[Free] 2018(Jan) EnsurePass Dumpsleader ECCouncil 712-50 Dumps with VCE and PDF 161-170

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan ECCouncil Official New Released 712-50
100% Free Download! 100% Pass Guaranteed!

EC-Council Certified CISO (CCISO)

Question No: 161 – (Topic 2)

An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the NEXT step?

  1. Determine the annual loss expectancy (ALE)

  2. Create a crisis management plan

  3. Create technology recovery plans

  4. Build a secondary hot site

Answer: C

Question No: 162 – (Topic 2)

The remediation of a specific audit finding is deemed too expensive and will not be implemented. Which of the following is a TRUE statement?

  1. The asset is more expensive than the remediation

  2. The audit finding is incorrect

  3. The asset being protected is less valuable than the remediation costs

  4. The remediation costs are irrelevant; it must be implemented regardless of cost.

Answer: C

Question No: 163 – (Topic 2)

Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?

  1. Plan-Check-Do-Act

  2. Plan-Do-Check-Act

  3. Plan-Select-Implement-Evaluate

  4. SCORE (Security Consensus Operational Readiness Evaluation)

Answer: B

Question No: 164 – (Topic 2)

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

  1. ISO 27001

  2. PRINCE2

  3. ISO 27004

  4. ITILv3

Answer: C

Question No: 165 – (Topic 2)

Which of the following best describes the purpose of the International Organization for Standardization (ISO) 27002 standard?

  1. To give information security management recommendations to those who are responsible for initiating, implementing, or maintaining security in their organization.

  2. To provide a common basis for developing organizational security standards

  3. To provide effective security management practice and to provide confidence in inter- organizational dealings

  4. To established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization

Answer: D

Question No: 166 – (Topic 2)

Which of the following activities must be completed BEFORE you can calculate risk?

  1. Determining the likelihood that vulnerable systems will be attacked by specific threats

  2. Calculating the risks to which assets are exposed in their current setting

  3. Assigning a value to each information asset

  4. Assessing the relative risk facing the organization’s information assets

Answer: C

Question No: 167 – (Topic 2)

Control Objectives for Information and Related Technology (COBIT) is which of the following?

  1. An Information Security audit standard

  2. An audit guideline for certifying secure systems and controls

  3. A framework for Information Technology management and governance

  4. A set of international regulations for Information Technology governance

Answer: C

Question No: 168 – (Topic 2)

The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees. Which of the following can be used as a KPI?

  1. Number of callers who report security issues.

  2. Number of callers who report a lack of customer service from the call center

  3. Number of successful social engineering attempts on the call center

  4. Number of callers who abandon the call before speaking with a representative

Answer: C

Question No: 169 – (Topic 2)

Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

  1. Single Loss Expectancy (SLE)

  2. Exposure Factor (EF)

  3. Annualized Rate of Occurrence (ARO)

  4. Temporal Probability (TP)

Answer: C

Question No: 170 – (Topic 2)

The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to

  1. assign the responsibility to the information security team.

  2. assign the responsibility to the team responsible for the management of the controls.

  3. create operational reports on the effectiveness of the controls.

  4. perform an independent audit of the security controls.

Answer: D

100% Ensurepass Free Download!
Download Free Demo:712-50 Demo PDF
100% Ensurepass Free Guaranteed!
712-50 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.