EC-Council 712-50 Test Prep 2021

NEW QUESTION 1
A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims. Which of the following vendor provided documents is BEST to make your decision:

• A. Vendor’s client list of reputable organizations currently using their solution
• B. Vendor provided attestation of the detailed security controls from a reputable accounting firm
• C. Vendor provided reference from an existing reputable client detailing their implementation
• D. Vendor provided internal risk assessment and security control documentation

Answer: B

NEW QUESTION 2
The success of the Chief Information Security Officer is MOST dependent upon:

• A. favorable audit findings
• B. following the recommendations of consultants and contractors
• C. development of relationships with organization executives
• D. raising awareness of security issues with end users

Answer: C

NEW QUESTION 3
You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?

• A. Execute
• B. Read
• C. Administrator
• D. Public

Answer: D

NEW QUESTION 4
Which of the following illustrates an operational control process:

• A. Classifying an information system as part of a risk assessment
• B. Installing an appropriate fire suppression system in the data center
• C. Conducting an audit of the configuration management process
• D. Establishing procurement standards for cloud vendors

Answer: B

NEW QUESTION 5
As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.
1.Covering tracks 2.Scanning and enumeration 3.Maintaining Access 4.Reconnaissance
5.Gaining Access

• A. 4, 2, 5, 3, 1
• B. 2, 5, 3, 1, 4
• C. 4, 5, 2, 3, 1
• D. 4, 3, 5, 2, 1

Answer: A

NEW QUESTION 6
Scenario: You are the CISO and are required to brief the C-level executive team on your information security audit for the year. During your review of the audit findings you discover that many of the controls that were put in place the previous year to correct some of the findings are not performing as needed. You have thirty days until the briefing.
To formulate a remediation plan for the non-performing controls what other document do you need to review before adjusting the controls?

• A. Business Impact Analysis
• B. Business Continuity plan
• C. Security roadmap
• D. Annual report to shareholders

Answer: A

NEW QUESTION 7
Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.
What is one proven method to account for common elements found within separate
regulations and/or standards?

• A. Hire a GRC expert
• B. Use the Find function of your word processor
• C. Design your program to meet the strictest government standards
• D. Develop a crosswalk

Answer: D

NEW QUESTION 8
Regulatory requirements typically force organizations to implement

• A. Mandatory controls
• B. Discretionary controls
• C. Optional controls
• D. Financial controls

Answer: A

NEW QUESTION 9
Which represents PROPER separation of duties in the corporate environment?

• A. Information Security and Identity Access Management teams perform two distinct functions
• B. Developers and Network teams both have admin rights on servers
• C. Finance has access to Human Resources data
• D. Information Security and Network teams perform two distinct functions

Answer: D

NEW QUESTION 10
You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

• A. Controlled mitigation effort
• B. Risk impact comparison
• C. Relative likelihood of event
• D. Comparative threat analysis

Answer: C

NEW QUESTION 11
You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don’t know what to do. What is the BEST approach to handle this situation?

• A. Tell the team to do their best and respond to each alert
• B. Tune the sensors to help reduce false positives so the team can react better
• C. Request additional resources to handle the workload
• D. Tell the team to only respond to the critical and high alerts

Answer: B

NEW QUESTION 12
Risk is defined as:

• A. Threat times vulnerability divided by control
• B. Advisory plus capability plus vulnerability
• C. Asset loss times likelihood of event
• D. Quantitative plus qualitative impact

Answer: A

NEW QUESTION 13
An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?

• A. Management Control
• B. Technical Control
• C. Training Control
• D. Operational Control

Answer: D

NEW QUESTION 14
Which of the following are necessary to formulate responses to external audit findings?

• A. Internal Audit, Management, and Technical Staff
• B. Internal Audit, Budget Authority, Management
• C. Technical Staff, Budget Authority, Management
• D. Technical Staff, Internal Audit, Budget Authority

Answer: C

NEW QUESTION 15
Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?

• A. Plan-Check-Do-Act
• B. Plan-Do-Check-Act
• C. Plan-Select-Implement-Evaluate
• D. SCORE (Security Consensus Operational Readiness Evaluation)

Answer: B

NEW QUESTION 16
Which of the following is MOST important when dealing with an Information Security Steering committee:

• A. Include a mix of members from different departments and staff levels.
• B. Ensure that security policies and procedures have been vetted and approved.
• C. Review all past audit and compliance reports.
• D. Be briefed about new trends and products at each meeting by a vendor.

Answer: C

NEW QUESTION 17
Payment Card Industry (PCI) compliance requirements are based on what criteria?

• A. The types of cardholder data retained
• B. The duration card holder data is retained
• C. The size of the organization processing credit card data
• D. The number of transactions performed per year by an organization

Answer: D

NEW QUESTION 18
Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”
Which group of people should be consulted when developing your security program?

• A. Peers
• B. End Users
• C. Executive Management
• D. All of the above

Answer: D

NEW QUESTION 19
The FIRST step in establishing a security governance program is to?

• A. Conduct a risk assessment.
• B. Obtain senior level sponsorship.
• C. Conduct a workshop for all end users.
• D. Prepare a security budget.

Answer: B