Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

ECCouncil 512-50 EC-Council Information Security Manager (E|ISM) Exam Practice Test

Demo: 60 questions
Total 404 questions

EC-Council Information Security Manager (E|ISM) Questions and Answers

Question 1

In effort to save your company money which of the following methods of training results in the lowest cost for the organization?

Options:

A.

Distance learning/Web seminars

B.

Formal Class

C.

One-One Training

D.

Self –Study (noncomputerized)

Question 2

Which of the following are the triple constraints of project management?

Options:

A.

Time, quality, and scope

B.

Cost, quality, and time

C.

Scope, time, and cost

D.

Quality, scope, and cost

Question 3

You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll. Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff? (choose the best answer):

Options:

A.

Deploy a SEIM solution and have current staff review incidents first thing in the morning

B.

Contract with a managed security provider and have current staff on recall for incident response

C.

Configure your syslog to send SMS messages to current staff when target events are triggered

D.

Employ an assumption of breach protocol and defend only essential information resources

Question 4

What oversight should the information security team have in the change management process for application security?

Options:

A.

Information security should be informed of changes to applications only

B.

Development team should tell the information security team about any application security flaws

C.

Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production

D.

Information security should be aware of all application changes and work with developers before changes are deployed in production

Question 5

Which of the following best summarizes the primary goal of a security program?

Options:

A.

Provide security reporting to all levels of an organization

B.

Create effective security awareness to employees

C.

Manage risk within the organization

D.

Assure regulatory compliance

Question 6

The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?

Options:

A.

Work with the IT group and tell them to put IPS in-line and say it won’t cause any network impact

B.

Explain to the IT group that the IPS won’t cause any network impact because it will fail open

C.

Explain to the IT group that this is a business need and the IPS will fail open however, if there is a network failure the CISO will accept responsibility

D.

Explain to the IT group that the IPS will fail open once in-line however it will be deployed in monitor mode for a set period of time to ensure that it doesn’t block any legitimate traffic

Question 7

An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?

Options:

A.

Ineffective configuration management controls

B.

Lack of change management controls

C.

Lack of version/source controls

D.

High turnover in the application development department

Question 8

How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?

Options:

A.

Quarterly

B.

Semi-annually

C.

Bi-annually

D.

Annually

Question 9

Which of the following is the BEST indicator of a successful project?

Options:

A.

it is completed on time or early as compared to the baseline project plan

B.

it meets most of the specifications as outlined in the approved project definition

C.

it comes in at or below the expenditures planned for in the baseline budget

D.

the deliverables are accepted by the key stakeholders

Question 10

The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?

Options:

A.

The company lacks a risk management process

B.

The company does not believe the security vulnerabilities to be real

C.

The company has a high risk tolerance

D.

The company lacks the tools to perform a vulnerability assessment

Question 11

You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don’t know what to do. What is the BEST approach to handle this situation?

Options:

A.

Tell the team to do their best and respond to each alert

B.

Tune the sensors to help reduce false positives so the team can react better

C.

Request additional resources to handle the workload

D.

Tell the team to only respond to the critical and high alerts

Question 12

The ultimate goal of an IT security projects is:

Options:

A.

Increase stock value

B.

Complete security

C.

Support business requirements

D.

Implement information security policies

Question 13

Which of the following represents the HIGHEST negative impact resulting from an ineffective security governance program?

Options:

A.

Reduction of budget

B.

Decreased security awareness

C.

Improper use of information resources

D.

Fines for regulatory non-compliance

Question 14

What role should the CISO play in properly scoping a PCI environment?

Options:

A.

Validate the business units’ suggestions as to what should be included in the scoping process

B.

Work with a Qualified Security Assessor (QSA) to determine the scope of the PCI environment

C.

Ensure internal scope validation is completed and that an assessment has been done to discover all credit card data

D.

Complete the self-assessment questionnaire and work with an Approved Scanning Vendor (ASV) to determine scope

Question 15

The FIRST step in establishing a security governance program is to?

Options:

A.

Conduct a risk assessment.

B.

Obtain senior level sponsorship.

C.

Conduct a workshop for all end users.

D.

Prepare a security budget.

Question 16

Which of the following is considered the MOST effective tool against social engineering?

Options:

A.

Anti-phishing tools

B.

Anti-malware tools

C.

Effective Security Vulnerability Management Program

D.

Effective Security awareness program

Question 17

When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?

Options:

A.

When there is a need to develop a more unified incident response capability.

B.

When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.

C.

When there is a variety of technologies deployed in the infrastructure.

D.

When it results in an overall lower cost of operating the security program.

Question 18

Risk is defined as:

Options:

A.

Threat times vulnerability divided by control

B.

Advisory plus capability plus vulnerability

C.

Asset loss times likelihood of event

D.

Quantitative plus qualitative impact

Question 19

Why is it vitally important that senior management endorse a security policy?

Options:

A.

So that they will accept ownership for security within the organization.

B.

