[Free] 2019(Nov) EnsurePass ECCouncil 712-50 Dumps with VCE and PDF 141-150

Get Full Version of the Exam

Question No.141

You are the Chief Information Security Officer of a large, multinational bank and you suspect

there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

  1. Validate that security awareness program content includes information about the potential vulnerability

  2. Conduct a thorough risk assessment against the current implementation to determine system functions

  3. Determine program ownership to implement compensating controls

  4. Send a report to executive peers and business unit owners detailing your suspicions

Correct Answer: B

Question No.142

Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology?

  1. ISO 27001

  2. ISO 27002

  3. ISO 27004

  4. ISO 27005

Correct Answer: D

Question No.143

With respect to the audit management process, management response serves what function?

  1. placing underperforming units on notice for failing to meet standards

  2. determining whether or not resources will be allocated to remediate a finding

  3. adding controls to ensure that proper oversight is achieved by management

  4. revealing the quot;root causequot; of the process failure and mitigating for all internal and external units

Correct Answer: B

Question No.144

A Chief Information Security Officer received a list of high, medium, and low impact audit findings. Which of the following represents the BEST course of action?

  1. If the findings impact regulatory compliance, try to apply remediation that will address the most findings for the least cost.

  2. If the findings do not impact regulatory compliance, remediate only the high and medium risk findings.

  3. If the findings impact regulatory compliance, remediate the high findings as quickly as possible.

  4. If the findings do not impact regulatory compliance, review current security controls.

Correct Answer: C

Question No.145

During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

  1. Identify and evaluate the existing controls.

  2. Disclose the threats and impacts to management.

  3. Identify information assets and the underlying systems.

  4. Identify and assess the risk assessment process used by management.

Correct Answer: A

Question No.146

An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the senior computer operator. The most appropriate course of action for the IT auditor is to:

  1. Inform senior management of the risk involved.

  2. Agree to work with the security officer on these shifts as a form of preventative control.

  3. Develop a computer assisted audit technique to detect instances of abuses of the arrangement.

  4. Review the system log for each of the late night shifts to determine whether any irregular actions occurred.

Correct Answer: A

Question No.147

Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?

  1. Servers, routers, switches, modem

  2. Firewall, exchange, web server, intrusion detection system (IDS)

  3. Firewall, anti-virus console, IDS, syslog

  4. IDS, syslog, router, switches

Correct Answer: C

Question No.148

The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because

  1. The IT team is not familiar in IT audit practices

  2. This represents a bad implementation of the Least Privilege principle

  3. This represents a conflict of interest

  4. The IT team is not certified to perform audits

Correct Answer: C

Question No.149

Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?

  1. Control Objective for Information Technology (COBIT)

  2. Committee of Sponsoring Organizations (COSO)

  3. Payment Card Industry (PCI)

  4. Information Technology Infrastructure Library (ITIL)

Correct Answer: A

Question No.150

How often should an environment be monitored for cyber threats, risks, and exposures?

  1. Weekly

  2. Monthly

  3. Quarterly

  4. Daily

Correct Answer: D

Get Full Version of the Exam
712-50 Dumps
712-50 VCE and PDF

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.