Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 512-50 - EC-Council Information Security Manager (E|ISM)

Page: 7 / 13
Total 404 questions

Using the Transport Layer Security (TLS) protocol enables a client in a network to be:

A.

Provided with a digital signature

B.

Assured of the server’s identity

C.

Identified by a network

D.

Registered by the server

As the Business Continuity Coordinator of a financial services organization, you are responsible for ensuring assets are recovered timely in the event of a disaster. Which is the BEST Disaster Recovery performance indicator to validate that you are prepared for a disaster?

A.

Recovery Point Objective (RPO)

B.

Disaster Recovery Plan

C.

Recovery Time Objective (RTO)

D.

Business Continuity Plan

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.

Recently, members of your organization have been targeted through a number of sophisticated phishing attempts and have compromised their system credentials. What action can you take to prevent the misuse of compromised credentials to change bank account information from outside your organization while still allowing employees to manage their bank information?

A.

Turn off VPN access for users originating from outside the country

B.

Enable monitoring on the VPN for suspicious activity

C.

Force a change of all passwords

D.

Block access to the Employee-Self Service application via VPN

A system is designed to dynamically block offending Internet IP-addresses from requesting services from a secure website. This type of control is considered

A.

Zero-day attack mitigation

B.

Preventive detection control

C.

Corrective security control

D.

Dynamic blocking control

Acceptable levels of information security risk tolerance in an organization should be determined by?

A.

Corporate legal counsel

B.

CISO with reference to the company goals

C.

CEO and board of director

D.

Corporate compliance committee

Which of the following best describes a portfolio?

A.

The portfolio is used to manage and track individual projects

B.

The portfolio is used to manage incidents and events

C.

A portfolio typically consists of several programs

D.

A portfolio delivers one specific service or program to the business

As the CISO you need to write the IT security strategic plan. Which of the following is the MOST important to review before you start writing the plan?

A.

The existing IT environment.

B.

The company business plan.

C.

The present IT budget.

D.

Other corporate technology trends.

If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business,

they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they

will be in the organization. How would you prevent such type of attacks?

A.

Conduct thorough background checks before you engage them

B.

Hire the people through third-party job agencies who will vet them for you

C.

Investigate their social networking profiles

D.

It is impossible to block these attacks

Which of the following information would MOST likely be reported at the board-level within an organization?

A.

System scanning trends and results as they pertain to insider and external threat sources

B.

The capabilities of a security program in terms of staffing support

C.

Significant risks and security incidents that have been discovered since the last assembly of the

membership

D.

The numbers and types of cyberattacks experienced by the organization since the last assembly of the

membership

During the last decade, what trend has caused the MOST serious issues in relation to physical security?

A.

Data is more portable due to the increased use of smartphones and tablets

B.

The move from centralized computing to decentralized computing

C.

Camera systems have become more economical and expanded in their use

D.

The internet of Things allows easy compromise of cloud-based systems