March Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

ECCouncil 712-50 EC-Council Certified CISO (CCISO) Exam Practice Test

Demo: 67 questions
Total 449 questions

EC-Council Certified CISO (CCISO) Questions and Answers

Question 1

In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:

Options:

A.

Secure the area and shut-down the computer until investigators arrive

B.

Secure the area and attempt to maintain power until investigators arrive

C.

Immediately place hard drive and other components in an anti-static bag

D.

Secure the area.

Question 2

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?

Options:

A.

Comprehensive Log-Files from all servers and network devices affected during the attack

B.

Fully trained network forensic experts to analyze all data right after the attack

C.

Uninterrupted Chain of Custody

D.

Expert forensics witness

Question 3

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

Options:

A.

The need to change accounting periods on a regular basis.

B.

The requirement to post entries for a closed accounting period.

C.

The need to create and modify the chart of accounts and its allocations.

D.

The lack of policies and procedures for the proper segregation of duties.

Question 4

Which of the following is a symmetric encryption algorithm?

Options:

A.

3DES

B.

MD5

C.

ECC

D.

RSA

Question 5

While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?

Options:

A.

Enterprise Risk Assessment

B.

Disaster recovery strategic plan

C.

Business continuity plan

D.

Application mapping document

Question 6

An anonymity network is a series of?

Options:

A.

Covert government networks

B.

War driving maps

C.

Government networks in Tora

D.

Virtual network tunnels

Question 7

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

Options:

A.

Shared key

B.

Asynchronous

C.

Open

D.

None

Question 8

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

Options:

A.

In-line hardware keyloggers don’t require physical access

B.

In-line hardware keyloggers don’t comply to industry regulations

C.

In-line hardware keyloggers are undetectable by software

D.

In-line hardware keyloggers are relatively inexpensive

Question 9

Which of the following is the MAIN security concern for public cloud computing?

Options:

A.

Unable to control physical access to the servers

B.

Unable to track log on activity

C.

Unable to run anti-virus scans

D.

Unable to patch systems as needed

Question 10

What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?

Options:

A.

Traffic Analysis

B.

Deep-Packet inspection

C.

Packet sampling

D.

Heuristic analysis

Question 11

The process of creating a system which divides documents based on their security level to manage access to private data is known as

Options:

A.

security coding

B.

data security system

C.

data classification

D.

privacy protection

Question 12

Physical security measures typically include which of the following components?

Options:

A.

Physical, Technical, Operational

B.

Technical, Strong Password, Operational

C.

Operational, Biometric, Physical

D.

Strong password, Biometric, Common Access Card

Question 13

Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

Options:

A.

Single Loss Expectancy (SLE)

B.

Exposure Factor (EF)

C.

Annualized Rate of Occurrence (ARO)

D.

Temporal Probability (TP)

Question 14

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

Options:

A.

Transfer financial resources from other critical programs

B.

Take the system off line until the budget is available

C.

Deploy countermeasures and compensating controls until the budget is available

D.

Schedule an emergency meeting and request the funding to fix the issue

Question 15

In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?

Options:

A.

Internal Audit

B.

Database Administration

C.

Information Security

D.

Compliance

Question 16

Which of the following is a fundamental component of an audit record?

Options:

A.

Date and time of the event

B.

Failure of the event

C.

Originating IP-Address

D.

Authentication type

Question 17

Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

Options:

A.

Senior Executives

B.

Office of the Auditor

C.

Office of the General Counsel

D.

All employees and users

Question 18

The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?

Options:

A.

Organization control

B.

Procedural control

C.

Management control

D.

Technical control

Question 19

Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?

Options:

A.

International Organization for Standardization 27001

B.

National Institute of Standards and Technology Special Publication SP 800-12

C.

Request For Comment 2196

D.

National Institute of Standards and Technology Special Publication SP 800-26

Question 20

During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

Options:

A.

Identify and evaluate the existing controls.

B.

Disclose the threats and impacts to management.

C.

Identify information assets and the underlying systems.

D.

Identify and assess the risk assessment process used by management.

Question 21

An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the NEXT step?

Options:

A.

Determine the annual loss expectancy (ALE)

B.

Create a crisis management plan

C.

Create technology recovery plans

D.

Build a secondary hot site

Question 22

With respect to the audit management process, management response serves what function?

Options:

A.

placing underperforming units on notice for failing to meet standards

B.

determining whether or not resources will be allocated to remediate a finding

C.

adding controls to ensure that proper oversight is achieved by management

D.

revealing the “root cause” of the process failure and mitigating for all internal and external units

Question 23

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

Options:

A.

It allows executives to more effectively monitor IT implementation costs

B.

Implementation of it eases an organization’s auditing and compliance burden

C.

Information Security (IS) procedures often require augmentation with other standards

D.

It provides for a consistent and repeatable staffing model for technology organizations

Question 24

Which of the following is a benefit of a risk-based approach to audit planning?

Options:

A.

Resources are allocated to the areas of the highest concern

B.

Scheduling may be performed months in advance

C.

