New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > ECCouncil > CCISO > 712-50

712-50 EC-Council Certified CISO (CCISO) Question and Answers

Question # 4

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

A.

The need to change accounting periods on a regular basis.

B.

The requirement to post entries for a closed accounting period.

C.

The need to create and modify the chart of accounts and its allocations.

D.

The lack of policies and procedures for the proper segregation of duties.

Full Access
Question # 5

Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?

A.

Trusted and untrusted networks

B.

Type of authentication

C.

Storage encryption

D.

Log retention

Full Access
Question # 6

In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:

A.

Secure the area and shut-down the computer until investigators arrive

B.

Secure the area and attempt to maintain power until investigators arrive

C.

Immediately place hard drive and other components in an anti-static bag

D.

Secure the area.

Full Access
Question # 7

Which of the following statements about Encapsulating Security Payload (ESP) is true?

A.

It is an IPSec protocol.

B.

It is a text-based communication protocol.

C.

It uses TCP port 22 as the default port and operates at the application layer.

D.

It uses UDP port 22

Full Access
Question # 8

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

A.

Containment

B.

Recovery

C.

Identification

D.

Eradication

Full Access
Question # 9

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

A.

Shared key

B.

Asynchronous

C.

Open

D.

None

Full Access
Question # 10

The process for identifying, collecting, and producing digital information in support of legal proceedings is called

A.

chain of custody.

B.

electronic discovery.

C.

evidence tampering.

D.

electronic review.

Full Access
Question # 11

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

A.

Your public key

B.

The recipient's private key

C.

The recipient's public key

D.

Certificate authority key

Full Access
Question # 12

What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?

A.

Traffic Analysis

B.

Deep-Packet inspection

C.

Packet sampling

D.

Heuristic analysis

Full Access
Question # 13

Physical security measures typically include which of the following components?

A.

Physical, Technical, Operational

B.

Technical, Strong Password, Operational

C.

Operational, Biometric, Physical

D.

Strong password, Biometric, Common Access Card

Full Access
Question # 14

Which wireless encryption technology makes use of temporal keys?

A.

Wireless Application Protocol (WAP)

B.

Wifi Protected Access version 2 (WPA2)

C.

Wireless Equivalence Protocol (WEP)

D.

Extensible Authentication Protocol (EAP)

Full Access
Question # 15

SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

A.

‘ o 1=1 - -

B.

/../../../../

C.

“DROPTABLE USERNAME”

D.

NOPS

Full Access
Question # 16

Which of the following is a symmetric encryption algorithm?

A.

3DES

B.

MD5

C.

ECC

D.

RSA

Full Access
Question # 17

While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?

A.

Enterprise Risk Assessment

B.

Disaster recovery strategic plan

C.

Business continuity plan

D.

Application mapping document

Full Access
Question # 18

Which of the following is the MAIN security concern for public cloud computing?

A.

Unable to control physical access to the servers

B.

Unable to track log on activity

C.

Unable to run anti-virus scans

D.

Unable to patch systems as needed

Full Access
Question # 19

Which of the following are primary concerns for management with regard to assessing internal control objectives?

A.

Confidentiality, Availability, Integrity

B.

Compliance, Effectiveness, Efficiency

C.

Communication, Reliability, Cost

D.

Confidentiality, Compliance, Cost

Full Access
Question # 20

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?

A.

Comprehensive Log-Files from all servers and network devices affected during the attack

B.

Fully trained network forensic experts to analyze all data right after the attack

C.

Uninterrupted Chain of Custody

D.

Expert forensics witness

Full Access
Question # 21

How often should an environment be monitored for cyber threats, risks, and exposures?

A.

Weekly

B.

Monthly

C.

Quarterly

D.

Daily

Full Access
Question # 22

The remediation of a specific audit finding is deemed too expensive and will not be implemented. Which of the following is a TRUE statement?

A.

The asset is more expensive than the remediation

B.

The audit finding is incorrect

C.

The asset being protected is less valuable than the remediation costs

D.

The remediation costs are irrelevant; it must be implemented regardless of cost.

Full Access
Question # 23

Creating a secondary authentication process for network access would be an example of?

A.

Nonlinearities in physical security performance metrics

B.

