Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 512-50 - EC-Council Information Security Manager (E|ISM)

Page: 8 / 13
Total 404 questions

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

This global retail company is expected to accept credit card payments. Which of the following is of MOST concern when defining a security program for this organization?

A.

International encryption restrictions

B.

Compliance to Payment Card Industry (PCI) data security standards

C.

Compliance with local government privacy laws

D.

Adherence to local data breach notification laws

When updating the security strategic planning document what two items must be included?

A.

Alignment with the business goals and the vision of the CIO

B.

The risk tolerance of the company and the company mission statement

C.

The executive summary and vision of the board of directors

D.

The alignment with the business goals and the risk tolerance

Which of the following is a common technology for visual monitoring?

A.

Closed circuit television

B.

Open circuit television

C.

Blocked video

D.

Local video

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

The organization has already been subject to a significant amount of credit card fraud. Which of the following is the MOST likely reason for this fraud?

A.

Lack of compliance to the Payment Card Industry (PCI) standards

B.

Ineffective security awareness program

C.

Security practices not in alignment with ISO 27000 frameworks

D.

Lack of technical controls when dealing with credit card data

A newly-hired CISO needs to understand the organization’s financial management standards for business units

and operations. Which of the following would be the best source of this information?

A.

The internal accounting department

B.

The Chief Financial Officer (CFO)

C.

The external financial audit service

D.

The managers of the accounts payables and accounts receivables teams

Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

A.

Senior Executives

B.

Office of the Auditor

C.

Office of the General Counsel

D.

All employees and users

Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

A.

Single Loss Expectancy (SLE)

B.

Exposure Factor (EF)

C.

Annualized Rate of Occurrence (ARO)

D.

Temporal Probability (TP)

Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?

A.

Single loss expectancy multiplied by the annual rate of occurrence

B.

Total loss expectancy multiplied by the total loss frequency

C.

Value of the asset multiplied by the loss expectancy

D.

Replacement cost multiplied by the single loss expectancy

Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?

A.

All vulnerabilities found on servers and desktops

B.

Only critical and high vulnerabilities on servers and desktops

C.

Only critical and high vulnerabilities that impact important production servers

D.

All vulnerabilities that impact important production servers

Which of the following organizations is typically in charge of validating the implementation and effectiveness of security controls?

A.

Security Administrators

B.

Internal/External Audit

C.

Risk Management

D.

Security Operations