Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 512-50 - EC-Council Information Security Manager (E|ISM)

ECCouncil 512-50 Premium Access     Download Demo    
Page: 6 / 13
Total 404 questions

Which of the following is used to lure attackers into false environments so they can be monitored, contained, or blocked from reaching critical systems?

A.

Segmentation controls.

B.

Shadow applications.

C.

Deception technology.

D.

Vulnerability management.

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.

Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?

A.

National Institute of Standards and Technology (NIST) Special Publication 800-53

B.

Payment Card Industry Digital Security Standard (PCI DSS)

C.

International Organization for Standardization – ISO 27001/2

D.

British Standard 7799 (BS7799)

As the CISO, you have been tasked with the execution of the company’s key management program. You

MUST ensure the integrity of encryption keys at the point of generation. Which principal of encryption key

control will ensure no single individual can constitute or re-constitute a key?

A.

Dual Control

B.

Separation of Duties

C.

Split Knowledge

D.

Least Privilege

A digital signature addresses which of the following concerns?

A.

Message alteration

B.

Message copying

C.

Message theft

D.

Unauthorized reading

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

After determining the audit findings are accurate, which of the following is the MOST logical next activity?

A.

Begin initial gap remediation analyses

B.

Review the security organization’s charter

C.

Validate gaps with the Information Technology team

D.

Create a briefing of the findings for executive management

File Integrity Monitoring (FIM) is considered a

A.

Network based security preventative control

B.

Software segmentation control

C.

Security detective control

D.

User segmentation control

The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called

A.

Security certification

B.

Security system analysis

C.

Security accreditation

D.

Alignment with business practices and goals.

What is meant by password aging?

A.

An expiration date set for passwords

B.

A Single Sign-On requirement

C.

Time in seconds a user is allocated to change a password

D.

The amount of time it takes for a password to activate

Smith, the project manager for a larger multi-location firm, is leading a software project team that has 18

members, 5 of which are assigned to testing. Due to recent recommendations by an organizational quality audit

team, the project manager is convinced to add a quality professional to lead to test team at additional cost to

the project.

The project manager is aware of the importance of communication for the success of the project and takes the

step of introducing additional communication channels, making it more complex, in order to assure quality

levels of the project. What will be the first project management document that Smith should change in order to

accommodate additional communication channels?

A.

WBS document

B.

Scope statement

C.

Change control document

D.

Risk management plan

Which regulation or policy governs protection of personally identifiable user data gathered during a cyber investigation?

A.

ITIL

B.

Privacy Act

C.

Sarbanes Oxley

D.

PCI-DSS