Defense in depth cost enumerated costs

C.

System hardening and patching requirements

D.

Anti-virus for mobile devices

Full Access
Question # 24

The regular review of a firewall ruleset is considered a

A.

Procedural control

B.

Organization control

C.

Technical control

D.

Management control

Full Access
Question # 25

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

A.

ISO 27001

B.

PRINCE2

C.

ISO 27004

D.

ITILv3

Full Access
Question # 26

Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?

A.

Plan-Check-Do-Act

B.

Plan-Do-Check-Act

C.

Plan-Select-Implement-Evaluate

D.

SCORE (Security Consensus Operational Readiness Evaluation)

Full Access
Question # 27

Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

A.

Senior Executives

B.

Office of the Auditor

C.

Office of the General Counsel

D.

All employees and users

Full Access
Question # 28

The risk found after a control has been fully implemented is called:

A.

Residual Risk

B.

Total Risk

C.

Post implementation risk

D.

Transferred risk

Full Access
Question # 29

The effectiveness of an audit is measured by?

A.

The number of actionable items in the recommendations

B.

How it exposes the risk tolerance of the company

C.

How the recommendations directly support the goals of the company

D.

The number of security controls the company has in use

Full Access
Question # 30

Which of the following is a fundamental component of an audit record?

A.

Date and time of the event

B.

Failure of the event

C.

Originating IP-Address

D.

Authentication type

Full Access
Question # 31

The amount of risk an organization is willing to accept in pursuit of its mission is known as

A.

Risk mitigation

B.

Risk transfer

C.

Risk tolerance

D.

Risk acceptance

Full Access
Question # 32

Which of the following is the MOST important goal of risk management?

A.

Identifying the risk

B.

Finding economic balance between the impact of the risk and the cost of the control

C.

Identifying the victim of any potential exploits.

D.

Assessing the impact of potential threats

Full Access
Question # 33

Creating a secondary authentication process for network access would be an example of?

A.

An administrator with too much time on their hands.

B.

Putting undue time commitment on the system administrator.

C.

Supporting the concept of layered security

D.

Network segmentation.

Full Access
Question # 34

As a new CISO at a large healthcare company you are told that everyone has to badge in to get in the building. Below your office window you notice a door that is normally propped open during the day for groups of people to take breaks outside. Upon looking closer you see there is no badge reader. What should you do?

A.

Nothing, this falls outside your area of influence.

B.

Close and chain the door shut and send a company-wide memo banning the practice.

C.

Have a risk assessment performed.

D.

Post a guard at the door to maintain physical security

Full Access
Question # 35

A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?

A.

Have internal audit conduct another audit to see what has changed.

B.

Contract with an external audit company to conduct an unbiased audit

C.

Review the recommendations and follow up to see if audit implemented the changes

D.

Meet with audit team to determine a timeline for corrections

Full Access
Question # 36

Control Objectives for Information and Related Technology (COBIT) is which of the following?

A.

An Information Security audit standard

B.

An audit guideline for certifying secure systems and controls

C.

A framework for Information Technology management and governance

D.

A set of international regulations for Information Technology governance

Full Access
Question # 37

A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding. Which of the following is the MOST likely reason for the organization to reject the implementation of the recommended technology and processes?

A.

The auditors have not followed proper auditing processes

B.

The CIO of the organization disagrees with the finding

C.

The risk tolerance of the organization permits this risk

D.

The organization has purchased cyber insurance

Full Access
Question # 38

You have implemented the new controls. What is the next step?

A.

Document the process for the stakeholders

B.

Monitor the effectiveness of the controls

C.

Update the audit findings report

D.

Perform a risk assessment

Full Access
Question # 39

Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights. Which of the following would be the MOST concerning?

A.

Lack of notification to the public of disclosure of confidential information.

B.

Lack of periodic examination of access rights

C.

Failure to notify police of an attempted intrusion

D.

Lack of reporting of a successful denial of service attack on the network.

Full Access
Question # 40

At which point should the identity access management team be notified of the termination of an employee?

A.

At the end of the day once the employee is off site

B.

During the monthly review cycle

C.

Immediately so the employee account(s) can be disabled

D.

Before an audit

Full Access
Question # 41

Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?

A.

Control Objective for Information Technology (COBIT)

B.

