• Home
  • Articles
  • [Q34-Q59] Pass 712-50 Exam in First Attempt Guaranteed 100% Cover Real Exam Questions [Feb-2024]

[Q34-Q59] Pass 712-50 Exam in First Attempt Guaranteed 100% Cover Real Exam Questions [Feb-2024]

Share

Pass 712-50 Exam in First Attempt Guaranteed 100% Cover Real Exam Questions [Feb-2024]

Valid 712-50 test answers & EC-COUNCIL 712-50 exam pdf

NEW QUESTION # 34
Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.
You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?

  • A. Monitor employee browsing and surfing habits
  • B. Develop an Information Security Awareness program
  • C. Set your firewall permissions aggressively and monitor logs regularly.
  • D. Conduct background checks on individuals before hiring them

Answer: D


NEW QUESTION # 35
An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?

  • A. Management Control
  • B. Technical Control
  • C. Operational Control
  • D. Training Control

Answer: C


NEW QUESTION # 36
Which of the following refers to the quantity or quality of project deliverables expanding from the original project plan?

  • A. Deadline extension
  • B. Deliverable expansion
  • C. Scope creep
  • D. Scope modification

Answer: C


NEW QUESTION # 37
As the Chief Information Security Officer, you are performing an assessment of security posture to understand what your Defense-in-Depth capabilities are. Which network security technology examines network traffic flows to detect and actively stop vulnerability exploits and attacks?

  • A. Port Security
  • B. Anti-virus
  • C. Intrusion Prevention System
  • D. Gigamon

Answer: C

Explanation:
Explanation/Reference: https://searchsecurity.techtarget.com/definition/intrusion-prevention


NEW QUESTION # 38
The FIRST step in establishing a security governance program is to?

  • A. Obtain senior level sponsorship.
  • B. Conduct a risk assessment.
  • C. Prepare a security budget.
  • D. Conduct a workshop for all end users.

Answer: A


NEW QUESTION # 39
The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization's

  • A. Risk Management Program.
  • B. Identity and Access Management Program.
  • C. Security Awareness Program.
  • D. Anti-Spam controls.

Answer: C


NEW QUESTION # 40
Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.
You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?

  • A. Monitor employee browsing and surfing habits
  • B. Develop an Information Security Awareness program
  • C. Set your firewall permissions aggressively and monitor logs regularly.
  • D. Conduct background checks on individuals before hiring them

Answer: D


NEW QUESTION # 41
To get an Information Security project back on schedule, which of the following will provide the MOST help?

  • A. Stakeholder support
  • B. Upper management support
  • C. Extend work hours
  • D. More frequent project milestone meetings

Answer: B


NEW QUESTION # 42
Your company has limited resources to spend on security initiatives. The Chief Financial Officer asks you to prioritize the protection of information resources based on their value to the company. It is essential that you be able to communicate in language that your fellow executives will understand. You should:

  • A. Calculate annual loss expectancy
  • B. Create a detailed technical executive summary
  • C. Create timelines for mitigation
  • D. Develop a cost-benefit analysis

Answer: D


NEW QUESTION # 43
Which of the following is the MOST important benefit of an effective security governance process?

  • A. Reduction of security breaches
  • B. Better vendor management
  • C. Senior management participation in the incident response process
  • D. Reduction of liability and overall risk to the organization

Answer: D


NEW QUESTION # 44
The alerting, monitoring and life-cycle management of security related events is typically handled by the_________________.

  • A. governance, risk, and compliance tools
  • B. security threat and vulnerability management process
  • C. risk assessment process
  • D. risk management process

Answer: B

Explanation:
Explanation


NEW QUESTION # 45
Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

  • A. Exposure Factor (EF)
  • B. Single Loss Expectancy (SLE)
  • C. Annualized Rate of Occurrence (ARO)
  • D. Temporal Probability (TP)

Answer: C


NEW QUESTION # 46
What are the primary reasons for the development of a business case for a security project?

  • A. To understand the attack vectors and attack sources
  • B. To estimate risk and negate liability to the company
  • C. To communicate risk and forecast resource needs
  • D. To forecast usage and cost per software licensing

Answer: C


NEW QUESTION # 47
The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called

  • A. Security system analysis
  • B. Security certification
  • C. Alignment with business practices and goals.
  • D. Security accreditation

Answer: D


NEW QUESTION # 48
Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
How can you reduce the administrative burden of distributing symmetric keys for your employer?