Budgets are more likely to be met by the IT audit staff

D.

Staff will be exposed to a variety of technologies

Question 25

Which of the following methodologies references the recommended industry standard that Information security project managers should follow?

Options:

A.

The Security Systems Development Life Cycle

B.

The Security Project And Management Methodology

C.

Project Management System Methodology

D.

Project Management Body of Knowledge

Question 26

Your incident response plan should include which of the following?

Options:

A.

Procedures for litigation

B.

Procedures for reclamation

C.

Procedures for classification

D.

Procedures for charge-back

Question 27

This occurs when the quantity or quality of project deliverables is expanded from the original project plan.

Options:

A.

Scope creep

B.

Deadline extension

C.

Scope modification

D.

Deliverable expansion

Question 28

A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the following is a foundational requirement in order to initiate this type of program?

Options:

A.

A security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions

B.

A clear set of security policies and procedures that are more concept-based than controls-based

C.

A complete inventory of Information Technology assets including infrastructure, networks, applications and data

D.

A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in

Question 29

Which of the following is MOST beneficial in determining an appropriate balance between uncontrolled innovation and excessive caution in an organization?

Options:

A.

Define the risk appetite

B.

Determine budget constraints

C.

Review project charters

D.

Collaborate security projects

Question 30

An example of professional unethical behavior is:

Options:

A.

Gaining access to an affiliated employee’s work email account as part of an officially sanctioned internal investigation

B.

Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material

C.

Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes

D.

Storing client lists and other sensitive corporate internal documents on a removable thumb drive

Question 31

Risk appetite is typically determined by which of the following organizational functions?

Options:

A.

Security

B.

Business units

C.

Board of Directors

D.

Audit and compliance

Question 32

The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to help mitigate the risks?

Options:

A.

Provide developer security training

B.

Deploy Intrusion Detection Systems

C.

Provide security testing tools

D.

Implement Compensating Controls

Question 33

When managing the critical path of an IT security project, which of the following is MOST important?

Options:

A.

Knowing who all the stakeholders are.

B.

Knowing the people on the data center team.

C.

Knowing the threats to the organization.

D.

Knowing the milestones and timelines of deliverables.

Question 34

Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?

Options:

A.

Upper management support

B.

More frequent project milestone meetings

C.

More training of staff members

D.

Involve internal audit

Question 35

Which business stakeholder is accountable for the integrity of a new information system?

Options:

A.

CISO

B.

Compliance Officer

C.

Project manager

D.

Board of directors

Question 36

Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):

Options:

A.

low risk-tolerance

B.

high risk-tolerance

C.

moderate risk-tolerance

D.

medium-high risk-tolerance

Question 37

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?

Options:

A.

Business Impact Analysis

B.

Economic Impact analysis

C.

Return on Investment

D.

Cost-benefit analysis

Question 38

Of the following types of SOCs (Security Operations Centers), which one would be MOST likely used if the CISO has decided to outsource the infrastructure and administration of it?

Options:

A.

Virtual

B.

Dedicated

C.

Fusion

D.

Command

Question 39

Which of the following are the triple constraints of project management?

Options:

A.

Time, quality, and scope

B.

Cost, quality, and time

C.

Scope, time, and cost

D.

Quality, scope, and cost

Question 40

A bastion host should be placed:

Options:

A.

Inside the DMZ

B.

In-line with the data center firewall

C.

Beyond the outer perimeter firewall

D.

As the gatekeeper to the organization’s honeynet

Question 41

What is the primary difference between regulations and standards?

Options:

A.

Standards will include regulations

B.

Standards that aren’t followed are punishable by fines

C.

Regulations are made enforceable by the power provided by laws

D.

Regulations must be reviewed and approved by the business

Question 42

Many successful cyber-attacks currently include:

Options:

A.

Phishing Attacks

B.

Misconfigurations

C.

Social engineering

D.

All of these

Question 43

Which level of data destruction applies logical techniques to sanitize data in all user-addressable storage locations?

Options:

A.

Purge

B.

Clear

C.

Mangle

D.

Destroy

Question 44

Which of the following strategies provides the BEST response to a ransomware attack?

Options:

A.

Real-time off-site replication

B.

Daily incremental backup

C.

Daily full backup

D.

Daily differential backup

Question 45

When managing a project, the MOST important activity in managing the expectations of stakeholders is:

Options:

A.

To force stakeholders to commit ample resources to support the project

B.

To facilitate proper communication regarding outcomes

C.

To assure stakeholders commit to the project start and end dates in writing

D.

To finalize detailed scope of the project at project initiation

Question 46

An organization has decided to develop an in-house BCM capability. The organization has determined it is best to follow a BCM standard published by the International Organization for Standardization (ISO).

The BEST ISO standard to follow that outlines the complete lifecycle of BCM is?

Options:

A.

ISO 22318 Supply Chain Continuity

B.

ISO 27031 BCM Readiness

C.

ISO 22301 BCM Requirements

D.

ISO 22317 BIA

Question 47

Which of the following statements below regarding Key Performance indicators (KPIs) are true?