Committee of Sponsoring Organizations (COSO)

C.

Payment Card Industry (PCI)

D.

Information Technology Infrastructure Library (ITIL)

Full Access
Question # 42

An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected to help stabilize the availability and integrity of the organization’s IT environment. Which of the following can be used to measure the effectiveness of this newly implemented process:

A.

Number of change orders rejected

B.

Number and length of planned outages

C.

Number of unplanned outages

D.

Number of change orders processed

Full Access
Question # 43

The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called

A.

Security certification

B.

Security system analysis

C.

Security accreditation

D.

Alignment with business practices and goals.

Full Access
Question # 44

Which of the following is a common technology for visual monitoring?

A.

Closed circuit television

B.

Open circuit television

C.

Blocked video

D.

Local video

Full Access
Question # 45

Which of the following is the MOST logical method of deploying security controls within an organization?

A.

Obtain funding for all desired controls and then create project plans for implementation

B.

Apply the simpler controls as quickly as possible and use a risk-based approach for the more difficult and

costly controls

C.

Apply the least costly controls to demonstrate positive program activity

D.

Obtain business unit buy-in through close communication and coordination

Full Access
Question # 46

The total cost of security controls should:

A.

Be equal to the value of the information resource being protected

B.

Be greater than the value of the information resource being protected

C.

Be less than the value of the information resource being protected

D.

Should not matter, as long as the information resource is protected

Full Access
Question # 47

Michael starts a new job and discovers that he has unnecessary access to a variety of systems. Which of the

following best describes the problem he has encountered?

A.

Rights collision

B.

Excessive privileges

C.

Privilege creep

D.

Least privileges

Full Access
Question # 48

Using the Transport Layer Security (TLS) protocol enables a client in a network to be:

A.

Provided with a digital signature

B.

Assured of the server’s identity

C.

Identified by a network

D.

Registered by the server

Full Access
Question # 49

A large number of accounts in a hardened system were suddenly compromised to an external party. Which of

the following is the MOST probable threat actor involved in this incident?

A.

Poorly configured firewalls

B.

Malware

C.

Advanced Persistent Threat (APT)

D.

An insider

Full Access
Question # 50

What is the BEST reason for having a formal request for proposal process?

A.

Creates a timeline for purchasing and budgeting

B.

Allows small companies to compete with larger companies

C.

Clearly identifies risks and benefits before funding is spent

D.

Informs suppliers a company is going to make a purchase

Full Access
Question # 51

Which of the following would negatively impact a log analysis of a multinational organization?

A.

Centralized log management

B.

Encrypted log files in transit

C.

Each node set to local time

D.

Log aggregation agent each node

Full Access
Question # 52

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.

Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?

A.

National Institute of Standards and Technology (NIST) Special Publication 800-53

B.

Payment Card Industry Digital Security Standard (PCI DSS)

C.

International Organization for Standardization – ISO 27001/2

D.

British Standard 7799 (BS7799)

Full Access
Question # 53

John is the project manager for a large project in his organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed. The vendor is refusing to make the changes as they’ve already completed the project work they were contracted to do. What can John do in this instance?

A.

Refer the vendor to the Service Level Agreement (SLA) and insist that they make the changes.

B.

Review the Request for Proposal (RFP) for guidance.

C.

Withhold the vendor’s payments until the issue is resolved.

D.

Refer to the contract agreement for direction.

Full Access
Question # 54

As the CISO you need to write the IT security strategic plan. Which of the following is the MOST important to review before you start writing the plan?

A.

The existing IT environment.

B.

The company business plan.

C.

The present IT budget.

D.

Other corporate technology trends.

Full Access
Question # 55

You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.

Using the best business practices for project management you determine that the project correctly aligns with the company goals and the scope of the project is correct. What is the NEXT step?

A.

Review time schedules

B.

Verify budget

C.

Verify resources

D.

Verify constraints

Full Access
Question # 56

As the Chief Information Security Officer, you want to ensure data shared securely, especially when shared with

third parties outside the organization. What protocol provides the ability to extend the network perimeter with

the use of encapsulation and encryption?

A.

File Transfer Protocol (FTP)

B.

Virtual Local Area Network (VLAN)

C.

