Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 512-50 - EC-Council Information Security Manager (E|ISM)

Page: 9 / 13
Total 404 questions

Creating a secondary authentication process for network access would be an example of?

A.

An administrator with too much time on their hands.

B.

Putting undue time commitment on the system administrator.

C.

Supporting the concept of layered security

D.

Network segmentation.

An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected to help stabilize the availability and integrity of the organization’s IT environment. Which of the following can be used to measure the effectiveness of this newly implemented process:

A.

Number of change orders rejected

B.

Number and length of planned outages

C.

Number of unplanned outages

D.

Number of change orders processed

A Chief Information Security Officer received a list of high, medium, and low impact audit findings. Which of the following represents the BEST course of action?

A.

If the findings impact regulatory compliance, try to apply remediation that will address the most findings for the least cost.

B.

If the findings do not impact regulatory compliance, remediate only the high and medium risk findings.

C.

If the findings impact regulatory compliance, remediate the high findings as quickly as possible.

D.

If the findings do not impact regulatory compliance, review current security controls.

Which of the following is a benefit of a risk-based approach to audit planning?

A.

Resources are allocated to the areas of the highest concern

B.

Scheduling may be performed months in advance

C.

Budgets are more likely to be met by the IT audit staff

D.

Staff will be exposed to a variety of technologies

Which of the following are primary concerns for management with regard to assessing internal control objectives?

A.

Confidentiality, Availability, Integrity

B.

Compliance, Effectiveness, Efficiency

C.

Communication, Reliability, Cost

D.

Confidentiality, Compliance, Cost

You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis. Which of the following activities will help you in this?

A.

Qualitative analysis

B.

Quantitative analysis

C.

Risk mitigation

D.

Estimate activity duration

Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?

A.

Servers, routers, switches, modem

B.

Firewall, exchange, web server, intrusion detection system (IDS)

C.

Firewall, anti-virus console, IDS, syslog

D.

IDS, syslog, router, switches

With respect to the audit management process, management response serves what function?

A.

placing underperforming units on notice for failing to meet standards

B.

determining whether or not resources will be allocated to remediate a finding

C.

adding controls to ensure that proper oversight is achieved by management

D.

revealing the “root cause” of the process failure and mitigating for all internal and external units

The risk found after a control has been fully implemented is called:

A.

Residual Risk

B.

Total Risk

C.

Post implementation risk

D.

Transferred risk

Which of the following illustrates an operational control process:

A.

Classifying an information system as part of a risk assessment

B.

Installing an appropriate fire suppression system in the data center

C.

Conducting an audit of the configuration management process

D.

Establishing procurement standards for cloud vendors