Eccouncil 712-50 practice test

EC-Council Certified CISO Exam

Last exam update: Dec 15 ,2024
Page 1 out of 30. Viewing questions 1-15 out of 449

Question 1

Devising controls for information security is a balance between?

  • A. Governance and compliance
  • B. Auditing and security
  • C. Budget and risk tolerance
  • D. Threats and vulnerabilities
Mark Question:
Answer:

C


Reference:
https://www.cybok.org/media/downloads/cybok_version_1.0.pdf

User Votes:
A 1 votes
50%
B
50%
C 2 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

From the CISOs perspective in looking at financial statements, the statement of retained earnings of
an organization:

  • A. Has a direct correlation with the CISO’s budget
  • B. Represents, in part, the savings generated by the proper acquisition and implementation of security controls
  • C. Represents the sum of all capital expenditures
  • D. Represents the percentage of earnings that could in part be used to finance future security controls
Mark Question:
Answer:

D


Reference:
https://www.investopedia.com/terms/s/statement-of-retained-earnings.asp

User Votes:
A
50%
B 1 votes
50%
C
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

An organization has decided to develop an in-house BCM capability. The organization has
determined it is best to follow a BCM standard published by the International Organization for
Standardization (ISO).
The BEST ISO standard to follow that outlines the complete lifecycle of BCM is?

  • A. ISO 22318 Supply Chain Continuity
  • B. ISO 27031 BCM Readiness
  • C. ISO 22301 BCM Requirements
  • D. ISO 22317 BIA
Mark Question:
Answer:

C


Reference:
https://www.smartsheet.com/content/iso-22301-business-continuity-guide

User Votes:
A
50%
B 1 votes
50%
C 2 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

What is an approach to estimating the strengths and weaknesses of alternatives used to determine
options, which provide the BEST approach to achieving benefits while preserving savings called?

  • A. Business Impact Analysis
  • B. Economic Impact analysis
  • C. Return on Investment
  • D. Cost-benefit analysis
Mark Question:
Answer:

D


Reference:
https://artsandculture.google.com/entity/cost%E2%80%93benefit-
analysis/m020w0x?hl=en

User Votes:
A
50%
B
50%
C
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

When managing a project, the MOST important activity in managing the expectations of stakeholders
is:

  • A. To force stakeholders to commit ample resources to support the project
  • B. To facilitate proper communication regarding outcomes
  • C. To assure stakeholders commit to the project start and end dates in writing
  • D. To finalize detailed scope of the project at project initiation
Mark Question:
Answer:

B


Reference:
https://www.greycampus.com/blog/project-management/stakeholder-management-
what-is-it-and-why-is-it-so-important

User Votes:
A
50%
B 1 votes
50%
C 1 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

What are the common data hiding techniques used by criminals?

  • A. Unallocated space and masking
  • B. Website defacement and log manipulation
  • C. Disabled Logging and admin elevation
  • D. Encryption, Steganography, and Changing Metadata/Timestamps
Mark Question:
Answer:

D


Reference:
https://cisomag.eccouncil.org/challenges-and-applications-of-digital-forensics/

User Votes:
A
50%
B
50%
C
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

An auditor is reviewing the security classifications for a group of assets and finds that many of the
assets are not correctly classified.
What should the auditors NEXT step be?

  • A. Immediately notify the board of directors of the organization as to the finding
  • B. Correct the classifications immediately based on the auditors knowledge of the proper classification
  • C. Document the missing classifications
  • D. Identify the owner of the asset and induce the owner to apply a proper classification
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C 2 votes
50%
D 1 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

In defining a strategic security plan for an organization, what should a CISO first analyze?

  • A. Reach out to a business similar to yours and ask for their plan
  • B. Set goals that are difficult to attain to drive more productivity
  • C. Review business acquisitions for the past 3 years
  • D. Analyze the broader organizational strategic plan
Mark Question:
Answer:

D


Reference:
https://securityintelligence.com/the-importance-of-building-an-information-security-
strategic-plan/

User Votes:
A
50%
B
50%
C
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

You have been promoted to the CISO of a big-box retail store chain reporting to the Chief Information
Officer (CIO). The CIOs first mandate to you is to develop a cybersecurity compliance framework that
will meet all the stores compliance requirements.
Which of the following compliance standard is the MOST important to the organization?

  • A. The Federal Risk and Authorization Management Program (FedRAMP)
  • B. ISO 27002
  • C. NIST Cybersecurity Framework
  • D. Payment Card Industry (PCI) Data Security Standard (DSS)
Mark Question:
Answer:

D


Reference:
https://searchcompliance.techtarget.com/definition/PCI-DSS-Payment-Card-Industry-
Data-Security-Standard

User Votes:
A
50%
B
50%
C
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which of the following is the MOST effective method to counter phishing attacks?

  • A. User awareness and training
  • B. Host based Intrusion Detection System (IPS)
  • C. Acceptable use guide signed by all system users
  • D. Antispam solution
Mark Question:
Answer:

A


Reference:
https://aware.eccouncil.org/4-best-ways-to-stop-phishing-with-security-awareness.html

User Votes:
A 2 votes
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

What is a key policy that should be part of the information security plan?

  • A. Account management policy
  • B. Training policy
  • C. Acceptable Use policy
  • D. Remote Access policy
Mark Question:
Answer:

C


Reference:
https://www.exabeam.com/information-security/information-security-policy/

User Votes:
A 1 votes
50%
B
50%
C 1 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

A CISO must conduct risk assessments using a method where the Chief Financial Officer (CFO)
receives impact data in financial terms to use as input to select the proper level of coverage in a new
cybersecurity insurance policy.
What is the MOST effective method of risk analysis to provide the CFO with the information
required?

  • A. Conduct a quantitative risk assessment
  • B. Conduct a hybrid risk assessment
  • C. Conduct a subjective risk assessment
  • D. Conduct a qualitative risk assessment
Mark Question:
Answer:

D

User Votes:
A 1 votes
50%
B
50%
C
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

As the CISO, you are the project sponsor for a highly visible log management project. The objective of
the project is to centralize all the enterprise logs into a security information and event management
(SIEM) system. You requested the results of the performance quality audits activity.
The performance quality audit activity is done in what project management process group?

  • A. Executing
  • B. Controlling
  • C. Planning
  • D. Closing
Mark Question:
Answer:

A


Reference:
https://blog.masterofproject.com/executing-process-group-project-
management/#:~:text=Executing%20Process%20Group%20Activity%20%2310,of%20the%20project
%20are%20met

User Votes:
A 1 votes
50%
B 2 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor
security operations during off-hours. To reduce the impact of staff shortages and increase coverage
during off-hours, the SecOps manager is considering outsourcing off-hour coverage.
What Security Operations Center (SOC) model does this BEST describe?

  • A. Virtual SOC
  • B. In-house SOC
  • C. Security Network Operations Center (SNOC)
  • D. Hybrid SOC
Mark Question:
Answer:

A


Reference:
https://www.techtarget.com/searchsecurity/tip/Benefits-of-virtual-SOCs-Enterprise-run-
vs-fully-managed

User Votes:
A 2 votes
50%
B
50%
C
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

What is the primary difference between regulations and standards?

  • A. Standards will include regulations
  • B. Standards that aren’t followed are punishable by fines
  • C. Regulations are made enforceable by the power provided by laws
  • D. Regulations must be reviewed and approved by the business
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C 2 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2