March Sale Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

ECCouncil 712-50 EC-Council Certified CISO (CCISO) Exam Practice Test

Page: 1 / 45
Total 449 questions

EC-Council Certified CISO (CCISO) Questions and Answers

Question 1

Security related breaches are assessed and contained through which of the following?

Options:

A.

The IT support team.

B.

A forensic analysis.

C.

Incident response

D.

Physical security team.

Question 2

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

Options:

A.

Shared key

B.

Asynchronous

C.

Open

D.

None

Question 3

Physical security measures typically include which of the following components?

Options:

A.

Physical, Technical, Operational

B.

Technical, Strong Password, Operational

C.

Operational, Biometric, Physical

D.

Strong password, Biometric, Common Access Card

Question 4

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?

Options:

A.

Execute

B.

Read

C.

Administrator

D.

Public

Question 5

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

Options:

A.

Configure logging on each access point

B.

Install a firewall software on each wireless access point.

C.

Provide IP and MAC address

D.

Disable SSID Broadcast and enable MAC address filtering on all wireless access points.

Question 6

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

Options:

A.

In-line hardware keyloggers don’t require physical access

B.

In-line hardware keyloggers don’t comply to industry regulations

C.

In-line hardware keyloggers are undetectable by software

D.

In-line hardware keyloggers are relatively inexpensive

Question 7

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

Options:

A.

Containment

B.

Recovery

C.

Identification

D.

Eradication

Question 8

The process for identifying, collecting, and producing digital information in support of legal proceedings is called

Options:

A.

chain of custody.

B.

electronic discovery.

C.

evidence tampering.

D.

electronic review.

Question 9

Which of the following is a symmetric encryption algorithm?

Options:

A.

3DES

B.

MD5

C.

ECC

D.

RSA

Question 10

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

Options:

A.

Your public key

B.

The recipient's private key

C.

The recipient's public key

D.

Certificate authority key

Question 11

Which of the following is the MAIN security concern for public cloud computing?

Options:

A.

Unable to control physical access to the servers

B.

Unable to track log on activity

C.

Unable to run anti-virus scans

D.

Unable to patch systems as needed

Question 12

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

Options:

A.

The need to change accounting periods on a regular basis.

B.

The requirement to post entries for a closed accounting period.

C.

The need to create and modify the chart of accounts and its allocations.

D.

The lack of policies and procedures for the proper segregation of duties.

Question 13

A bastion host should be placed:

Options:

A.

Inside the DMZ

B.

In-line with the data center firewall

C.

Beyond the outer perimeter firewall

D.

As the gatekeeper to the organization’s honeynet

Question 14

From the CISO’s perspective in looking at financial statements, the statement of retained earnings of an organization:

Options:

A.

Has a direct correlation with the CISO’s budget

B.

Represents, in part, the savings generated by the proper acquisition and implementation of security controls

C.

Represents the sum of all capital expenditures

D.

Represents the percentage of earnings that could in part be used to finance future security controls

Question 15

An organization recently acquired a Data Loss Prevention (DLP) solution, and two months after the implementation, it was found that sensitive data was posted to numerous Dark Web sites. The DLP application was checked, and there are no apparent malfunctions and no errors.

What is the MOST likely reason why the sensitive data was posted?

Options:

A.

The DLP Solution was not integrated with mobile device anti-malware

B.

Data classification was not properly performed on the assets

C.

The sensitive data was not encrypted while at rest

D.

A risk assessment was not performed after purchasing the DLP solution

Question 16

With a focus on the review and approval aspects of board responsibilities, the Data Governance Council recommends that the boards provide strategic oversight regarding information and information security, include these four things:

Options:

A.

Metrics tracking security milestones, understanding criticality of information and information security, visibility into the types of information and how it is used, endorsement by the board of directors

B.

Annual security training for all employees, continual budget reviews, endorsement of the development and implementation of a security program, metrics to track the program

C.

Understanding criticality of information and information security, review investment in information security, endorse development and implementation of a security program, and require regular reports on adequacy and effectiveness

D.

Endorsement by the board of directors for security program, metrics of security program milestones, annual budget review, report on integration and acceptance of program

Question 17

When managing a project, the MOST important activity in managing the expectations of stakeholders is:

Options:

A.

To force stakeholders to commit ample resources to support the project

B.

To facilitate proper communication regarding outcomes

C.

