712-50 EC-Council Exam Questions and Free Practice Test

Question 43

- (Topic 1)
Which of the following is considered the MOST effective tool against social engineering?

A. Anti-phishing tools

B. Anti-malware tools

C. Effective Security Vulnerability Management Program

D. Effective Security awareness program

Correct Answer:D

Question 44

- (Topic 1)
What role should the CISO play in properly scoping a PCI environment?

A. Validate the business units’ suggestions as to what should be included in the scoping process

B. Work with a Qualified Security Assessor (QSA) to determine the scope of the PCI environment

C. Ensure internal scope validation is completed and that an assessment has been done to discover all credit card data

D. Complete the self-assessment questionnaire and work with an Approved Scanning Vendor (ASV) to determine scope

Correct Answer::C

Question 45

- (Topic 1)
A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

A. Providing a risk program governance structure

B. Ensuring developers include risk control comments in code

C. Creating risk assessment templates based on specific threats

D. Allowing for the acceptance of risk for regulatory compliance requirements

Correct Answer:A

Question 46

- (Topic 3)
An example of professional unethical behavior is:

A. Gaining access to an affiliated employee’s work email account as part of an officially sanctioned internal investigation

B. Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material

C. Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes

D. Storing client lists and other sensitive corporate internal documents on a removable thumb drive

Correct Answer:C

Question 47

- (Topic 5)
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
Once supervisors and data owners have approved requests, information system administrators will implement

A. Technical control(s)

B. Management control(s)

C. Policy control(s)

D. Operational control(s)

Correct Answer:A

Question 48

- (Topic 1)
The alerting, monitoring and life-cycle management of security related events is typically handled by the

A. security threat and vulnerability management process

B. risk assessment process

C. risk management process

D. governance, risk, and compliance tools

Correct Answer::A

START 712-50 EXAM