Simple Mail Transfer Protocol

D.

Virtual Private Network (VPN)

Full Access
Question # 57

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

The CISO has implemented remediation activities. Which of the following is the MOST logical next step?

A.

Validate the effectiveness of applied controls

B.

Validate security program resource requirements

C.

Report the audit findings and remediation status to business stake holders

D.

Review security procedures to determine if they need modified according to findings

Full Access
Question # 58

A CISO wants to change the defense strategy to ward off attackers. To accomplish this the CISO is looking to a strategy where attackers are lured into a zone of a safe network where attackers can be monitored, controlled, quarantined, or eradicated.

A.

Moderate investment

B.

Passive monitoring

C.

Integrated security controls

D.

Dynamic deception

Full Access
Question # 59

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.

You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?

A.

Conduct background checks on individuals before hiring them

B.

Develop an Information Security Awareness program

C.

Monitor employee browsing and surfing habits

D.

Set your firewall permissions aggressively and monitor logs regularly.

Full Access
Question # 60

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?

A.

Validate the effectiveness of current controls

B.

Create detailed remediation funding and staffing plans

C.

Report the audit findings and remediation status to business stake holders

D.

Review security procedures to determine if they need modified according to findings

Full Access
Question # 61

File Integrity Monitoring (FIM) is considered a

A.

Network based security preventative control

B.

Software segmentation control

C.

Security detective control

D.

User segmentation control

Full Access
Question # 62

What are the primary reasons for the development of a business case for a security project?

A.

To estimate risk and negate liability to the company

B.

To understand the attack vectors and attack sources

C.

To communicate risk and forecast resource needs

D.

To forecast usage and cost per software licensing

Full Access
Question # 63

SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

What phase of the response provides measures to reduce the likelihood of an incident from recurring?

A.

Response

B.

Investigation

C.

Recovery

D.

Follow-up

Full Access
Question # 64

As the Business Continuity Coordinator of a financial services organization, you are responsible for ensuring assets are recovered timely in the event of a disaster. Which is the BEST Disaster Recovery performance indicator to validate that you are prepared for a disaster?

A.

Recovery Point Objective (RPO)

B.

Disaster Recovery Plan

C.

Recovery Time Objective (RTO)

D.

Business Continuity Plan

Full Access
Question # 65

Which type of physical security control scan a person’s external features through a digital video camera before

granting access to a restricted area?

A.

Iris scan

B.

Retinal scan

C.

Facial recognition scan

D.

Signature kinetics scan

Full Access
Question # 66

The process of identifying and classifying assets is typically included in the

A.

Threat analysis process

B.

Asset configuration management process

C.

Business Impact Analysis

D.

Disaster Recovery plan

Full Access
Question # 67

What type of attack requires the least amount of technical equipment and has the highest success rate?

A.

War driving

B.

Operating system attacks

C.

Social engineering

D.

Shrink wrap attack

Full Access
Question # 68

Which of the following backup sites takes the longest recovery time?

A.

Cold site

B.

Hot site

C.

Warm site

D.

Mobile backup site

Full Access
Question # 69

A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?

A.

non-repudiation

B.

conflict resolution

C.

strong authentication

D.

digital rights management

Full Access
Question # 70

An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a MAJOR constraint for the project?

A.

Time zone differences

B.

Compliance to local hiring laws

C.

Encryption import/export regulations

D.

Local customer privacy laws

Full Access
Question # 71

Which of the following represents the best method of ensuring business unit alignment with security program requirements?

A.

Provide clear communication of security requirements throughout the organization

B.

Demonstrate executive support with written mandates for security policy adherence

C.

Create collaborative risk management approaches within the organization

D.

Perform increased audits of security processes and procedures

Full Access
Question # 72

A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?

A.

Security alignment to business goals

B.

Regulatory compliance effectiveness

C.

Increased security program presence

D.

Proper organizational policy enforcement

Full Access
Question # 73

Which of the following is critical in creating a security program aligned with an organization’s goals?

A.

Ensure security budgets enable technical acquisition and resource allocation based on internal compliance requirements

B.

Develop a culture in which users, managers and IT professionals all make good decisions about information risk

C.

Provide clear communication of security program support requirements and audit schedules

D.

