A fully updated 2022 712-50 Exam Dumps exam guide from training expert PrepAwayPDF [Q249-Q272]

Rate this post

A fully updated 2022 712-50 Exam Dumps exam guide from training expert PrepAwayPDF

Provides complete coverage of every objective on exam and exam preparation 712-50

NO.249 A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

Ensuring developers include risk control comments in code

Creating risk assessment templates based on specific threats

Providing a risk program governance structure

Allowing for the acceptance of risk for regulatory compliance requirements

NO.250 Which of the following best summarizes the primary goal of a security program?

Provide security reporting to all levels of an organization

Create effective security awareness to employees

Manage risk within the organization

Assure regulatory compliance

NO.251 An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application.
Which of the following is MOST likely the reason for this recurring issue?

Lack of version/source controls

Lack of change management controls

Ineffective configuration management controls

High turnover in the application development department

NO.252 The PRIMARY objective of security awareness is to:

Encourage security-conscious employee behavior

Put employees on notice in case follow-up action for noncompliance is necessary

Ensure that security policies are read

Meet legal and regulatory requirements

NO.253 The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?

Organization control

Procedural control

Management control

Technical control

NO.254 Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network.
Which is the single most important factor to introducing digital evidence into a court of law?

Expert forensics witness

Fully trained network forensic expects to analyze all data right after the attack

Uninterrupted Chain of Custody

Comprehensive Log-Files from all servers and network devices affected during the attack

NO.255 A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets.
This demonstrates which of the following principles?

Increased security program presence

Regulatory compliance effectiveness

Security organizational policy enforcement

Proper organizational policy enforcement

NO.256 You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll.
Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff?

Employ an assumption of breach protocol and defend only essential information resources.

Deploy a SEIM solution and have current staff review incidents first in the morning

Configure your syslog to send SMS messages to current staff when target events are triggered.

Contract with a managed security provider and have current staff on recall for incident response

NO.257 Credit card information, medical data, and government records are all examples of:

Confidential/Protected Information

Bodily Information

Territorial Information

Communications Information

NO.258 What is a difference from the list below between quantitative and qualitative Risk Assessment?

Quantitative risk assessments result in an exact number (in monetary terms)

Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

Qualitative risk assessments map to business objectives

Quantitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

NO.259 Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agend a.
The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization. From an organizational perspective, which of the following is the LIKELY reason for this?

The CISO does not report directly to the CEO of the organization

The CISO reports to the IT organization

The CISO has not implemented a policy management framework

The CISO has not implemented a security awareness program

NO.260 The mean time to patch, number of virus outbreaks prevented, and number of vulnerabilities mitigated are examples of what type of performance metrics?

Risk metrics

Management metrics

Operational metrics

Compliance metrics

NO.261 You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis. Which of the following activities will help you in this?

Qualitative analysis

Quantitative analysis

Risk mitigation

Estimate activity duration

NO.262 To get an Information Security project back on schedule, which of the following will provide the MOST help?

Upper management support

More frequent project milestone meetings

Stakeholder support

Extend work hours

NO.263 In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?

High risk environments 6 months, low risk environments 12 months

Every 12 months

Every 18 months

Every six months

NO.264 In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool selection represents the BEST choice to achieve situational awareness?

Vmware, router, switch, firewall, syslog, vulnerability management system (VMS)

Intrusion Detection System (IDS), firewall, switch, syslog

Security Incident Event Management (SIEM), IDS, router, syslog

SIEM, IDS, firewall, VMS

NO.265 The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

Well established and defined digital forensics process

Establishing Enterprise-owned Botnets for preemptive attacks

Be able to retaliate under the framework of Active Defense

Collaboration with law enforcement

NO.266 The total cost of security controls should:

Be equal to the value of the information resource being protected

Be greater than the value of the information resource being protected

Be less than the value of the information resource being protected

Should not matter, as long as the information resource is protected

NO.267 An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied. What is the NEXT logical step in applying the controls in the organization?

Determine the risk tolerance

Perform an asset classification

Create an architecture gap analysis

Analyze existing controls on systems

NO.268 Which of the following information may be found in table top exercises for incident response?

Security budget augmentation

Process improvements

Real-time to remediate

Security control selection

NO.269 A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes.
Which of the following represents the MOST LIKELY cause of this situation?

Poor audit support for the security program

Poor alignment of the security program to business needs

This is normal since business units typically resist security requirements

A lack of executive presence within the security program

NO.270 An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied.
What is the NEXT logical step in applying the controls in the organization?

Determine the risk tolerance

Perform an asset classification

Analyze existing controls on systems

Create an architecture gap analysis

NO.271 Which of the following activities results in change requests?

Preventive actions

Inspection

Defect repair

Corrective actions

NO.272 Which of the following is the MOST important benefit of an effective security governance process?

Senior management participation in the incident response process

Better vendor management

Reduction of security breaches

Reduction of liability and overall risk to the organization

Tested Material Used To 712-50: https://www.prepawaypdf.com/EC-COUNCIL/712-50-practice-exam-dumps.html

A fully updated 2022 712-50 Exam Dumps exam guide from training expert PrepAwayPDF [Q249-Q272]

admin

Leave a Reply Cancel reply

Related posts:

admin

You might also like

Leave a Reply Cancel reply