Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

ECCouncil 512-50 - EC-Council Information Security Manager (E|ISM)

ECCouncil 512-50 Premium Access     Download Demo    
Page: 1 / 13
Total 404 questions

The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?

A.

The company lacks a risk management process

B.

The company does not believe the security vulnerabilities to be real

C.

The company has a high risk tolerance

D.

The company lacks the tools to perform a vulnerability assessment

Which of the following are not stakeholders of IT security projects?

A.

Board of directors

B.

Third party vendors

C.

CISO

D.

Help Desk

Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?

A.

System testing

B.

Risk assessment

C.

Incident response

D.

Planning

Which of the following represents the BEST method of ensuring security program alignment to business needs?

A.

Create a comprehensive security awareness program and provide success metrics to business units

B.

Create security consortiums, such as strategic security planning groups, that include business unit participation

C.

Ensure security implementations include business unit testing and functional validation prior to production rollout

D.

Ensure the organization has strong executive-level security representation through clear sponsorship or the creation of a CISO role

A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?

A.

Security alignment to business goals

B.

Regulatory compliance effectiveness

C.

Increased security program presence

D.

Proper organizational policy enforcement

The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?

A.

Work with the IT group and tell them to put IPS in-line and say it won’t cause any network impact

B.

Explain to the IT group that the IPS won’t cause any network impact because it will fail open

C.

Explain to the IT group that this is a business need and the IPS will fail open however, if there is a network failure the CISO will accept responsibility

D.

Explain to the IT group that the IPS will fail open once in-line however it will be deployed in monitor mode for a set period of time to ensure that it doesn’t block any legitimate traffic

A recommended method to document the respective roles of groups and individuals for a given process is to:

A.

Develop a detailed internal organization chart

B.

Develop a telephone call tree for emergency response

C.

Develop an isolinear response matrix with cost benefit analysis projections

D.

Develop a Responsible, Accountable, Consulted, Informed (RACI) chart

Which of the following is the BEST indicator of a successful project?

A.

it is completed on time or early as compared to the baseline project plan

B.

it meets most of the specifications as outlined in the approved project definition

C.

it comes in at or below the expenditures planned for in the baseline budget

D.

the deliverables are accepted by the key stakeholders

Which of the following information may be found in table top exercises for incident response?

A.

Security budget augmentation

B.

Process improvements

C.

Real-time to remediate

D.

Security control selection

When considering using a vendor to help support your security devices remotely, what is the BEST choice for allowing access?

A.

Vendors uses their own laptop and logins with same admin credentials your security team uses

B.

Vendor uses a company supplied laptop and logins using two factor authentication with same admin credentials your security team uses

C.

Vendor uses a company supplied laptop and logins using two factor authentication with their own unique credentials

D.

Vendor uses their own laptop and logins using two factor authentication with their own unique credentials