Create security awareness programs that include clear definition of security program goals and charters

Full Access
Question # 74

This occurs when the quantity or quality of project deliverables is expanded from the original project plan.

A.

Scope creep

B.

Deadline extension

C.

Scope modification

D.

Deliverable expansion

Full Access
Question # 75

A stakeholder is a person or group:

A.

Vested in the success and/or failure of a project or initiative regardless of budget implications.

B.

Vested in the success and/or failure of a project or initiative and is tied to the project budget.

C.

That has budget authority.

D.

That will ultimately use the system.

Full Access
Question # 76

As the CISO for your company you are accountable for the protection of information resources commensurate with:

A.

Customer demand

B.

Cost and time to replace

C.

Insurability tables

D.

Risk of exposure

Full Access
Question # 77

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

A.

At the time the security services are being performed and the vendor needs access to the network

B.

Once the agreement has been signed and the security vendor states that they will need access to the network

C.

Once the vendor is on premise and before they perform security services

D.

Prior to signing the agreement and before any security services are being performed

Full Access
Question # 78

Which of the following is considered one of the most frequent failures in project management?

A.

Overly restrictive management

B.

Excessive personnel on project

C.

Failure to meet project deadlines

D.

Insufficient resources

Full Access
Question # 79

An example of professional unethical behavior is:

A.

Gaining access to an affiliated employee’s work email account as part of an officially sanctioned internal investigation

B.

Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material

C.

Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes

D.

Storing client lists and other sensitive corporate internal documents on a removable thumb drive

Full Access
Question # 80

Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?

A.

System testing

B.

Risk assessment

C.

Incident response

D.

Planning

Full Access
Question # 81

Which of the following is the BEST indicator of a successful project?

A.

it is completed on time or early as compared to the baseline project plan

B.

it meets most of the specifications as outlined in the approved project definition

C.

it comes in at or below the expenditures planned for in the baseline budget

D.

the deliverables are accepted by the key stakeholders

Full Access
Question # 82

Which of the following is the MOST important component of any change management process?

A.

Scheduling

B.

Back-out procedures

C.

Outage planning

D.

Management approval

Full Access
Question # 83

When considering using a vendor to help support your security devices remotely, what is the BEST choice for allowing access?

A.

Vendors uses their own laptop and logins with same admin credentials your security team uses

B.

Vendor uses a company supplied laptop and logins using two factor authentication with same admin credentials your security team uses

C.

Vendor uses a company supplied laptop and logins using two factor authentication with their own unique credentials

D.

Vendor uses their own laptop and logins using two factor authentication with their own unique credentials

Full Access
Question # 84

When should IT security project management be outsourced?

A.

When organizational resources are limited

B.

When the benefits of outsourcing outweigh the inherent risks of outsourcing

C.

On new, enterprise-wide security initiatives

D.

On projects not forecasted in the yearly budget

Full Access
Question # 85

Which of the following functions evaluates risk present in IT initiatives and/or systems when implementing an information security program?

A.

Risk Management

B.

Risk Assessment

C.

System Testing

D.

Vulnerability Assessment

Full Access
Question # 86

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?

A.

Alignment with the business

B.

Effective use of existing technologies

C.

Leveraging existing implementations

D.

Proper budget management

Full Access
Question # 87

What oversight should the information security team have in the change management process for application security?

A.

Information security should be informed of changes to applications only

B.

Development team should tell the information security team about any application security flaws

C.

Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production

D.

Information security should be aware of all application changes and work with developers before changes are deployed in production

Full Access
Question # 88

To get an Information Security project back on schedule, which of the following will provide the MOST help?

A.

Upper management support

B.

More frequent project milestone meetings

C.

Stakeholder support

D.

Extend work hours

Full Access
Question # 89

Which of the following methodologies references the recommended industry standard that Information security project managers should follow?

A.

The Security Systems Development Life Cycle

B.

The Security Project And Management Methodology

C.

Project Management System Methodology

D.

Project Management Body of Knowledge

Full Access
Question # 90

Which of the following is MOST beneficial in determining an appropriate balance between uncontrolled innovation and excessive caution in an organization?

A.

Define the risk appetite

B.

Determine budget constraints

C.

Review project charters

D.

