Eccouncil 712-50 practice test

EC-Council Certified CISO Exam


Question 1

Devising controls for information security is a balance between?

  • A. Governance and compliance
  • B. Auditing and security
  • C. Budget and risk tolerance
  • D. Threats and vulnerabilities
Answer:

C

Reference:
https://www.cybok.org/media/downloads/cybok_version_1.0.pdf
130/131
Questions & Answers PDF
P-
131/131

Discussions

Question 2

From the CISOs perspective in looking at financial statements, the statement of retained earnings of
an organization:

  • A. Has a direct correlation with the CISO’s budget
  • B. Represents, in part, the savings generated by the proper acquisition and implementation of security controls
  • C. Represents the sum of all capital expenditures
  • D. Represents the percentage of earnings that could in part be used to finance future security controls
Answer:

D

Reference:
https://www.investopedia.com/terms/s/statement-of-retained-earnings.asp

Discussions

Question 3

An organization has decided to develop an in-house BCM capability. The organization has
determined it is best to follow a BCM standard published by the International Organization for
Standardization (ISO).
The BEST ISO standard to follow that outlines the complete lifecycle of BCM is?

  • A. ISO 22318 Supply Chain Continuity
  • B. ISO 27031 BCM Readiness
  • C. ISO 22301 BCM Requirements
  • D. ISO 22317 BIA
Answer:

C

Reference:
https://www.smartsheet.com/content/iso-22301-business-continuity-guide

Discussions

Question 4

What is an approach to estimating the strengths and weaknesses of alternatives used to determine
options, which provide the BEST approach to achieving benefits while preserving savings called?

  • A. Business Impact Analysis
  • B. Economic Impact analysis
  • C. Return on Investment
  • D. Cost-benefit analysis
Answer:

D

Reference:
https://artsandculture.google.com/entity/cost%E2%80%93benefit-
analysis/m020w0x?hl=en
129/131
Questions & Answers PDF
P-

Discussions

Question 5

When managing a project, the MOST important activity in managing the expectations of stakeholders
is:

  • A. To force stakeholders to commit ample resources to support the project
  • B. To facilitate proper communication regarding outcomes
  • C. To assure stakeholders commit to the project start and end dates in writing
  • D. To finalize detailed scope of the project at project initiation
Answer:

B

Reference:
https://www.greycampus.com/blog/project-management/stakeholder-management-
what-is-it-and-why-is-it-so-important

Discussions

Question 6

What are the common data hiding techniques used by criminals?

  • A. Unallocated space and masking
  • B. Website defacement and log manipulation
  • C. Disabled Logging and admin elevation
  • D. Encryption, Steganography, and Changing Metadata/Timestamps
Answer:

D

Reference:
https://cisomag.eccouncil.org/challenges-and-applications-of-digital-forensics/

Discussions

Question 7

An auditor is reviewing the security classifications for a group of assets and finds that many of the
assets are not correctly classified.
What should the auditors NEXT step be?

  • A. Immediately notify the board of directors of the organization as to the finding
  • B. Correct the classifications immediately based on the auditors knowledge of the proper classification
  • C. Document the missing classifications 128/131 Questions & Answers PDF P-
  • D. Identify the owner of the asset and induce the owner to apply a proper classification
Answer:

C

Discussions

Question 8

In defining a strategic security plan for an organization, what should a CISO first analyze?

  • A. Reach out to a business similar to yours and ask for their plan
  • B. Set goals that are difficult to attain to drive more productivity
  • C. Review business acquisitions for the past 3 years
  • D. Analyze the broader organizational strategic plan
Answer:

D

Reference:
https://securityintelligence.com/the-importance-of-building-an-information-security-
strategic-plan/

Discussions

Question 9

You have been promoted to the CISO of a big-box retail store chain reporting to the Chief Information
Officer (CIO). The CIOs first mandate to you is to develop a cybersecurity compliance framework that
will meet all the stores compliance requirements.
Which of the following compliance standard is the MOST important to the organization?

  • A. The Federal Risk and Authorization Management Program (FedRAMP)
  • B. ISO 27002
  • C. NIST Cybersecurity Framework
  • D. Payment Card Industry (PCI) Data Security Standard (DSS)
Answer:

D

Reference:
https://searchcompliance.techtarget.com/definition/PCI-DSS-Payment-Card-Industry-
Data-Security-Standard

Discussions

Question 10

Which of the following is the MOST effective method to counter phishing attacks?

  • A. User awareness and training
  • B. Host based Intrusion Detection System (IPS)
  • C. Acceptable use guide signed by all system users
  • D. Antispam solution 127/131 Questions & Answers PDF P-
Answer:

A

Reference:
https://aware.eccouncil.org/4-best-ways-to-stop-phishing-with-security-awareness.html

Discussions
To page 2