Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 512-50 - EC-Council Information Security Manager (E|ISM)

ECCouncil 512-50 Premium Access     Download Demo    
Page: 3 / 13
Total 404 questions

An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?

A.

Ineffective configuration management controls

B.

Lack of change management controls

C.

Lack of version/source controls

D.

High turnover in the application development department

Which of the following is a major benefit of applying risk levels?

A.

Risk management governance becomes easier since most risks remain low once mitigated

B.

Resources are not wasted on risks that are already managed to an acceptable level

C.

Risk budgets are more easily managed due to fewer identified risks as a result of using a methodology

D.

Risk appetite can increase within the organization once the levels are understood

Which of the following methodologies references the recommended industry standard that Information security project managers should follow?

A.

The Security Systems Development Life Cycle

B.

The Security Project And Management Methodology

C.

Project Management System Methodology

D.

Project Management Body of Knowledge

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

A.

At the time the security services are being performed and the vendor needs access to the network

B.

Once the agreement has been signed and the security vendor states that they will need access to the network

C.

Once the vendor is on premise and before they perform security services

D.

Prior to signing the agreement and before any security services are being performed

The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):

A.

Failed to identify all stakeholders and their needs

B.

Deployed the encryption solution in an inadequate manner

C.

Used 1024 bit encryption when 256 bit would have sufficed

D.

Used hardware encryption instead of software encryption

Which of the following backup sites takes the longest recovery time?

A.

Cold site

B.

Hot site

C.

Warm site

D.

Mobile backup site

The process of identifying and classifying assets is typically included in the

A.

Threat analysis process

B.

Asset configuration management process

C.

Business Impact Analysis

D.

Disaster Recovery plan

The process for identifying, collecting, and producing digital information in support of legal proceedings is called

A.

chain of custody.

B.

electronic discovery.

C.

evidence tampering.

D.

electronic review.

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

A.

In-line hardware keyloggers don’t require physical access

B.

In-line hardware keyloggers don’t comply to industry regulations

C.

In-line hardware keyloggers are undetectable by software

D.

In-line hardware keyloggers are relatively inexpensive

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

A.

Shared key

B.

Asynchronous

C.

Open

D.

None