Collaborate security projects

Full Access
Question # 91

A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:

A.

Change management

B.

Business continuity planning

C.

Security Incident Response

D.

Thought leadership

Full Access
Question # 92

Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed. What can be done to ensure that security is addressed cost effectively?

A.

User awareness training for all employees

B.

Installation of new firewalls and intrusion detection systems

C.

Launch an internal awareness campaign

D.

Integrate security requirements into project inception

Full Access
Question # 93

Which of the following BEST mitigates ransomware threats?

A.

Phishing exercises

B.

Use immutable data storage

C.

Blocking use of wireless networks

D.

Application of multiple endpoint anti-malware solutions

Full Access
Question # 94

A CISO must conduct risk assessments using a method where the Chief Financial Officer (CFO) receives impact data in financial terms to use as input to select the proper level of coverage in a new cybersecurity insurance policy.

What is the MOST effective method of risk analysis to provide the CFO with the information required?

A.

Conduct a quantitative risk assessment

B.

Conduct a hybrid risk assessment

C.

Conduct a subjective risk assessment

D.

Conduct a qualitative risk assessment

Full Access
Question # 95

What does RACI stand for?

A.

Reasonable, Actionable, Controlled, and Implemented

B.

Responsible, Actors, Consult, and Instigate

C.

Responsible, Accountable, Consulted, and Informed

D.

Review, Act, Communicate, and Inform

Full Access
Question # 96

The alerting, monitoring, and lifecycle management of security-related events are typically managed by the:

A.

Security controls group

B.

Governance, risk, and compliance tools

C.

Security Threat and vulnerability management process

D.

Risk assessment process

Full Access
Question # 97

You have been hired as the Information System Security Officer (ISSO) for a US federal government agency. Your role is to ensure the security posture of the system is maintained. One of your tasks is to develop and maintain the system security plan (SSP) and supporting documentation.

Which of the following is NOT documented in the SSP?

A.

The controls in place to secure the system

B.

Name of the connected system

C.

The results of a third-party audits and recommendations

D.

Type of information used in the system

Full Access
Question # 98

As the CISO, you are the project sponsor for a highly visible log management project. The objective of the project is to centralize all the enterprise logs into a security information and event management (SIEM) system. You requested the results of the performance quality audits activity.

The performance quality audit activity is done in what project management process group?

A.

Executing

B.

Controlling

C.

Planning

D.

Closing

Full Access
Question # 99

A company wants to fill a Chief Information Security Officer position. Which of the following qualifications and experience would be MOST desirable in a candidate?

A.

Multiple certifications, strong technical capabilities and lengthy resume

B.

Industry certifications, technical knowledge and program management skills

C.

College degree, audit capabilities and complex project management

D.

Multiple references, strong background check and industry certifications

Full Access
Question # 100

From the CISO’s perspective in looking at financial statements, the statement of retained earnings of an organization:

A.

Has a direct correlation with the CISO’s budget

B.

Represents, in part, the savings generated by the proper acquisition and implementation of security controls

C.

Represents the sum of all capital expenditures

D.

Represents the percentage of earnings that could in part be used to finance future security controls

Full Access
Question # 101

A bastion host should be placed:

A.

Inside the DMZ

B.

In-line with the data center firewall

C.

Beyond the outer perimeter firewall

D.

As the gatekeeper to the organization’s honeynet

Full Access
Question # 102

You have been promoted to the CISO of a big-box retail store chain reporting to the Chief Information Officer (CIO). The CIO’s first mandate to you is to develop a cybersecurity compliance framework that will meet all the store’s compliance requirements.

Which of the following compliance standard is the MOST important to the organization?

A.

The Federal Risk and Authorization Management Program (FedRAMP)

B.

ISO 27002

C.

NIST Cybersecurity Framework

D.

Payment Card Industry (PCI) Data Security Standard (DSS)

Full Access
Question # 103

A cloud computing environment that is bound together by technology that allows data and applications to be shared between public and private clouds is BEST referred to as a?

A.

Public cloud

B.

Private cloud

C.

Community cloud

D.

Hybrid cloud

Full Access
Question # 104

What is a key policy that should be part of the information security plan?

A.

Account management policy

B.

Training policy

C.

Acceptable Use policy

D.

