712-50 EC-Council Exam Questions and Free Practice Test

Question 37

- (Topic 5)
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO’s approach to security?

A. Lack of risk management process

B. Lack of sponsorship from executive management

C. IT security centric agenda

D. Compliance centric agenda

Correct Answer:C

Question 38

- (Topic 2)
Which is the BEST solution to monitor, measure, and report changes to critical data in a system?

A. Application logs

B. File integrity monitoring

C. SNMP traps

D. Syslog

Correct Answer:B

Question 39

- (Topic 1)
Which of the following is a critical operational component of an Incident Response Program (IRP)?

A. Weekly program budget reviews to ensure the percentage of program funding remains constant.

B. Annual review of program charters, policies, procedures and organizational agreements.

C. Daily monitoring of vulnerability advisories relating to your organization’s deployed technologies.

D. Monthly program tests to ensure resource allocation is sufficient for supporting the needs of the organization

Correct Answer:C

Question 40

- (Topic 3)
An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?

A. Ineffective configuration management controls

B. Lack of change management controls

C. Lack of version/source controls

D. High turnover in the application development department

Correct Answer:C

Question 41

- (Topic 2)
Which of the following are necessary to formulate responses to external audit findings?

A. Internal Audit, Management, and Technical Staff

B. Internal Audit, Budget Authority, Management

C. Technical Staff, Budget Authority, Management

D. Technical Staff, Internal Audit, Budget Authority

Correct Answer:C

Question 42

- (Topic 5)
SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
Which of the following is the FIRST action the CISO will perform after receiving the audit report?

A. Inform peer executives of the audit results

B. Validate gaps and accept or dispute the audit findings

C. Create remediation plans to address program gaps

D. Determine if security policies and procedures are adequate

Correct Answer:B

START 712-50 EXAM