712-50 EC-Council Exam Questions and Free Practice Test

Question 85

- (Topic 1)
Which of the following functions MUST your Information Security Governance program include for formal organizational reporting?

A. Audit and Legal

B. Budget and Compliance

C. Human Resources and Budget

D. Legal and Human Resources

Correct Answer:A

Question 86

- (Topic 3)
Which of the following is a major benefit of applying risk levels?

A. Risk management governance becomes easier since most risks remain low once mitigated

B. Resources are not wasted on risks that are already managed to an acceptable level

C. Risk budgets are more easily managed due to fewer identified risks as a result of using a methodology

D. Risk appetite can increase within the organization once the levels are understood

Correct Answer:B

Question 87

- (Topic 2)
Control Objectives for Information and Related Technology (COBIT) is which of the following?

A. An Information Security audit standard

B. An audit guideline for certifying secure systems and controls

C. A framework for Information Technology management and governance

D. A set of international regulations for Information Technology governance

Correct Answer:C

Question 88

- (Topic 5)
Which of the following provides an independent assessment of a vendor’s internal security controls and overall posture?

A. Alignment with business goals

B. ISO27000 accreditation

C. PCI attestation of compliance

D. Financial statements

Correct Answer:B

Question 89

- (Topic 5)
Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.
What is one proven method to account for common elements found within separate
regulations and/or standards?

A. Hire a GRC expert

B. Use the Find function of your word processor

C. Design your program to meet the strictest government standards

D. Develop a crosswalk

Correct Answer:D

Question 90

- (Topic 1)
When briefing senior management on the creation of a governance process, the MOST important aspect should be:

A. information security metrics.

B. knowledge required to analyze each issue.

C. baseline against which metrics are evaluated.

D. linkage to business area objectives.

Correct Answer:D

START 712-50 EXAM