Summer Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

ECCouncil 512-50 EC-Council Information Security Manager (E|ISM) Exam Practice Test

Page: 1 / 40
Total 404 questions

EC-Council Information Security Manager (E|ISM) Questions and Answers

Question 1

An anonymity network is a series of?

Options:

A.

Covert government networks

B.

War driving maps

C.

Government networks in Tora

D.

Virtual network tunnels

Question 2

What is the FIRST step in developing the vulnerability management program?

Options:

A.

Baseline the Environment

B.

Maintain and Monitor

C.

Organization Vulnerability

D.

Define Policy

Question 3

The process for identifying, collecting, and producing digital information in support of legal proceedings is called

Options:

A.

chain of custody.

B.

electronic discovery.

C.

evidence tampering.

D.

electronic review.

Question 4

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

Options:

A.

The need to change accounting periods on a regular basis.

B.

The requirement to post entries for a closed accounting period.

C.

The need to create and modify the chart of accounts and its allocations.

D.

The lack of policies and procedures for the proper segregation of duties.

Question 5

Which wireless encryption technology makes use of temporal keys?

Options:

A.

Wireless Application Protocol (WAP)

B.

Wifi Protected Access version 2 (WPA2)

C.

Wireless Equivalence Protocol (WEP)

D.

Extensible Authentication Protocol (EAP)

Question 6

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?

Options:

A.

Execute

B.

Read

C.

Administrator

D.

Public

Question 7

Which of the following strategies provides the BEST response to a ransomware attack?

Options:

A.

Real-time off-site replication

B.

Daily incremental backup

C.

Daily full backup

D.

Daily differential backup

Question 8

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?

Options:

A.

Comprehensive Log-Files from all servers and network devices affected during the attack

B.

Fully trained network forensic experts to analyze all data right after the attack

C.

Uninterrupted Chain of Custody

D.

Expert forensics witness

Question 9

Which of the following statements about Encapsulating Security Payload (ESP) is true?

Options:

A.

It is an IPSec protocol.

B.

It is a text-based communication protocol.

C.

It uses TCP port 22 as the default port and operates at the application layer.

D.

It uses UDP port 22

Question 10

Which of the following backup sites takes the longest recovery time?

Options:

A.

Cold site

B.

Hot site

C.

Warm site

D.

Mobile backup site

Question 11

SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

Options:

A.

‘ o 1=1 - -

B.

/../../../../

C.

“DROPTABLE USERNAME”

D.

NOPS

Question 12

While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?

Options:

A.

Enterprise Risk Assessment

B.

Disaster recovery strategic plan

C.

Business continuity plan

D.

Application mapping document

Question 13

Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

Options:

A.

A substantive test of program library controls

B.

A compliance test of program library controls

C.

A compliance test of the program compiler controls

D.

A substantive test of the program compiler controls

Question 14

The effectiveness of an audit is measured by?

Options:

A.

The number of actionable items in the recommendations

B.

How it exposes the risk tolerance of the company

C.

How the recommendations directly support the goals of the company

D.

The number of security controls the company has in use

Question 15

Which of the following are primary concerns for management with regard to assessing internal control objectives?

Options:

A.

Confidentiality, Availability, Integrity

B.

Compliance, Effectiveness, Efficiency

C.

Communication, Reliability, Cost

D.

Confidentiality, Compliance, Cost

Question 16

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

Options:

A.

Validate that security awareness program content includes information about the potential vulnerability

B.

Conduct a thorough risk assessment against the current implementation to determine system functions

C.

Determine program ownership to implement compensating controls

D.

Send a report to executive peers and business unit owners detailing your suspicions

Question 17

Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?

Options:

A.

Use within an organization to formulate security requirements and objectives

B.

Implementation of business-enabling information security

C.

Use within an organization to ensure compliance with laws and regulations

D.

To enable organizations that adopt it to obtain certifications

Question 18

A Chief Information Security Officer received a list of high, medium, and low impact audit findings. Which of the following represents the BEST course of action?

Options:

A.

If the findings impact regulatory compliance, try to apply remediation that will address the most findings for the least cost.

B.

If the findings do not impact regulatory compliance, remediate only the high and medium risk findings.

C.

If the findings impact regulatory compliance, remediate the high findings as quickly as possible.

D.

If the findings do not impact regulatory compliance, review current security controls.

Question 19

In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?

Options:

A.

Internal Audit

B.

Database Administration

C.

Information Security

D.

Compliance

Question 20

An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the NEXT step?

Options:

A.

Determine the annual loss expectancy (ALE)

B.

Create a crisis management plan

C.

Create technology recovery plans

D.

Build a secondary hot site

Question 21

Creating a secondary authentication process for network access would be an example of?

Options:

A.

Nonlinearities in physical security performance metrics

B.

Defense in depth cost enumerated costs

C.

System hardening and patching requirements

D.

Anti-virus for mobile devices

Question 22

You have implemented the new controls. What is the next step?