Remote Access policy

Full Access
Question # 105

A key cybersecurity feature of a Personal Identification Verification (PIV) Card is:

A.

Inability to export the private certificate/key

B.

It can double as physical identification at the DMV

C.

It has the user’s photograph to help ID them

D.

It can be used as a secure flash drive

Full Access
Question # 106

What is an approach to estimating the strengths and weaknesses of alternatives used to determine options, which provide the BEST approach to achieving benefits while preserving savings called?

A.

Business Impact Analysis

B.

Economic Impact analysis

C.

Return on Investment

D.

Cost-benefit analysis

Full Access
Question # 107

During a cyber incident, which non-security personnel might be needed to assist the security team?

A.

Threat analyst, IT auditor, forensic analyst

B.

Network engineer, help desk technician, system administrator

C.

CIO, CFO, CSO

D.

Financial analyst, payroll clerk, HR manager

Full Access
Question # 108

Which of the following is considered the MOST effective tool against social engineering?

A.

Anti-phishing tools

B.

Effective Security awareness program

C.

Anti-malware tools

D.

Effective Security Vulnerability Management Program

Full Access
Question # 109

When evaluating a Managed Security Services Provider (MSSP), which service(s) is/are most important:

A.

Patch management

B.

Network monitoring

C.

Ability to provide security services tailored to the business’ needs

D.

24/7 tollfree number

Full Access
Question # 110

Many successful cyber-attacks currently include:

A.

Phishing Attacks

B.

Misconfigurations

C.

Social engineering

D.

All of these

Full Access
Question # 111

Which of the following statements below regarding Key Performance indicators (KPIs) are true?

A.

Development of KPI’s are most useful when done independently

B.

They are a strictly quantitative measure of success

C.

They should be standard throughout the organization versus domain-specific so they are more easily correlated

D.

They are a strictly qualitative measure of success

Full Access
Question # 112

What is the purpose of the statement of retained earnings of an organization?

A.

It represents the sum of all capital expenditures

B.

It represents the percentage of earnings that could in part be used to finance future security controls

C.

It represents the savings generated by the proper acquisition and implementation of security controls

D.

It has a direct correlation with the CISO’s budget

Full Access
Question # 113

When managing a project, the MOST important activity in managing the expectations of stakeholders is:

A.

To force stakeholders to commit ample resources to support the project

B.

To facilitate proper communication regarding outcomes

C.

To assure stakeholders commit to the project start and end dates in writing

D.

To finalize detailed scope of the project at project initiation

Full Access
Question # 114

Devising controls for information security is a balance between?

A.

Governance and compliance

B.

Auditing and security

C.

Budget and risk tolerance

D.

Threats and vulnerabilities

Full Access
Question # 115

When performing a forensic investigation, what are the two MOST common data sources for obtaining evidence from a computer and mobile devices?

A.

RAM and unallocated space

B.

Unallocated space and RAM

C.

Slack space and browser cache

D.

Persistent and volatile data

Full Access
Question # 116

What is the MAIN reason for conflicts between Information Technology and Information Security programs?

A.

Technology governance defines technology policies and standards while security governance does not.

B.

Security governance defines technology best practices and Information Technology governance does not.

C.

Technology Governance is focused on process risks whereas Security Governance is focused on business risk.

D.

The effective implementation of security controls can be viewed as an inhibitor to rapid Information Technology implementations.

Full Access
Question # 117

Why is it vitally important that senior management endorse a security policy?

A.

So that they will accept ownership for security within the organization.

B.

So that employees will follow the policy directives.

C.

So that external bodies will recognize the organizations commitment to security.

D.

So that they can be held legally accountable.

Full Access
Question # 118

The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:

A.

Due Protection

B.

Due Care

C.

Due Compromise

D.

Due process

Full Access
Question # 119

An organization's Information Security Policy is of MOST importance because

A.

it communicates management’s commitment to protecting information resources

B.

it is formally acknowledged by all employees and vendors

C.

it defines a process to meet compliance requirements

D.

it establishes a framework to protect confidential information

Full Access
Question # 120

Which of the following should be determined while defining risk management strategies?

A.

Organizational objectives and risk tolerance

B.

Risk assessment criteria

C.

IT architecture complexity

D.

