712-50 EC-Council Exam Questions and Free Practice Test

Question 67

- (Topic 3)
You are the CISO of a commercial social media organization. The leadership wants to rapidly create new methods of sharing customer data through creative linkages with mobile devices. You have voiced concern about privacy regulations but the velocity of the business is given priority. Which of the following BEST describes this organization?

A. Risk averse

B. Risk tolerant

C. Risk conditional

D. Risk minimal

Correct Answer:B

Question 68

- (Topic 5)
Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Your Corporate Information Security Policy should include which of the following?

A. Information security theory

B. Roles and responsibilities

C. Incident response contacts

D. Desktop configuration standards

Correct Answer:B

Question 69

- (Topic 1)
Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?

A. Need to comply with breach disclosure laws

B. Need to transfer the risk associated with hosting PII data

C. Need to better understand the risk associated with using PII data

D. Fiduciary responsibility to safeguard credit card information

Correct Answer:C

Question 70

- (Topic 1)
When dealing with a risk management process, asset classification is important because it will impact the overall:

A. Threat identification

B. Risk monitoring

C. Risk treatment

D. Risk tolerance

Correct Answer:C

Question 71

- (Topic 1)
The single most important consideration to make when developing your security program, policies, and processes is:

A. Budgeting for unforeseen data compromises

B. Streamlining for efficiency

C. Alignment with the business

D. Establishing your authority as the Security Executive

Correct Answer:C

Question 72

- (Topic 5)
Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has
full access to the data on the foreign server.
Your defenses did not hold up to the test as originally thought. As you investigate how the data was compromised through log analysis you discover that a hardworking, but misguided business intelligence analyst posted the data to an obfuscated URL on a popular cloud storage service so they could work on it from home during their off-time. Which technology or solution could you deploy to prevent employees from removing corporate data from your network? Choose the BEST answer.

A. Security Guards posted outside the Data Center

B. Data Loss Prevention (DLP)

C. Rigorous syslog reviews

D. Intrusion Detection Systems (IDS)

Correct Answer:B

START 712-50 EXAM