cards to access secure doors at the company and provide a one-time only brief description of use of the special card
C. Educate and enforce physical security policies of the company to all the employees on a regular basis
D. Setup a mock video camera next to the special card reader adjacent to the secure door
Scenario: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.
In what phase of the response will the team extract information from the affected systems without altering original data?
A. Follow-up
B. Recovery
C. Response
D. Investigation
When creating contractual agreements and procurement processes why should security requirements be included?
A. To make sure the security process aligns with the vendor's security process
B. To make sure they are added on after the process is completed
C. To make sure the costs of security is included and understood
D. To make sure the patching process is included with the costs
Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
How can you reduce the administrative burden of distributing symmetric keys for your employer?
A. Use certificate authority to distribute private keys
B. Symmetrically encrypt the key and then use asymmetric encryption to unencrypt it
C. Use a self-generated key on both ends to eliminate the need for distribution
D. Use asymmetric encryption for the automated distribution of symmetric key
Scenario: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization's needs. The CISO discovers the scalability issue will only impact a small number of network segments.
What is the next logical step to ensure the proper application of risk management methodology within the two-factor implementation project?
A. Decide to accept the risk on behalf of the impacted business units
B. Create new use cases for operational use of the solution
C. Report the deficiency to the audit team and create process exceptions
D. Determine if sufficient mitigating controls can be applied
Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
Symmetric encryption in general is preferable to asymmetric encryption when:
A. The number of unique communication links is large
B. The distance to the end node is farthest away
C. The volume of data being transmitted is small
D. The speed of the encryption / deciphering process is essential
Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant, but it is expected to grow to a global customer base of many millions of customers in just a few years.
Which of the following would be the FIRST step when addressing Information Security formally and consistently in this organization?
A. Define formal roles and responsibilities for Information Security
B. Define formal roles and responsibilities for Internal audit functions
C. Create an executive security steering committee
D. Contract a third party to perform a security risk assessment
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.