最新的EC-COUNCIL 512-50免費考試真題

問題1

Who is responsible for securing networks during a security incident?

A. Chief Information Security Officer (CISO)

B. Disaster Recovery (DR) manager

C. Security Operations Center (SO

D. Incident Response Team (IRT)

正確答案: D

問題2

What is meant by password aging?

A. Time in seconds a user is allocated to change a password

B. An expiration date set for passwords

C. A Single Sign-On requirement

D. The amount of time it takes for a password to activate

正確答案: A

說明：（僅 Fast2test 成員可見）

問題3

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Your Corporate Information Security Policy should include which of the following?

A. Roles and responsibilities

B. Incident response contacts

C. Desktop configuration standards

D. Information security theory

正確答案: A

問題4

The amount of risk an organization is willing to accept in pursuit of its mission is known as

A. Risk transfer

B. Risk acceptance

C. Risk tolerance

D. Risk mitigation

正確答案: C

問題5

Which of the following is considered one of the most frequent failures in project management?

A. Excessive personnel on project

B. Insufficient resources

C. Failure to meet project deadlines

D. Overly restrictive management

正確答案: C

問題6

When dealing with risk, the information security practitioner may choose to:

A. assign

B. defer

C. acknowledge

D. transfer

正確答案: C

問題7

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
The CISO has implemented remediation activities. Which of the following is the MOST logical next step?

A. Review security procedures to determine if they need modified according to findings

B. Report the audit findings and remediation status to business stake holders

C. Validate security program resource requirements

D. Validate the effectiveness of applied controls

正確答案: D

說明：（僅 Fast2test 成員可見）

問題8

Which of the following is MOST likely to be discretionary?

A. Procedures

B. Guidelines

C. Standards

D. Policies

正確答案: B

問題9

A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?

A. tell him to analyze the problem, preserve the evidence and provide a full analysis and report

B. tell him to call the police

C. tell him to shut down the server

D. tell him to invoke the incident response process

正確答案: D

問題10

Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

A. Office of the General Counsel

B. Office of the Auditor

C. All employees and users

D. Senior Executives

正確答案: D

問題11

What is the BEST reason for having a formal request for proposal process?

A. Creates a timeline for purchasing and budgeting

B. Allows small companies to compete with larger companies

C. Clearly identifies risks and benefits before funding is spent

D. Informs suppliers a company is going to make a purchase

正確答案: C

問題12

An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?

A. Security incident disclosure

B. Special circumstance disclosure

C. Data breach disclosure

D. Consumer right disclosure

正確答案: C

問題13

You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll. Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff? (choose the best answer):

A. Deploy a SEIM solution and have current staff review incidents first thing in the morning

B. Employ an assumption of breach protocol and defend only essential information resources

C. Configure your syslog to send SMS messages to current staff when target events are triggered

D. Contract with a managed security provider and have current staff on recall for incident response

正確答案: D

問題14

Creating a secondary authentication process for network access would be an example of?

A. Supporting the concept of layered security

B. An administrator with too much time on their hands.

C. Network segmentation.

D. Putting undue time commitment on the system administrator.

正確答案: A

最新的EC-COUNCIL EC-Council Information Security Manager (E|ISM) - 512-50免費考試真題

聯系我們

站內鏈接

最新更新