Massive Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

ECCouncil 712-50 EC-Council Certified CISO (CCISO) Exam Practice Test

Demo: 67 questions
Total 449 questions

EC-Council Certified CISO (CCISO) Questions and Answers

Question 1

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.

You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?

Options:

A.

Conduct background checks on individuals before hiring them

B.

Develop an Information Security Awareness program

C.

Monitor employee browsing and surfing habits

D.

Set your firewall permissions aggressively and monitor logs regularly.

Question 2

A large number of accounts in a hardened system were suddenly compromised to an external party. Which of

the following is the MOST probable threat actor involved in this incident?

Options:

A.

Poorly configured firewalls

B.

Malware

C.

Advanced Persistent Threat (APT)

D.

An insider

Question 3

Which type of scan is used on the eye to measure the layer of blood vessels?

Options:

A.

Facial recognition scan

B.

Iris scan

C.

Signature kinetics scan

D.

Retinal scan

Question 4

Which of the following is the MOST important reason for performing assessments of the security portfolio?

Options:

A.

To assure that the portfolio is aligned to the needs of the broader organization

B.

To create executive support of the portfolio

C.

To discover new technologies and processes for implementation within the portfolio

D.

To provide independent 3rd party reviews of security effectiveness

Question 5

A digital signature addresses which of the following concerns?

Options:

A.

Message alteration

B.

Message copying

C.

Message theft

D.

Unauthorized reading

Question 6

Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.

Using the best business practices for project management, you determine that the project correctly aligns with the organization goals. What should be verified next?

Options:

A.

Scope

B.

Budget

C.

Resources

D.

Constraints

Question 7

Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.

What action should you take FIRST?

Options:

A.

Destroy the repository of stolen data

B.

Contact your local law enforcement agency

C.

Consult with other C-Level executives to develop an action plan

D.

Contract with a credit reporting company for paid monitoring services for affected customers

Question 8

SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.

The CISO is unsure of the information provided and orders a vendor proof of concept to validate the system’s scalability. This demonstrates which of the following?

Options:

A.

An approach that allows for minimum budget impact if the solution is unsuitable

B.

A methodology-based approach to ensure authentication mechanism functions

C.

An approach providing minimum time impact to the implementation schedules

D.

A risk-based approach to determine if the solution is suitable for investment

Question 9

When project costs continually increase throughout implementation due to large or rapid changes in customer

or user requirements, this is commonly known as:

Options:

A.

Cost/benefit adjustments

B.

Scope creep

C.

Prototype issues

D.

Expectations management

Question 10

You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.

Using the best business practices for project management you determine that the project correct aligns with the company goals. What needs to be verified FIRST?

Options:

A.

Scope of the project

B.

Training of the personnel on the project

C.

Timeline of the project milestones

D.

Vendor for the project

Question 11

Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of

Options:

A.

Network based security preventative controls

B.

Software segmentation controls

C.

Network based security detective controls

D.

User segmentation controls

Question 12

Which of the following is MOST useful when developing a business case for security initiatives?

Options:

A.

Budget forecasts

B.

Request for proposals

C.

Cost/benefit analysis

D.

Vendor management

Question 13

Who is responsible for verifying that audit directives are implemented?

Options:

A.

IT Management

B.

Internal Audit

C.

IT Security

D.

BOD Audit Committee

Question 14

What does RACI stand for?

Options:

A.

Reasonable, Actionable, Controlled, and Implemented

B.

Responsible, Actors, Consult, and Instigate

C.

Responsible, Accountable, Consulted, and Informed

D.

Review, Act, Communicate, and Inform

Question 15

ABC Limited has recently suffered a security breach with customers’ social security number available on the dark web for sale. The CISO, during the time of the incident, has been fired, and you have been hired as the replacement. The analysis of the breach found that the absence of an insider threat program, lack of least privilege policy, and weak access control was to blame. You would like to implement key performance indicators to mitigate the risk.

Which metric would meet the requirement?

Options:

A.

Number of times third parties access critical information systems

B.

Number of systems with known vulnerabilities

C.

Number of users with elevated privileges

D.

Number of websites with weak or misconfigured certificates

Question 16

XYZ is a publicly-traded software development company.

Who is ultimately accountable to the shareholders in the event of a cybersecurity breach?

Options:

A.