Options:

A.

Document the process for the stakeholders

B.

Monitor the effectiveness of the controls

C.

Update the audit findings report

D.

Perform a risk assessment

Question 23

The regular review of a firewall ruleset is considered a

Options:

A.

Procedural control

B.

Organization control

C.

Technical control

D.

Management control

Question 24

The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees. Which of the following can be used as a KPI?

Options:

A.

Number of callers who report security issues.

B.

Number of callers who report a lack of customer service from the call center

C.

Number of successful social engineering attempts on the call center

D.

Number of callers who abandon the call before speaking with a representative

Question 25

From an information security perspective, information that no longer supports the main purpose of the business should be:

Options:

A.

assessed by a business impact analysis.

B.

protected under the information classification policy.

C.

analyzed under the data ownership policy.

D.

analyzed under the retention policy

Question 26

You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

Options:

A.

Controlled mitigation effort

B.

Risk impact comparison

C.

Relative likelihood of event

D.

Comparative threat analysis

Question 27

When dealing with a risk management process, asset classification is important because it will impact the overall:

Options:

A.

Threat identification

B.

Risk monitoring

C.

Risk treatment

D.

Risk tolerance

Question 28

When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?

Options:

A.

Escalation

B.

Recovery

C.

Eradication

D.

Containment

Question 29

Information security policies should be reviewed:

Options:

A.

by stakeholders at least annually

B.

by the CISO when new systems are brought online

C.

by the Incident Response team after an audit

D.

by internal audit semiannually

Question 30

According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?

Options:

A.

Susceptibility to attack, mitigation response time, and cost

B.

Attack vectors, controls cost, and investigation staffing needs

C.

Vulnerability exploitation, attack recovery, and mean time to repair

D.

Susceptibility to attack, expected duration of attack, and mitigation availability

Question 31

When choosing a risk mitigation method what is the MOST important factor?

Options:

A.

Approval from the board of directors

B.

Cost of the mitigation is less than the risk

C.

Metrics of mitigation method success

D.

Mitigation method complies with PCI regulations

Question 32

When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?

Options:

A.

When there is a need to develop a more unified incident response capability.

B.

When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.

C.

When there is a variety of technologies deployed in the infrastructure.

D.

When it results in an overall lower cost of operating the security program.

Question 33

Which of the following international standards can be BEST used to define a Risk Management process in an organization?

Options:

A.

National Institute for Standards and Technology 800-50 (NIST 800-50)

B.

International Organization for Standardizations – 27005 (ISO-27005)

C.

Payment Card Industry Data Security Standards (PCI-DSS)

D.

International Organization for Standardizations – 27004 (ISO-27004)

Question 34

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

Options:

A.

Determine appetite

B.

Evaluate risk avoidance criteria

C.

Perform a risk assessment

D.

Mitigate risk

Question 35

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?

Options:

A.

Lack of a formal security awareness program

B.

Lack of a formal security policy governance process

C.

Lack of formal definition of roles and responsibilities

D.

Lack of a formal risk management policy

Question 36

What role should the CISO play in properly scoping a PCI environment?

Options:

A.

Validate the business units’ suggestions as to what should be included in the scoping process

B.

Work with a Qualified Security Assessor (QSA) to determine the scope of the PCI environment

C.

Ensure internal scope validation is completed and that an assessment has been done to discover all credit card data

D.

Complete the self-assessment questionnaire and work with an Approved Scanning Vendor (ASV) to determine scope

Question 37

SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

In what phase of the response will the team extract information from the affected systems without altering original data?

Options:

A.

Response

B.

Investigation

C.

Recovery

D.

Follow-up

Question 38

When analyzing and forecasting a capital expense budget what are not included?

Options:

A.

Network connectivity costs

B.

New datacenter to operate from

C.

Upgrade of mainframe

D.

Purchase of new mobile devices to improve operations

Question 39

What are the three hierarchically related aspects of strategic planning and in which order should they be done?

Options:

A.

1) Information technology strategic planning, 2) Enterprise strategic planning, 3) Cybersecurity or

information security strategic planning

B.

1) Cybersecurity or information security strategic planning, 2) Enterprise strategic planning, 3) Information

technology strategic planning

C.

1) Enterprise strategic planning, 2) Information technology strategic planning, 3) Cybersecurity or

information security strategic planning

D.

1) Enterprise strategic planning, 2) Cybersecurity or information security strategic planning, 3) Information

technology strategic planning

Question 40

A system is designed to dynamically block offending Internet IP-addresses from requesting services from a secure website. This type of control is considered

Options:

A.

Zero-day attack mitigation

B.

Preventive detection control

C.

Corrective security control

D.

Dynamic blocking control

Question 41

You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.

Using the best business practices for project management you determine that the project correctly aligns with the company goals and the scope of the project is correct. What is the NEXT step?

Options:

A.

Review time schedules

B.

