712-50 EC-Council Exam Questions and Free Practice Test

Question 13

- (Topic 2)
As the new CISO at the company you are reviewing the audit reporting process and notice that it includes only detailed technical diagrams. What else should be in the reporting process?

A. Executive summary

B. Penetration test agreement

C. Names and phone numbers of those who conducted the audit

D. Business charter

Correct Answer:A

Question 14

- (Topic 1)
Payment Card Industry (PCI) compliance requirements are based on what criteria?

A. The types of cardholder data retained

B. The duration card holder data is retained

C. The size of the organization processing credit card data

D. The number of transactions performed per year by an organization

Correct Answer:D

Question 15

- (Topic 2)
Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?

A. International Organization for Standardization 27001

B. National Institute of Standards and Technology Special Publication SP 800-12

C. Request For Comment 2196

D. National Institute of Standards and Technology Special Publication SP 800-26

Correct Answer:A

Question 16

- (Topic 2)
Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?

A. Single loss expectancy multiplied by the annual rate of occurrence

B. Total loss expectancy multiplied by the total loss frequency

C. Value of the asset multiplied by the loss expectancy

D. Replacement cost multiplied by the single loss expectancy

Correct Answer:A

Question 17

- (Topic 5)
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
What type of control is being implemented by supervisors and data owners?

A. Management

B. Operational

C. Technical

D. Administrative

Correct Answer:B

Question 18

- (Topic 1)
According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?

A. Identify threats, risks, impacts and vulnerabilities

B. Decide how to manage risk

C. Define the budget of the Information Security Management System

D. Define Information Security Policy

Correct Answer:D

START 712-50 EXAM