712-50 EC-Council Exam Questions and Free Practice Test

Question 73

- (Topic 5)
Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.
You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?

A. Conduct background checks on individuals before hiring them

B. Develop an Information Security Awareness program

C. Monitor employee browsing and surfing habits

D. Set your firewall permissions aggressively and monitor logs regularly.

Correct Answer::A

Question 74

- (Topic 3)
Your incident response plan should include which of the following?

A. Procedures for litigation

B. Procedures for reclamation

C. Procedures for classification

D. Procedures for charge-back

Correct Answer:C

Question 75

- (Topic 2)
An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?

A. Management Control

B. Technical Control

C. Training Control

D. Operational Control

Correct Answer:D

Question 76

- (Topic 1)
The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:

A. Contacting the Internet Service Provider for an IP scope

B. Getting authority to operate the system from executive management

C. Changing the default passwords

D. Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities

Correct Answer:B

Question 77

- (Topic 2)
Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

A. Meet regulatory compliance requirements

B. Better understand the threats and vulnerabilities affecting the environment

C. Better understand strengths and weaknesses of the program

D. Meet legal requirements

Correct Answer:C

Question 78

- (Topic 3)
The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):

A. Failed to identify all stakeholders and their needs

B. Deployed the encryption solution in an inadequate manner

C. Used 1024 bit encryption when 256 bit would have sufficed

D. Used hardware encryption instead of software encryption

Correct Answer:A

START 712-50 EXAM