Options:

A.

Development of KPI’s are most useful when done independently

B.

They are a strictly quantitative measure of success

C.

They should be standard throughout the organization versus domain-specific so they are more easily correlated

D.

They are a strictly qualitative measure of success

Question 48

As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity.

The performance quality audit activity is done in what project management process group?

Options:

A.

Executing

B.

Controlling

C.

Planning

D.

Closing

Question 49

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.

From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO’s approach to security?

Options:

A.

Lack of risk management process

B.

Lack of sponsorship from executive management

C.

IT security centric agenda

D.

Compliance centric agenda

Question 50

Involvement of senior management is MOST important in the development of:

Options:

A.

IT security implementation plans.

B.

Standards and guidelines.

C.

IT security policies.

D.

IT security procedures.

Question 51

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals

the increasing need to address security consistently at the enterprise level. This new CISO, while confident with

skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.

From an Information Security Leadership perspective, which of the following is a MAJOR concern about the

CISO’s approach to security?

Options:

A.

Compliance centric agenda

B.

IT security centric agenda

C.

Lack of risk management process

D.

Lack of sponsorship from executive management

Question 52

Which type of scan is used on the eye to measure the layer of blood vessels?

Options:

A.

Facial recognition scan

B.

Iris scan

C.

Signature kinetics scan

D.

Retinal scan

Question 53

Which of the following provides an independent assessment of a vendor’s internal security controls and overall posture?

Options:

A.

Alignment with business goals

B.

ISO27000 accreditation

C.

PCI attestation of compliance

D.

Financial statements

Question 54

A CISO has implemented a risk management capability within the security portfolio. Which of the following

terms best describes this functionality?

Options:

A.

Service

B.

Program

C.

Portfolio

D.

Cost center

Question 55

Using the Transport Layer Security (TLS) protocol enables a client in a network to be:

Options:

A.

Provided with a digital signature

B.

Assured of the server’s identity

C.

Identified by a network

D.

Registered by the server

Question 56

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

Which of the following is the FIRST action the CISO will perform after receiving the audit report?

Options:

A.

Inform peer executives of the audit results

B.

Validate gaps and accept or dispute the audit findings

C.

Create remediation plans to address program gaps

D.

Determine if security policies and procedures are adequate

Question 57

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.

You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?

Options:

A.

Conduct background checks on individuals before hiring them

B.

Develop an Information Security Awareness program

C.

Monitor employee browsing and surfing habits

D.

Set your firewall permissions aggressively and monitor logs regularly.

Question 58

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.

Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?

Options:

A.

National Institute of Standards and Technology (NIST) Special Publication 800-53

B.

Payment Card Industry Digital Security Standard (PCI DSS)

C.

International Organization for Standardization – ISO 27001/2

D.

British Standard 7799 (BS7799)

Question 59

Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.

Using the best business practices for project management, you determine that the project correctly aligns with the organization goals. What should be verified next?

Options:

A.

Scope

B.

Budget

C.

Resources

D.

Constraints

Question 60

The formal certification and accreditation process has four primary steps, what are they?

Options:

A.

Evaluating, describing, testing and authorizing

B.

Evaluating, purchasing, testing, authorizing

C.

Auditing, documenting, verifying, certifying

D.

Discovery, testing, authorizing, certifying

Question 61

Which of the following is the MOST important for a CISO to understand when identifying threats?

Options:

A.

How vulnerabilities can potentially be exploited in systems that impact the organization

B.

How the security operations team will behave to reported incidents

C.

How the firewall and other security devices are configured to prevent attacks

D.

How the incident management team prepares to handle an attack

Question 62

Which of the following represents the HIGHEST negative impact resulting from an ineffective security governance program?

Options:

A.

Reduction of budget

B.

Decreased security awareness

C.

Improper use of information resources

D.

Fines for regulatory non-compliance

Question 63

The PRIMARY objective of security awareness is to:

Options:

A.

Ensure that security policies are read.

B.

Encourage security-conscious employee behavior.

C.

Meet legal and regulatory requirements.

D.

Put employees on notice in case follow-up action for noncompliance is necessary

Question 64

Which of the following is a benefit of information security governance?

Options:

A.

Questioning the trust in vendor relationships.

B.

Increasing the risk of decisions based on incomplete management information.

C.

Direct involvement of senior management in developing control processes

D.

Reduction of the potential for civil and legal liability

Question 65

An organization’s firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?

Options:

A.

A high threat environment

B.

A low risk tolerance environment

C.

I low vulnerability environment

D.

A high risk tolerance environment

Question 66

A method to transfer risk is to:

Options:

A.

Implement redundancy

B.

move operations to another region

C.

purchase breach insurance

D.

Alignment with business operations

Question 67

Who is responsible for securing networks during a security incident?

Options:

A.

Chief Information Security Officer (CISO)

B.

Security Operations Center (SO

C.

Disaster Recovery (DR) manager

D.

Incident Response Team (IRT)

Demo: 67 questions
Total 449 questions