EC-Council Certified CISO v1.0 (712-50)

Page:    1 / 27   
Total 399 questions

Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights.
Which of the following would be the MOST concerning?

  • A. Failure to notify police of an attempted intrusion
  • B. Lack of reporting of a successful denial of service attack on the network.
  • C. Lack of periodic examination of access rights
  • D. Lack of notification to the public of disclosure of confidential information


Answer : D

Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?

  • A. Value of the asset multiplied by the loss expectancy
  • B. Replacement cost multiplied by the single loss expectancy
  • C. Single loss expectancy multiplied by the annual rate of occurrence
  • D. Total loss expectancy multiplied by the total loss frequency


Answer : C

The Information Security Management program MUST protect:

  • A. Audit schedules and findings
  • B. Intellectual property released into the public domain
  • C. all organizational assets
  • D. critical business processes and revenue streams


Answer : D

Dataflow diagrams are used by IT auditors to:

  • A. Graphically summarize data paths and storage processes.
  • B. Order data hierarchically
  • C. Highlight high-level data definitions
  • D. Portray step-by-step details of data generation.


Answer : A

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

  • A. ISO 27001
  • B. ISO 27004
  • C. PRINCE2
  • D. ITILv3


Answer : B

The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for:

  • A. Integrity and Availability
  • B. Assurance, Compliance and Availability
  • C. International Compliance
  • D. Confidentiality, Integrity and Availability


Answer : D

An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security___________.

  • A. Technical control
  • B. Management control
  • C. Procedural control
  • D. Administrative control


Answer : B

Information security policies should be reviewed _____________________.

  • A. by the internal audit semiannually
  • B. by the CISO when new systems are brought online
  • C. by the Incident Response team after an audit
  • D. by stakeholders at least annually


Answer : D

Risk is defined as:

  • A. Quantitative plus qualitative impact
  • B. Asset loss times likelihood of event
  • C. Advisory plus capability plus vulnerability
  • D. Threat times vulnerability divided by control


Answer : D

In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

  • A. The organization uses exclusively a qualitative process to measure risk
  • B. The organization"™s risk tolerance is low
  • C. The organization uses exclusively a quantitative process to measure risk
  • D. The organization"™s risk tolerance is high


Answer : D

The regular review of a firewall ruleset is considered a _______________________.

  • A. Procedural control
  • B. Organization control
  • C. Management control
  • D. Technical control


Answer : A

The exposure factor of a threat to your organization is defined by?

  • A. Annual loss expectancy minus current cost of controls
  • B. Percentage of loss experienced due to a realized threat event
  • C. Asset value times exposure factor
  • D. Annual rate of occurrence


Answer : B

The Information Security Governance program MUST:

  • A. integrate with other organizational governance processes
  • B. show a return on investment for the organization
  • C. integrate with other organizational governance processes
  • D. support user choice for Bring Your Own Device (BYOD)


Answer : C

You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation throughout the entire organization?

  • A. Chief Executive Officer
  • B. Chief Information Officer
  • C. Chief Information Security Officer
  • D. Chief Information Officer


Answer : A

Which of the following is a benefit of a risk-based approach to audit planning?

  • A. Resources are allocated to the areas of the highest concern
  • B. Scheduling may be performed months in advance
  • C. Budgets are more likely to be met by the IT audit staff
  • D. Staff will be exposed to a variety of technologies


Answer : A

Page:    1 / 27   
Total 399 questions