To assure stakeholders commit to the project start and end dates in writing

D.

To finalize detailed scope of the project at project initiation

Question 18

You are the CISO for an investment banking firm. The firm is using artificial intelligence (AI) to assist in approving clients for loans.

Which control is MOST important to protect AI products?

Options:

A.

Hash datasets

B.

Sanitize datasets

C.

Delete datasets

D.

Encrypt datasets

Question 19

When evaluating a Managed Security Services Provider (MSSP), which service(s) is/are most important:

Options:

A.

Patch management

B.

Network monitoring

C.

Ability to provide security services tailored to the business’ needs

D.

24/7 tollfree number

Question 20

A CISO must conduct risk assessments using a method where the Chief Financial Officer (CFO) receives impact data in financial terms to use as input to select the proper level of coverage in a new cybersecurity insurance policy.

What is the MOST effective method of risk analysis to provide the CFO with the information required?

Options:

A.

Conduct a quantitative risk assessment

B.

Conduct a hybrid risk assessment

C.

Conduct a subjective risk assessment

D.

Conduct a qualitative risk assessment

Question 21

What key technology can mitigate ransomware threats?

Options:

A.

Use immutable data storage

B.

Phishing exercises

C.

Application of multiple end point anti-malware solutions

D.

Blocking use of wireless networks

Question 22

When obtaining new products and services, why is it essential to collaborate with lawyers, IT security professionals, privacy professionals, security engineers, suppliers, and others?

Options:

A.

This makes sure the files you exchange aren’t unnecessarily flagged by the Data Loss Prevention (DLP) system

B.

Contracting rules typically require you to have conversations with two or more groups

C.

Discussing decisions with a very large group of people always provides a better outcome

D.

It helps to avoid regulatory or internal compliance issues

Question 23

A key cybersecurity feature of a Personal Identification Verification (PIV) Card is:

Options:

A.

Inability to export the private certificate/key

B.

It can double as physical identification at the DMV

C.

It has the user’s photograph to help ID them

D.

It can be used as a secure flash drive

Question 24

What are the common data hiding techniques used by criminals?

Options:

A.

Unallocated space and masking

B.

Website defacement and log manipulation

C.

Disabled Logging and admin elevation

D.

Encryption, Steganography, and Changing Metadata/Timestamps

Question 25

In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?

Options:

A.

High risk environments 6 months, low risk environments 12 months

B.

Every 12 months

C.

Every 18 months

D.

Every six months

Question 26

When managing the security architecture for your company you must consider:

Options:

A.

Security and IT Staff size

B.

Company Values

C.

Budget

D.

All of the above

Question 27

The success of the Chief Information Security Officer is MOST dependent upon:

Options:

A.

favorable audit findings

B.

following the recommendations of consultants and contractors

C.

development of relationships with organization executives

D.

raising awareness of security issues with end users

Question 28

A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?

Options:

A.

Compliance to the Payment Card Industry (PCI) regulations.

B.

Alignment with financial reporting regulations for each country where they operate.

C.

Alignment with International Organization for Standardization (ISO) standards.

D.

Compliance with patient data protection regulations for each country where they operate.

Question 29

When briefing senior management on the creation of a governance process, the MOST important aspect should be:

Options:

A.

information security metrics.

B.

knowledge required to analyze each issue.

C.

baseline against which metrics are evaluated.

D.

linkage to business area objectives.

Question 30

Which of the following is a critical operational component of an Incident Response Program (IRP)?

Options:

A.

Weekly program budget reviews to ensure the percentage of program funding remains constant.

B.

Annual review of program charters, policies, procedures and organizational agreements.

C.

Daily monitoring of vulnerability advisories relating to your organization’s deployed technologies.

D.

Monthly program tests to ensure resource allocation is sufficient for supporting the needs of the organization

Question 31

Credit card information, medical data, and government records are all examples of:

Options:

A.

Confidential/Protected Information

B.

Bodily Information

C.

Territorial Information

D.

Communications Information

Question 32

Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?

Options:

A.

Poses a strong technical background

B.

Understand all regulations affecting the organization

C.

Understand the business goals of the organization

D.

Poses a strong auditing background

Question 33

If your organization operates under a model of "assumption of breach", you should:

Options:

A.

Protect all information resource assets equally

B.

Establish active firewall monitoring protocols

C.

Purchase insurance for your compliance liability

D.