Enterprise disaster recovery plans

Full Access
Question # 121

A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

A.

Providing a risk program governance structure

B.

Ensuring developers include risk control comments in code

C.

Creating risk assessment templates based on specific threats

D.

Allowing for the acceptance of risk for regulatory compliance requirements

Full Access
Question # 122

A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?

A.

Compliance to the Payment Card Industry (PCI) regulations.

B.

Alignment with financial reporting regulations for each country where they operate.

C.

Alignment with International Organization for Standardization (ISO) standards.

D.

Compliance with patient data protection regulations for each country where they operate.

Full Access
Question # 123

Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?

A.

Security officer

B.

Data owner

C.

Vulnerability engineer

D.

System administrator

Full Access
Question # 124

The alerting, monitoring and life-cycle management of security related events is typically handled by the

A.

security threat and vulnerability management process

B.

risk assessment process

C.

risk management process

D.

governance, risk, and compliance tools

Full Access
Question # 125

When dealing with a risk management process, asset classification is important because it will impact the overall:

A.

Threat identification

B.

Risk monitoring

C.

Risk treatment

D.

Risk tolerance

Full Access
Question # 126

The PRIMARY objective of security awareness is to:

A.

Ensure that security policies are read.

B.

Encourage security-conscious employee behavior.

C.

Meet legal and regulatory requirements.

D.

Put employees on notice in case follow-up action for noncompliance is necessary

Full Access
Question # 127

An organization’s firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?

A.

A high threat environment

B.

A low risk tolerance environment

C.

I low vulnerability environment

D.

A high risk tolerance environment

Full Access
Question # 128

Risk is defined as:

A.

Threat times vulnerability divided by control

B.

Advisory plus capability plus vulnerability

C.

Asset loss times likelihood of event

D.

Quantitative plus qualitative impact

Full Access
Question # 129

You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?

A.

Risk Avoidance

B.

Risk Acceptance

C.

Risk Transfer

D.

Risk Mitigation

Full Access
Question # 130

When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it

A.

In promiscuous mode and only detect malicious traffic.

B.

In-line and turn on blocking mode to stop malicious traffic.

C.

In promiscuous mode and block malicious traffic.

D.

In-line and turn on alert mode to stop malicious traffic.

Full Access
Question # 131

Which of the following has the GREATEST impact on the implementation of an information security governance model?

A.

Organizational budget

B.

Distance between physical locations

C.

Number of employees

D.

Complexity of organizational structure

Full Access
Question # 132

What is the definition of Risk in Information Security?

A.

Risk = Probability x Impact

B.

Risk = Threat x Probability

C.

Risk = Financial Impact x Probability

D.

Risk = Impact x Threat

Full Access
Question # 133

You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

A.

Controlled mitigation effort

B.

Risk impact comparison

C.

Relative likelihood of event

D.

Comparative threat analysis

Full Access
Question # 134

What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?

A.

Test every three years to ensure that things work as planned

B.

Conduct periodic tabletop exercises to refine the BC plan

C.

Outsource the creation and execution of the BC plan to a third party vendor

D.

Conduct a Disaster Recovery (DR) exercise every year to test the plan

Full Access
Question # 135

Which of the following is MOST likely to be discretionary?

A.

Policies

B.

Procedures

C.

Guidelines

D.

Standards

Full Access
Question # 136

Quantitative Risk Assessments have the following advantages over qualitative risk assessments:

A.

They are objective and can express risk / cost in real numbers

B.

They are subjective and can be completed more quickly

C.

They are objective and express risk / cost in approximates

D.

They are subjective and can express risk /cost in real numbers

Full Access
Question # 137

A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units. Which of the following standards and guidelines can BEST address this organization’s need?

A.

International Organization for Standardizations – 22301 (ISO-22301)

B.

Information Technology Infrastructure Library (ITIL)

C.

Payment Card Industry Data Security Standards (PCI-DSS)

D.

International Organization for Standardizations – 27005 (ISO-27005)

Full Access
Question # 138

Who is responsible for securing networks during a security incident?

A.

Chief Information Security Officer (CISO)

B.

Security Operations Center (SO

C.

Disaster Recovery (DR) manager

D.

Incident Response Team (IRT)

Full Access