[Free] 2019(Nov) EnsurePass ECCouncil 712-50 Dumps with VCE and PDF 291-300

Get Full Version of the Exam
http://www.EnsurePass.com/712-50.html

Question No.291

Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified. The CISO has validated audit findings, determined if compensating

controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?

  1. Validate the effectiveness of current controls

  2. Create detailed remediation funding and staffing plans

  3. Report the audit findings and remediation status to business stake holders

  4. Review security procedures to determine if they need modified according to findings

Correct Answer: C

Question No.292

Scenario: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization#39;s needs. The CISO is unsure of the information provided and orders a vendor proof of concept to validate the system#39;s scalability. This demonstrates which of the following?

  1. An approach that allows for minimum budget impact if the solution is unsuitable

  2. A methodology-based approach to ensure authentication mechanism functions

  3. An approach providing minimum time impact to the implementation schedules

  4. A risk-based approach to determine if the solution is suitable for investment

Correct Answer: D

Question No.293

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs. When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?

  1. Annually

  2. Semi-annually

  3. Quarterly

  4. Never

Correct Answer: D

Question No.294

The new CISO was informed of all the Information Security projects that the organization has in progress. Two projects are over a year behind schedule and over budget. Using best business practices for project management you determine that the project correctly aligns with the company goals. Which of the following needs to be performed NEXT?

  1. Verify the scope of the project

  2. Verify the regulatory requirements

  3. Verify technical resources

  4. Verify capacity constraints

Correct Answer: C

Question No.295

When dealing with risk, the information security practitioner may choose to:

  1. assign

  2. transfer

  3. acknowledge

  4. defer

Correct Answer: C

Question No.296

The newly appointed CISO of an organization is reviewing the IT security strategic plan. Which of the following is the MOST important component of the strategic plan?

  1. There is integration between IT security and business staffing.

  2. There is a clear definition of the IT security mission and vision.

  3. There is an auditing methodology in place.

  4. The plan requires return on investment for all security projects.

Correct Answer: B

Question No.297

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self- Service application. All employees have access to the organizational VPN. The organization wants a more permanent solution to the threat to user credential compromise through phishing.

What technical solution would BEST address this issue?

  1. Professional user education on phishing conducted by a reputable vendor

  2. Multi-factor authentication employing hard tokens

  3. Forcing password changes every 90 days

  4. Decreasing the number of employees with administrator privileges

Correct Answer: B

Question No.298

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self- Service application. All employees have access to the organizational VPN. Recently, members of your organization have been targeted through a number of sophisticated phishing attempts and have compromised their system credentials. What action can you take to prevent the misuse of

compromised credentials to change bank account information from outside your organization while still allowing employees to manage their bank information?

  1. Turn off VPN access for users originating from outside the country

  2. Enable monitoring on the VPN for suspicious activity

  3. Force a change of all passwords

  4. Block access to the Employee-Self Service application via VPN

Correct Answer: D

Question No.299

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years. Which of the following would be the FIRST step when addressing Information Security formally and consistently in this organization?

  1. Contract a third party to perform a security risk assessment

  2. Define formal roles and responsibilities for Internal audit functions

  3. Define formal roles and responsibilities for Information Security

  4. Create an executive security steering committee

Correct Answer: C

Question No.300

Involvement of senior management is MOST important in the development of:

  1. IT security implementation plans.

  2. Standards and guidelines.

  3. IT security policies.

  4. IT security procedures.

Correct Answer: C

Get Full Version of the Exam
712-50 Dumps
712-50 VCE and PDF

Leave a Reply

Your email address will not be published. Required fields are marked *

Proudly powered by WordPress