Focus your security efforts on high value assets

Question 34

What is the definition of Risk in Information Security?

Options:

A.

Risk = Probability x Impact

B.

Risk = Threat x Probability

C.

Risk = Financial Impact x Probability

D.

Risk = Impact x Threat

Question 35

When dealing with a risk management process, asset classification is important because it will impact the overall:

Options:

A.

Threat identification

B.

Risk monitoring

C.

Risk treatment

D.

Risk tolerance

Question 36

Which of the following intellectual Property components is focused on maintaining brand recognition?

Options:

A.

Trademark

B.

Patent

C.

Research Logs

D.

Copyright

Question 37

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.

Which of the following is the reason the CISO has not been able to advance the security agenda in this organization?

Options:

A.

Lack of identification of technology stake holders

B.

Lack of business continuity process

C.

Lack of influence with leaders outside IT

D.

Lack of a security awareness program

Question 38

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?

Options:

A.

Get approval from the board of directors

B.

Screen potential vendor solutions

C.

Verify that the cost of mitigation is less than the risk

D.

Create a risk metrics for all unmitigated risks

Question 39

A CISO wants to change the defense strategy to ward off attackers. To accomplish this the CISO is looking to a strategy where attackers are lured into a zone of a safe network where attackers can be monitored, controlled, quarantined, or eradicated.

Options:

A.

Moderate investment

B.

Passive monitoring

C.

Integrated security controls

D.

Dynamic deception

Question 40

Which technology can provide a computing environment without requiring a dedicated hardware backend?

Options:

A.

Mainframe server

B.

Virtual Desktop

C.

Thin client

D.

Virtual Local Area Network

Question 41

The total cost of security controls should:

Options:

A.

Be equal to the value of the information resource being protected

B.

Be greater than the value of the information resource being protected

C.

Be less than the value of the information resource being protected

D.

Should not matter, as long as the information resource is protected

Question 42

Smith, the project manager for a larger multi-location firm, is leading a software project team that has 18

members, 5 of which are assigned to testing. Due to recent recommendations by an organizational quality audit

team, the project manager is convinced to add a quality professional to lead to test team at additional cost to

the project.

The project manager is aware of the importance of communication for the success of the project and takes the

step of introducing additional communication channels, making it more complex, in order to assure quality

levels of the project. What will be the first project management document that Smith should change in order to

accommodate additional communication channels?

Options:

A.

WBS document

B.

Scope statement

C.

Change control document

D.

Risk management plan

Question 43

Which of the following terms is used to describe countermeasures implemented to minimize risks to physical

property, information, and computing systems?

Options:

A.

Security frameworks

B.

Security policies

C.

Security awareness

D.

Security controls

Question 44

Annual Loss Expectancy is derived from the function of which two factors?

Options:

A.

Annual Rate of Occurrence and Asset Value

B.

Single Loss Expectancy and Exposure Factor

C.

Safeguard Value and Annual Rate of Occurrence

D.

Annual Rate of Occurrence and Single Loss Expectancy

Question 45

If a Virtual Machine’s (VM) data is being replicated and that data is corrupted, this corruption will automatically

be replicated to the other machine(s). What would be the BEST control to safeguard data integrity?

Options:

A.

Backup to tape

B.

Maintain separate VM backups

C.

Backup to a remote location

D.

Increase VM replication frequency

Question 46

Which of the following is the MOST important reason for performing assessments of the security portfolio?

Options:

A.

To assure that the portfolio is aligned to the needs of the broader organization

B.

To create executive support of the portfolio

C.

To discover new technologies and processes for implementation within the portfolio

D.

To provide independent 3rd party reviews of security effectiveness

Question 47

SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.

What is the MOST logical course of action the CISO should take?

Options:

A.

Review the original solution set to determine if another system would fit the organization’s risk appetite and budget

regulatory compliance requirements

B.

Continue with the implementation and submit change requests to the vendor in order to ensure required functionality will be provided when needed

C.

Continue with the project until the scalability issue is validated by others, such as an auditor or third party assessor

D.

Cancel the project if the business need was based on internal requirements versus regulatory compliance requirements

Question 48

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

This global retail company is expected to accept credit card payments. Which of the following is of MOST concern when defining a security program for this organization?

Options:

A.

International encryption restrictions

B.

Compliance to Payment Card Industry (PCI) data security standards

C.

Compliance with local government privacy laws

D.