So that employees will follow the policy directives.

C.

So that external bodies will recognize the organizations commitment to security.

D.

So that they can be held legally accountable.

Question 20

Risk appetite directly affects what part of a vulnerability management program?

Options:

A.

Staff

B.

Scope

C.

Schedule

D.

Scan tools

Question 21

You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation throughout the entire organization?

Options:

A.

Chief Information Security Officer

B.

Chief Executive Officer

C.

Chief Information Officer

D.

Chief Legal Counsel

Question 22

Which of the following international standards can be BEST used to define a Risk Management process in an organization?

Options:

A.

National Institute for Standards and Technology 800-50 (NIST 800-50)

B.

International Organization for Standardizations – 27005 (ISO-27005)

C.

Payment Card Industry Data Security Standards (PCI-DSS)

D.

International Organization for Standardizations – 27004 (ISO-27004)

Question 23

Which of the following is MOST important when dealing with an Information Security Steering committee:

Options:

A.

Include a mix of members from different departments and staff levels.

B.

Ensure that security policies and procedures have been vetted and approved.

C.

Review all past audit and compliance reports.

D.

Be briefed about new trends and products at each meeting by a vendor.

Question 24

An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?

Options:

A.

Data breach disclosure

B.

Consumer right disclosure

C.

Security incident disclosure

D.

Special circumstance disclosure

Question 25

Which of the following is the MOST effective method for discovering common technical vulnerabilities within the

IT environment?

Options:

A.

Reviewing system administrator logs

B.

Auditing configuration templates

C.

Checking vendor product releases

D.

Performing system scans

Question 26

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.

Recently, members of your organization have been targeted through a number of sophisticated phishing attempts and have compromised their system credentials. What action can you take to prevent the misuse of compromised credentials to change bank account information from outside your organization while still allowing employees to manage their bank information?

Options:

A.

Turn off VPN access for users originating from outside the country

B.

Enable monitoring on the VPN for suspicious activity

C.

Force a change of all passwords

D.

Block access to the Employee-Self Service application via VPN

Question 27

Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.

Which of the following will be most helpful for getting an Information Security project that is behind schedule back on schedule?

Options:

A.

Upper management support

B.

More frequent project milestone meetings

C.

More training of staff members

D.

Involve internal audit

Question 28

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?

Options:

A.

Validate the effectiveness of current controls

B.

Create detailed remediation funding and staffing plans

C.

Report the audit findings and remediation status to business stake holders

D.

Review security procedures to determine if they need modified according to findings

Question 29

Annual Loss Expectancy is derived from the function of which two factors?

Options:

A.

Annual Rate of Occurrence and Asset Value

B.

Single Loss Expectancy and Exposure Factor

C.

Safeguard Value and Annual Rate of Occurrence

D.

Annual Rate of Occurrence and Single Loss Expectancy

Question 30

Human resource planning for security professionals in your organization is a:

Options:

A.

Simple and easy task because the threats are getting easier to find and correct.

B.

Training requirement that is met through once every year user training.

C.

Training requirement that is on-going and always changing.

D.

Not needed because automation and anti-virus software has eliminated the threats.

Question 31

Which type of physical security control scan a person’s external features through a digital video camera before

granting access to a restricted area?

Options:

A.

Iris scan

B.

Retinal scan

C.

Facial recognition scan

D.

Signature kinetics scan

Question 32

What are the three stages of an identity and access management system?

Options:

A.

Authentication, Authorize, Validation

B.

Provision, Administration, Enforcement

C.

Administration, Validation, Protect

D.

Provision, Administration, Authentication

Question 33

Your company has limited resources to spend on security initiatives. The Chief Financial Officer asks you to prioritize the protection of information resources based on their value to the company. It is essential that you be able to communicate in language that your fellow executives will understand. You should:

Options:

A.

Create timelines for mitigation

B.

Develop a cost-benefit analysis

C.

Calculate annual loss expectancy

D.

Create a detailed technical executive summary

Question 34

An organization has a number of Local Area Networks (LANs) linked to form a single Wide Area Network

(WAN). Which of the following would BEST ensure network continuity?

Options:

A.

Third-party emergency repair contract

B.

Pre-built servers and routers

C.

Permanent alternative routing

D.

Full off-site backup of every server

Question 35

Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.

Symmetric encryption in general is preferable to asymmetric encryption when:

Options:

A.

The number of unique communication links is large

B.

The volume of data being transmitted is small

C.

The speed of the encryption / deciphering process is essential

D.

The distance to the end node is farthest away

Question 36

Which of the following defines the boundaries and scope of a risk assessment?

Options:

A.

The risk assessment schedule

B.

The risk assessment framework

C.

The risk assessment charter

D.

The assessment context

Question 37

Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

Options:

A.

Single Loss Expectancy (SLE)

B.

Exposure Factor (EF)

C.

Annualized Rate of Occurrence (ARO)

D.

Temporal Probability (TP)

Question 38

Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?

Options:

A.