Verify budget

C.

Verify resources

D.

Verify constraints

Question 42

File Integrity Monitoring (FIM) is considered a

Options:

A.

Network based security preventative control

B.

Software segmentation control

C.

Security detective control

D.

User segmentation control

Question 43

What is the BEST reason for having a formal request for proposal process?

Options:

A.

Creates a timeline for purchasing and budgeting

B.

Allows small companies to compete with larger companies

C.

Clearly identifies risks and benefits before funding is spent

D.

Informs suppliers a company is going to make a purchase

Question 44

Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.

Using the best business practices for project management, you determine that the project correctly aligns with the organization goals. What should be verified next?

Options:

A.

Scope

B.

Budget

C.

Resources

D.

Constraints

Question 45

Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.

When multiple regulations or standards apply to your industry you should set controls to meet the:

Options:

A.

Easiest regulation or standard to implement

B.

Stricter regulation or standard

C.

Most complex standard to implement

D.

Recommendations of your Legal Staff

Question 46

You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.

Using the best business practices for project management you determine that the project correct aligns with the company goals. What needs to be verified FIRST?

Options:

A.

Scope of the project

B.

Training of the personnel on the project

C.

Timeline of the project milestones

D.

Vendor for the project

Question 47

The network administrator wants to strengthen physical security in the organization. Specifically, to implement a

solution stopping people from entering certain restricted zones without proper credentials. Which of following

physical security measures should the administrator use?

Options:

A.

Video surveillance

B.

Mantrap

C.

Bollards

D.

Fence

Question 48

The new CISO was informed of all the Information Security projects that the organization has in progress. Two projects are over a year behind schedule and over budget. Using best business practices for project management you determine that the project correctly aligns with the company goals.

Which of the following needs to be performed NEXT?

Options:

A.

Verify the scope of the project

B.

Verify the regulatory requirements

C.

Verify technical resources

D.

Verify capacity constraints

Question 49

Which of the following is considered a project versus a managed process?

Options:

A.

monitoring external and internal environment during incident response

B.

ongoing risk assessments of routine operations

C.

continuous vulnerability assessment and vulnerability repair

D.

installation of a new firewall system

Question 50

A newly appointed security officer finds data leakage software licenses that had never been used. The officer decides to implement a project to ensure it gets installed, but the project gets a great deal of resistance across the organization. Which of the following represents the MOST likely reason for this situation?

Options:

A.

The software license expiration is probably out of synchronization with other software licenses

B.

The project was initiated without an effort to get support from impacted business units in the organization

C.

The software is out of date and does not provide for a scalable solution across the enterprise

D.

The security officer should allow time for the organization to get accustomed to her presence before initiating security projects

Question 51

Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?

Options:

A.

System testing

B.

Risk assessment

C.

Incident response

D.

Planning

Question 52

Knowing the potential financial loss an organization is willing to suffer if a system fails is a determination of which of the following?

Options:

A.

Cost benefit

B.

Risk appetite

C.

Business continuity

D.

Likelihood of impact

Question 53

Which of the following represents the best method of ensuring business unit alignment with security program requirements?

Options:

A.

Provide clear communication of security requirements throughout the organization

B.

Demonstrate executive support with written mandates for security policy adherence

C.

Create collaborative risk management approaches within the organization

D.

Perform increased audits of security processes and procedures

Question 54

Which of the following functions evaluates risk present in IT initiatives and/or systems when implementing an information security program?

Options:

A.

Risk Management

B.

Risk Assessment

C.

System Testing

D.

Vulnerability Assessment

Question 55

In effort to save your company money which of the following methods of training results in the lowest cost for the organization?

Options:

A.

Distance learning/Web seminars

B.

Formal Class

C.

One-One Training

D.

Self –Study (noncomputerized)

Question 56

The ultimate goal of an IT security projects is:

Options:

A.

Increase stock value

B.

Complete security

C.

Support business requirements

D.

Implement information security policies

Question 57

Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed. What can be done to ensure that security is addressed cost effectively?

Options:

A.

User awareness training for all employees

B.

Installation of new firewalls and intrusion detection systems

C.

Launch an internal awareness campaign

D.

Integrate security requirements into project inception

Question 58

Which of the following methodologies references the recommended industry standard that Information security project managers should follow?

Options:

A.

The Security Systems Development Life Cycle

B.

The Security Project And Management Methodology

C.

Project Management System Methodology

D.

Project Management Body of Knowledge

Question 59

Which of the following methods are used to define contractual obligations that force a vendor to meet customer expectations?

Options:

A.

Terms and Conditions

B.

Service Level Agreements (SLA)

C.

Statement of Work

D.

Key Performance Indicators (KPI)

Question 60

As the CISO for your company you are accountable for the protection of information resources commensurate with:

Options:

A.

Customer demand

B.

Cost and time to replace

C.

Insurability tables

D.

Risk of exposure

Page: 1 / 40
Total 404 questions