712-50 EC-Council Exam Questions and Free Practice Test

Question 79

- (Topic 5)
SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
The CISO has implemented remediation activities. Which of the following is the MOST logical next step?

A. Validate the effectiveness of applied controls

B. Validate security program resource requirements

C. Report the audit findings and remediation status to business stake holders

D. Review security procedures to determine if they need modified according to findings

Correct Answer:A

Question 80

- (Topic 1)
When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?

A. When there is a need to develop a more unified incident response capability.

B. When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.

C. When there is a variety of technologies deployed in the infrastructure.

D. When it results in an overall lower cost of operating the security program.

Correct Answer:B

Question 81

- (Topic 5)
When updating the security strategic planning document what two items must be included?

A. Alignment with the business goals and the vision of the CIO

B. The risk tolerance of the company and the company mission statement

C. The executive summary and vision of the board of directors

D. The alignment with the business goals and the risk tolerance

Correct Answer:D

Question 82

- (Topic 1)
The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:

A. Due Protection

B. Due Care

C. Due Compromise

D. Due process

Correct Answer:B

Question 83

- (Topic 2)
How often should an environment be monitored for cyber threats, risks, and exposures?

A. Weekly

B. Monthly

C. Quarterly

D. Daily

Correct Answer:D

Question 84

- (Topic 4)
The process of creating a system which divides documents based on their security level to manage access to private data is known as

A. security coding

B. data security system

C. data classification

D. privacy protection

Correct Answer:C

START 712-50 EXAM