Chief Financial Officer (CFO)

B.

Chief Software Architect (CIO)

C.

CISO

D.

Chief Executive Officer (CEO)

Question 17

The main purpose of the SOC is:

Options:

A.

An organization which provides Tier 1 support for technology issues and provides escalation when needed

B.

A distributed organization which provides intelligence to governments and private sectors on cyber-criminal activities

C.

The coordination of personnel, processes and technology to identify information security events and provide timely response and remediation

D.

A device which consolidates event logs and provides real-time analysis of security alerts generated by applications and network hardware

Question 18

When reviewing a Solution as a Service (SaaS) provider’s security health and posture, which key document should you review?

Options:

A.

SaaS provider’s website certifications and representations (certs and reps)

B.

SOC-2 Report

C.

Metasploit Audit Report

D.

Statement from SaaS provider attesting their ability to secure your data

Question 19

When evaluating a Managed Security Services Provider (MSSP), which service(s) is/are most important:

Options:

A.

Patch management

B.

Network monitoring

C.

Ability to provide security services tailored to the business’ needs

D.

24/7 tollfree number

Question 20

A Security Operations Manager is finding it difficult to maintain adequate staff levels to monitor security operations during off-hours. To reduce the impact of staff shortages and increase coverage during off-hours, the SecOps manager is considering outsourcing off-hour coverage.

What Security Operations Center (SOC) model does this BEST describe?

Options:

A.

Virtual SOC

B.

In-house SOC

C.

Security Network Operations Center (SNOC)

D.

Hybrid SOC

Question 21

When information security falls under the Chief Information Officer (CIO), what is their MOST essential role?

Options:

A.

Oversees the organization’s day-to-day operations, creating the policies and strategies that govern operations

B.

Enlisting support from key executives the information security program budget and policies

C.

Charged with developing and implementing policies designed to protect employees and customers’ data from unauthorized access

D.

Responsible for the success or failure of the IT organization and setting strategic direction

Question 22

An organization has decided to develop an in-house BCM capability. The organization has determined it is best to follow a BCM standard published by the International Organization for Standardization (ISO).

The BEST ISO standard to follow that outlines the complete lifecycle of BCM is?

Options:

A.

ISO 22318 Supply Chain Continuity

B.

ISO 27031 BCM Readiness

C.

ISO 22301 BCM Requirements

D.

ISO 22317 BIA

Question 23

A university recently hired a CISO. One of the first tasks is to develop a continuity of operations plan (COOP).

In developing the business impact assessment (BIA), which of the following MOST closely relate to the data backup and restoral?

Options:

A.

Recovery Point Objective (RPO)

B.

Mean Time to Delivery (MTD)

C.

Recovery Time Objective (RTO)

D.

Maximum Tolerable Downtime (MTD)

Question 24

Which of the following statements below regarding Key Performance indicators (KPIs) are true?

Options:

A.

Development of KPI’s are most useful when done independently

B.

They are a strictly quantitative measure of success

C.

They should be standard throughout the organization versus domain-specific so they are more easily correlated

D.

They are a strictly qualitative measure of success

Question 25

Which of the following activities results in change requests?

Options:

A.

Preventive actions

B.

Inspection

C.

Defect repair

D.

Corrective actions

Question 26

An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the NEXT step?

Options:

A.

Determine the annual loss expectancy (ALE)

B.

Create a crisis management plan

C.

Create technology recovery plans

D.

Build a secondary hot site

Question 27

A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?

Options:

A.

Have internal audit conduct another audit to see what has changed.

B.

Contract with an external audit company to conduct an unbiased audit

C.

Review the recommendations and follow up to see if audit implemented the changes

D.

Meet with audit team to determine a timeline for corrections

Question 28

The remediation of a specific audit finding is deemed too expensive and will not be implemented. Which of the following is a TRUE statement?

Options:

A.

The asset is more expensive than the remediation

B.

The audit finding is incorrect

C.

The asset being protected is less valuable than the remediation costs

D.

The remediation costs are irrelevant; it must be implemented regardless of cost.

Question 29

Step-by-step procedures to regain normalcy in the event of a major earthquake is PRIMARILY covered by which of the following plans?

Options:

A.

Incident response plan

B.

Business Continuity plan

C.

Disaster recovery plan

D.