Control Objective for Information Technology (COBIT)

B.

Committee of Sponsoring Organizations (COSO)

C.

Payment Card Industry (PCI)

D.

Information Technology Infrastructure Library (ITIL)

Question 39

Creating a secondary authentication process for network access would be an example of?

Options:

A.

An administrator with too much time on their hands.

B.

Putting undue time commitment on the system administrator.

C.

Supporting the concept of layered security

D.

Network segmentation.

Question 40

The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to

Options:

A.

assign the responsibility to the information security team.

B.

assign the responsibility to the team responsible for the management of the controls.

C.

create operational reports on the effectiveness of the controls.

D.

perform an independent audit of the security controls.

Question 41

When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?

Options:

A.

Daily

B.

Hourly

C.

Weekly

D.

Monthly

Question 42

The patching and monitoring of systems on a consistent schedule is required by?

Options:

A.

Local privacy laws

B.

Industry best practices

C.

Risk Management frameworks

D.

Audit best practices

Question 43

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

Options:

A.

Validate that security awareness program content includes information about the potential vulnerability

B.

Conduct a thorough risk assessment against the current implementation to determine system functions

C.

Determine program ownership to implement compensating controls

D.

Send a report to executive peers and business unit owners detailing your suspicions

Question 44

With respect to the audit management process, management response serves what function?

Options:

A.

placing underperforming units on notice for failing to meet standards

B.

determining whether or not resources will be allocated to remediate a finding

C.

adding controls to ensure that proper oversight is achieved by management

D.

revealing the “root cause” of the process failure and mitigating for all internal and external units

Question 45

Which of the following is the MOST important goal of risk management?

Options:

A.

Identifying the risk

B.

Finding economic balance between the impact of the risk and the cost of the control

C.

Identifying the victim of any potential exploits.

D.

Assessing the impact of potential threats

Question 46

Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

Options:

A.

A substantive test of program library controls

B.

A compliance test of program library controls

C.

A compliance test of the program compiler controls

D.

A substantive test of the program compiler controls

Question 47

A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding. Which of the following is the MOST likely reason for the organization to reject the implementation of the recommended technology and processes?

Options:

A.

The auditors have not followed proper auditing processes

B.

The CIO of the organization disagrees with the finding

C.

The risk tolerance of the organization permits this risk

D.

The organization has purchased cyber insurance

Question 48

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

Options:

A.

ISO 27001

B.

PRINCE2

C.

ISO 27004

D.

ITILv3

Question 49

Which of the following is a symmetric encryption algorithm?

Options:

A.

3DES

B.

MD5

C.

ECC

D.

RSA

Question 50

The process of identifying and classifying assets is typically included in the

Options:

A.

Threat analysis process

B.

Asset configuration management process

C.

Business Impact Analysis

D.

Disaster Recovery plan

Question 51

In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:

Options:

A.

Secure the area and shut-down the computer until investigators arrive

B.

Secure the area and attempt to maintain power until investigators arrive

C.

Immediately place hard drive and other components in an anti-static bag

D.

Secure the area.

Question 52

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?

Options:

A.

Comprehensive Log-Files from all servers and network devices affected during the attack

B.

Fully trained network forensic experts to analyze all data right after the attack

C.

Uninterrupted Chain of Custody

D.

Expert forensics witness

Question 53

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

Options:

A.

Configure logging on each access point

B.

Install a firewall software on each wireless access point.

C.

Provide IP and MAC address

D.

Disable SSID Broadcast and enable MAC address filtering on all wireless access points.

Question 54

Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?

Options:

A.

Trusted and untrusted networks

B.

Type of authentication

C.

Storage encryption

D.

Log retention

Question 55

A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?

Options:

A.

non-repudiation

B.

conflict resolution

C.

strong authentication

D.

digital rights management

Question 56

Which of the following strategies provides the BEST response to a ransomware attack?

Options:

A.

Real-time off-site replication

B.

Daily incremental backup

C.

Daily full backup

D.

Daily differential backup

Question 57

Which of the following statements about Encapsulating Security Payload (ESP) is true?

Options:

A.

It is an IPSec protocol.

B.

It is a text-based communication protocol.

C.

It uses TCP port 22 as the default port and operates at the application layer.

D.

It uses UDP port 22

Question 58

SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

Options:

A.

‘ o 1=1 - -

B.

/../../../../

C.

“DROPTABLE USERNAME”

D.

NOPS

Question 59

Physical security measures typically include which of the following components?

Options:

A.

Physical, Technical, Operational

B.

Technical, Strong Password, Operational

C.

Operational, Biometric, Physical

D.

Strong password, Biometric, Common Access Card

Question 60

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

Options:

A.

In-line hardware keyloggers don’t require physical access

B.

In-line hardware keyloggers don’t comply to industry regulations

C.

In-line hardware keyloggers are undetectable by software

D.

In-line hardware keyloggers are relatively inexpensive

Demo: 60 questions
Total 404 questions