712-50 EC-Council Exam Questions and Free Practice Test

Question 49

- (Topic 1)
When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?

A. How many credit card records are stored?

B. How many servers do you have?

C. What is the scope of the certification?

D. What is the value of the assets at risk?

Correct Answer:C

Question 50

- (Topic 5)
When dealing with risk, the information security practitioner may choose to:

A. assign

B. transfer

C. acknowledge

D. defer

Correct Answer:C

Question 51

- (Topic 2)
Which of the following reports should you as an IT auditor use to check on compliance with a service level agreement’s requirement for uptime?

A. Systems logs

B. Hardware error reports

C. Utilization reports

D. Availability reports

Correct Answer:D

Question 52

- (Topic 2)
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

A. A substantive test of program library controls

B. A compliance test of program library controls

C. A compliance test of the program compiler controls

D. A substantive test of the program compiler controls

Correct Answer:B

Question 53

- (Topic 1)
Information security policies should be reviewed:

A. by stakeholders at least annually

B. by the CISO when new systems are brought online

C. by the Incident Response team after an audit

D. by internal audit semiannually

Correct Answer:A

Question 54

- (Topic 5)
Involvement of senior management is MOST important in the development of:

A. IT security implementation plans.

B. Standards and guidelines.

C. IT security policies.

D. IT security procedures.

Correct Answer:C

START 712-50 EXAM