Damage control plan

Question 30

IT control objectives are useful to IT auditors as they provide the basis for understanding the:

Options:

A.

Desired results or purpose of implementing specific control procedures.

B.

The audit control checklist.

C.

Techniques for securing information.

D.

Security policy

Question 31

To have accurate and effective information security policies how often should the CISO review the organization policies?

Options:

A.

Every 6 months

B.

Quarterly

C.

Before an audit

D.

At least once a year

Question 32

Which is the BEST solution to monitor, measure, and report changes to critical data in a system?

Options:

A.

Application logs

B.

File integrity monitoring

C.

SNMP traps

D.

Syslog

Question 33

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

Options:

A.

ISO 27001

B.

PRINCE2

C.

ISO 27004

D.

ITILv3

Question 34

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

Options:

A.

Transfer financial resources from other critical programs

B.

Take the system off line until the budget is available

C.

Deploy countermeasures and compensating controls until the budget is available

D.

Schedule an emergency meeting and request the funding to fix the issue

Question 35

The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because

Options:

A.

The IT team is not familiar in IT audit practices

B.

This represents a bad implementation of the Least Privilege principle

C.

This represents a conflict of interest

D.

The IT team is not certified to perform audits

Question 36

The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?

Options:

A.

Organization control

B.

Procedural control

C.

Management control

D.

Technical control

Question 37

What type of attack requires the least amount of technical equipment and has the highest success rate?

Options:

A.

War driving

B.

Operating system attacks

C.

Social engineering

D.

Shrink wrap attack

Question 38

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?

Options:

A.

Comprehensive Log-Files from all servers and network devices affected during the attack

B.

Fully trained network forensic experts to analyze all data right after the attack

C.

Uninterrupted Chain of Custody

D.

Expert forensics witness

Question 39

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?

Options:

A.

Execute

B.

Read

C.

Administrator

D.

Public

Question 40

The process of identifying and classifying assets is typically included in the

Options:

A.

Threat analysis process

B.

Asset configuration management process

C.

Business Impact Analysis

D.

Disaster Recovery plan

Question 41

The process for identifying, collecting, and producing digital information in support of legal proceedings is called

Options:

A.

chain of custody.

B.

electronic discovery.

C.

evidence tampering.

D.

electronic review.

Question 42

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

Options:

A.

Shared key

B.

Asynchronous

C.

Open

D.

None

Question 43

Which of the following is the MAIN security concern for public cloud computing?

Options:

A.

Unable to control physical access to the servers

B.

Unable to track log on activity

C.

Unable to run anti-virus scans

D.

Unable to patch systems as needed

Question 44

The process of creating a system which divides documents based on their security level to manage access to private data is known as

Options:

A.

security coding

B.

data security system

C.

data classification

D.

privacy protection

Question 45

In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:

Options:

A.

Secure the area and shut-down the computer until investigators arrive

B.

Secure the area and attempt to maintain power until investigators arrive

C.

Immediately place hard drive and other components in an anti-static bag

D.

Secure the area.

Question 46

Physical security measures typically include which of the following components?

Options:

A.

Physical, Technical, Operational

B.

Technical, Strong Password, Operational

C.

Operational, Biometric, Physical

D.

Strong password, Biometric, Common Access Card

Question 47

Which of the following is a symmetric encryption algorithm?

Options:

A.

3DES

B.

MD5

C.

ECC

D.

RSA

Question 48

Which of the following backup sites takes the longest recovery time?

Options:

A.

Cold site

B.

Hot site

C.

Warm site

D.

Mobile backup site

Question 49

When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?

Options:

A.

When there is a need to develop a more unified incident response capability.

B.

When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.

C.

When there is a variety of technologies deployed in the infrastructure.

D.

When it results in an overall lower cost of operating the security program.

Question 50

The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for

Options:

A.

Confidentiality, Integrity and Availability

B.

Assurance, Compliance and Availability

C.

International Compliance

D.

Integrity and Availability

Question 51

The PRIMARY objective for information security program development should be:

Options:

A.

Reducing the impact of the risk to the business.

B.

Establishing strategic alignment with bunsiness continuity requirements

C.

Establishing incident response programs.

D.

Identifying and implementing the best security solutions.

Question 52

A method to transfer risk is to:

Options:

A.

Implement redundancy

B.

move operations to another region

C.

purchase breach insurance

D.