  • A. Use asymmetric encryption for the automated distribution of the symmetric key
  • B. Symmetrically encrypt the key and then use asymmetric encryption to unencrypt it
  • C. Use certificate authority to distribute private keys
  • D. Use a self-generated key on both ends to eliminate the need for distribution

Answer: A


NEW QUESTION # 49
The regular review of a firewall ruleset is considered a

  • A. Procedural control
  • B. Organization control
  • C. Technical control
  • D. Management control

Answer: A


NEW QUESTION # 50
Which of the following is a benefit of a risk-based approach to audit planning?

  • A. Staff will be exposed to a variety of technologies
  • B. Scheduling may be performed months in advance
  • C. Budgets are more likely to be met by the IT audit staff
  • D. Resources are allocated to the areas of the highest concern

Answer: D


NEW QUESTION # 51
Scenario: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team. During initial investigation, the team suspects criminal activity but cannot initially prove or disprove illegal actions.
What is the MOST critical aspect of the team's activities?

  • A. Determination of the attack source
  • B. Eradication of malware and system restoration
  • C. Preservation of information
  • D. Regular communication of incident status to executives

Answer: C


NEW QUESTION # 52
Simon had all his systems administrators implement hardware and software firewalls to ensure network security. They implemented IDS/IPS systems throughout the network to check for and stop any unauthorized traffic that may attempt to enter. Although Simon and his administrators believed they were secure, a hacker group was able to get into the network and modify files hosted on the company's website. After searching through the firewall and server logs, no one could find how the attackers were able to get in. He decides that the entire network needs to be monitored for critical and essential file changes. This monitoring tool alerts administrators when a critical file is altered. What tool could Simon and his administrators implement to accomplish this?

  • A. They need to use Nessus.
  • B. They could use Tripwire.
  • C. They can implement Wireshark.
  • D. Snort is the best tool for their situation.

Answer: D

Explanation:
Explanation/Reference: https://searchnetworking.techtarget.com/definition/Snort


NEW QUESTION # 53
According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?

  • A. Susceptibility to attack, expected duration of attack, and mitigation availability
  • B. Susceptibility to attack, mitigation response time, and cost
  • C. Attack vectors, controls cost, and investigation staffing needs
  • D. Vulnerability exploitation, attack recovery, and mean time to repair

Answer: B


NEW QUESTION # 54
Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of________________.

  • A. Software segmentation controls
  • B. Network based security detective controls
  • C. User segmentation controls
  • D. Network based security preventative controls

Answer: D


NEW QUESTION # 55
The primary purpose of a risk register is to:

  • A. Coordinate the timing of scheduled risk assessments
  • B. Track individual risk assessments
  • C. Develop plans for mitigating identified risks
  • D. Maintain a log of discovered risks

Answer: D


NEW QUESTION # 56
Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.
What action should you take FIRST?

  • A. Consult with other C-Level executives to develop an action plan
  • B. Contact your local law enforcement agency
  • C. Contract with a credit reporting company for paid monitoring services for affected customers
  • D. Destroy the repository of stolen data

Answer: A


NEW QUESTION # 57
Who is responsible for securing networks during a security incident?

  • A. Incident response Team (IRT)
  • B. Disaster Recovery (DR) manager
  • C. Security Operations Center (SOC)
  • D. Chief Information Security Officer (CISO)

Answer: A


NEW QUESTION # 58
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
Which of the following is the reason the CISO has not been able to advance the security agenda in this organization?

  • A. Lack of a security awareness program
  • B. Lack of business continuity process
  • C. Lack of identification of technology stake holders
  • D. Lack of influence with leaders outside IT

Answer: D


NEW QUESTION # 59
......

712-50 Exam Questions – Valid 712-50 Dumps Pdf: https://www.validdumps.top/712-50-exam-torrent.html

Verified 712-50 dumps Q&As - Pass Guarantee: https://drive.google.com/open?id=1-vxISKv5bpwgFfR7XcYd7rY7lagBrLjT

Related Articles

more
EC-COUNCIL 712-50 Certification Practice Exam