Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 512-50 - EC-Council Information Security Manager (E|ISM)

Page: 11 / 13
Total 404 questions

A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?

A.

Enforce the existing security standards and do not allow the deployment of the new technology.

B.

Amend the standard to permit the deployment.

C.

If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.

D.

Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.

An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?

A.

International Organization for Standardizations – 27004 (ISO-27004)

B.

Payment Card Industry Data Security Standards (PCI-DSS)

C.

Control Objectives for Information Technology (COBIT)

D.

International Organization for Standardizations – 27005 (ISO-27005)

In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?

A.

High risk environments 6 months, low risk environments 12 months

B.

Every 12 months

C.

Every 18 months

D.

Every six months

The exposure factor of a threat to your organization is defined by?

A.

Asset value times exposure factor

B.

Annual rate of occurrence

C.

Annual loss expectancy minus current cost of controls

D.

Percentage of loss experienced due to a realized threat event

Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?

A.

Security officer

B.

Data owner

C.

Vulnerability engineer

D.

System administrator

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?

A.

Lack of a formal security awareness program

B.

Lack of a formal security policy governance process

C.

Lack of formal definition of roles and responsibilities

D.

Lack of a formal risk management policy

Which of the following functions MUST your Information Security Governance program include for formal organizational reporting?

A.

Audit and Legal

B.

Budget and Compliance

C.

Human Resources and Budget

D.

Legal and Human Resources

What is the relationship between information protection and regulatory compliance?

A.

That all information in an organization must be protected equally.

B.

The information required to be protected by regulatory mandate does not have to be identified in the organizations data classification policy.

C.

That the protection of some information such as National ID information is mandated by regulation and other information such as trade secrets are protected based on business need.

D.

There is no relationship between the two.

You have implemented a new security control. Which of the following risk strategy options have you engaged in?

A.

Risk Avoidance

B.

Risk Acceptance

C.

Risk Transfer

D.

Risk Mitigation

A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?

A.

Information Technology Infrastructure Library (ITIL)

B.

International Organization for Standardization (ISO) standards

C.

Payment Card Industry Data Security Standards (PCI-DSS)

D.

National Institute for Standards and Technology (NIST) standard