Adherence to local data breach notification laws

Question 49

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

Options:

A.

At the time the security services are being performed and the vendor needs access to the network

B.

Once the agreement has been signed and the security vendor states that they will need access to the network

C.

Once the vendor is on premise and before they perform security services

D.

Prior to signing the agreement and before any security services are being performed

Question 50

An example of professional unethical behavior is:

Options:

A.

Gaining access to an affiliated employee’s work email account as part of an officially sanctioned internal investigation

B.

Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material

C.

Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes

D.

Storing client lists and other sensitive corporate internal documents on a removable thumb drive

Question 51

Which of the following is the MOST important component of any change management process?

Options:

A.

Scheduling

B.

Back-out procedures

C.

Outage planning

D.

Management approval

Question 52

As the CISO for your company you are accountable for the protection of information resources commensurate with:

Options:

A.

Customer demand

B.

Cost and time to replace

C.

Insurability tables

D.

Risk of exposure

Question 53

An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a MAJOR constraint for the project?

Options:

A.

Time zone differences

B.

Compliance to local hiring laws

C.

Encryption import/export regulations

D.

Local customer privacy laws

Question 54

Which of the following is MOST beneficial in determining an appropriate balance between uncontrolled innovation and excessive caution in an organization?

Options:

A.

Define the risk appetite

B.

Determine budget constraints

C.

Review project charters

D.

Collaborate security projects

Question 55

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?

Options:

A.

Alignment with the business

B.

Effective use of existing technologies

C.

Leveraging existing implementations

D.

Proper budget management

Question 56

When managing the critical path of an IT security project, which of the following is MOST important?

Options:

A.

Knowing who all the stakeholders are.

B.

Knowing the people on the data center team.

C.

Knowing the threats to the organization.

D.

Knowing the milestones and timelines of deliverables.

Question 57

Which of the following represents the BEST method for obtaining business unit acceptance of security controls within an organization?

Options:

A.

Allow the business units to decide which controls apply to their systems, such as the encryption of sensitive data

B.

Create separate controls for the business units based on the types of business and functions they perform

C.

Ensure business units are involved in the creation of controls and defining conditions under which they must be applied

D.

Provide the business units with control mandates and schedules of audits for compliance validation

Question 58

When selecting a security solution with reoccurring maintenance costs after the first year, the CISO should: (choose the BEST answer)

Options:

A.

The CISO should cut other essential programs to ensure the new solution’s continued use

B.

Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution’s continued use

C.

Defer selection until the market improves and cash flow is positive

D.

Implement the solution and ask for the increased operating cost budget when it is time

Question 59

Which business stakeholder is accountable for the integrity of a new information system?

Options:

A.

CISO

B.

Compliance Officer

C.

Project manager

D.

Board of directors

Question 60

A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?

Options:

A.

Poor audit support for the security program

B.

A lack of executive presence within the security program

C.

Poor alignment of the security program to business needs

D.

This is normal since business units typically resist security requirements

Question 61

Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

Options:

A.

A substantive test of program library controls

B.

A compliance test of program library controls

C.

A compliance test of the program compiler controls

D.

A substantive test of the program compiler controls

Question 62

An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?

Options:

A.

Management Control

B.

Technical Control

C.

Training Control

D.

Operational Control

Question 63

The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to

Options:

A.

assign the responsibility to the information security team.

B.

assign the responsibility to the team responsible for the management of the controls.

C.

create operational reports on the effectiveness of the controls.

D.

perform an independent audit of the security controls.

Question 64

Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights. Which of the following would be the MOST concerning?

Options:

A.

Lack of notification to the public of disclosure of confidential information.

B.

Lack of periodic examination of access rights

C.

Failure to notify police of an attempted intrusion

D.

Lack of reporting of a successful denial of service attack on the network.

Question 65

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

Options:

A.

Transfer financial resources from other critical programs

B.

Take the system off line until the budget is available

C.

Deploy countermeasures and compensating controls until the budget is available

D.

Schedule an emergency meeting and request the funding to fix the issue

Question 66

You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis. Which of the following activities will help you in this?

Options:

A.

Qualitative analysis

B.

Quantitative analysis

C.

Risk mitigation

D.

Estimate activity duration

Question 67

The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?

Options:

A.

Organization control

B.

Procedural control

C.

Management control

D.

Technical control

Page: 1 / 45
Total 449 questions