Alignment with business operations

Question 53

A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?

Options:

A.

Compliance to the Payment Card Industry (PCI) regulations.

B.

Alignment with financial reporting regulations for each country where they operate.

C.

Alignment with International Organization for Standardization (ISO) standards.

D.

Compliance with patient data protection regulations for each country where they operate.

Question 54

Information security policies should be reviewed:

Options:

A.

by stakeholders at least annually

B.

by the CISO when new systems are brought online

C.

by the Incident Response team after an audit

D.

by internal audit semiannually

Question 55

What is the relationship between information protection and regulatory compliance?

Options:

A.

That all information in an organization must be protected equally.

B.

The information required to be protected by regulatory mandate does not have to be identified in the organizations data classification policy.

C.

That the protection of some information such as National ID information is mandated by regulation and other information such as trade secrets are protected based on business need.

D.

There is no relationship between the two.

Question 56

One of the MAIN goals of a Business Continuity Plan is to

Options:

A.

Ensure all infrastructure and applications are available in the event of a disaster

B.

Allow all technical first-responders to understand their roles in the event of a disaster

C.

Provide step by step plans to recover business processes in the event of a disaster

D.

Assign responsibilities to the technical teams responsible for the recovery of all data.

Question 57

Which of the following is a benefit of information security governance?

Options:

A.

Questioning the trust in vendor relationships.

B.

Increasing the risk of decisions based on incomplete management information.

C.

Direct involvement of senior management in developing control processes

D.

Reduction of the potential for civil and legal liability

Question 58

You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation throughout the entire organization?

Options:

A.

Chief Information Security Officer

B.

Chief Executive Officer

C.

Chief Information Officer

D.

Chief Legal Counsel

Question 59

Who is responsible for securing networks during a security incident?

Options:

A.

Chief Information Security Officer (CISO)

B.

Security Operations Center (SO

C.

Disaster Recovery (DR) manager

D.

Incident Response Team (IRT)

Question 60

A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization’s large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

Options:

A.

Scan a representative sample of systems

B.

Perform the scans only during off-business hours

C.

Decrease the vulnerabilities within the scan tool settings

D.

Filter the scan output so only pertinent data is analyzed

Question 61

Your company has a “no right to privacy” notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee’s email account. What should you do? (choose the BEST answer):

Options:

A.

Grant her access, the employee has been adequately warned through the AUP.

B.

Assist her with the request, but only after her supervisor signs off on the action.

C.

Reset the employee’s password and give it to the supervisor.

D.

Deny the request citing national privacy laws.

Question 62

Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed. What can be done to ensure that security is addressed cost effectively?

Options:

A.

User awareness training for all employees

B.

Installation of new firewalls and intrusion detection systems

C.

Launch an internal awareness campaign

D.

Integrate security requirements into project inception

Question 63

Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?

Options:

A.

Upper management support

B.

More frequent project milestone meetings

C.

More training of staff members

D.

Involve internal audit

Question 64

When selecting a security solution with reoccurring maintenance costs after the first year, the CISO should: (choose the BEST answer)

Options:

A.

The CISO should cut other essential programs to ensure the new solution’s continued use

B.

Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution’s continued use

C.

Defer selection until the market improves and cash flow is positive

D.

Implement the solution and ask for the increased operating cost budget when it is time

Question 65

In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool selection represents the BEST choice to achieve situational awareness?

Options:

A.

Vmware, router, switch, firewall, syslog, vulnerability management system (VMS)

B.

Intrusion Detection System (IDS), firewall, switch, syslog

C.

Security Incident Event Management (SIEM), IDS, router, syslog

D.

SIEM, IDS, firewall, VMS

Question 66

Which of the following represents the BEST method of ensuring security program alignment to business needs?

Options:

A.

Create a comprehensive security awareness program and provide success metrics to business units

B.

Create security consortiums, such as strategic security planning groups, that include business unit participation

C.

Ensure security implementations include business unit testing and functional validation prior to production rollout

D.

Ensure the organization has strong executive-level security representation through clear sponsorship or the creation of a CISO role

Question 67

Which of the following is the MOST important component of any change management process?

Options:

A.

Scheduling

B.

Back-out procedures

C.

Outage planning

D.

Management approval

Demo: 67 questions
Total 449 questions