[Free] 2019(Nov) EnsurePass ECCouncil 712-50 Dumps with VCE and PDF 271-280

Get Full Version of the Exam
http://www.EnsurePass.com/712-50.html

Question No.271

When creating contractual agreements and procurement processes why should security requirements be included?

  1. To make sure they are added on after the process is completed

  2. To make sure the costs of security is included and understood

  3. To make sure the security process aligns with the vendor#39;s security process

  4. To make sure the patching process is included with the costs

Correct Answer: B

Question No.272

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years. Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?

  1. NIST and Privacy Regulations

  2. ISO 27000 and Payment Card Industry Data Security Standards

  3. NIST and data breach notification laws

  4. ISO 27000 and Human resources best practices

Correct Answer: B

Question No.273

Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise you discover that data has been breached and you have discovered the repository of stolen data on a server located in a foreign country. Your team now has full access to the data on the foreign server.

Your defenses did not hold up to the test as originally thought. As you investigate how the data was compromised through log analysis you discover that a hardworking, but misguided business intelligence analyst posted the data to an obfuscated URL on a popular cloud storage service so they could work on it from home during their off-time. Which technology or solution could you deploy to prevent employees from removing corporate data from your network? Choose the BEST answer.

  1. Security Guards posted outside the Data Center

  2. Data Loss Prevention (DLP)

  3. Rigorous syslog reviews

  4. Intrusion Detection Systems (IDS)

Correct Answer: B

Question No.274

The ability to demand the implementation and management of security controls on third parties providing services to an organization is

  1. Security Governance

  2. Compliance management

  3. Vendor management

  4. Disaster recovery

Correct Answer: C

Question No.275

SCENARIO: Critical servers show signs of erratic behavior within your organization#39;s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team. In what phase of the response will the team extract information from the affected systems without altering original data?

  1. Response

  2. Investigation

  3. Recovery

  4. Follow-up

Correct Answer: B

Question No.276

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation. Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?

  1. National Institute of Standards and Technology (NIST) Special Publication 800-53

  2. Payment Card Industry Digital Security Standard (PCI DSS)

  3. International Organization for Standardization ?ISO 27001/2

  4. British Standard 7799 (BS7799)

Correct Answer: C

Question No.277

Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget. Which of the following will be most helpful for getting an Information Security project that is behind schedule back on schedule?

  1. Upper management support

  2. More frequent project milestone meetings

  3. More training of staff members

  4. Involve internal audit

Correct Answer: A

Question No.278

As the CISO you need to write the IT security strategic plan. Which of the following is the MOST important to review before you start writing the plan?

  1. The existing IT environment.

  2. The company business plan.

  3. The present IT budget.

  4. Other corporate technology trends.

Correct Answer: B

Question No.279

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self- Service application. All employees have access to the organizational VPN. Once supervisors and data owners have approved requests, information system administrators will implement

  1. Technical control(s)

  2. Management control(s)

  3. Policy control(s)

  4. Operational control(s)

Correct Answer: A

Question No.280

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation. Your Corporate Information Security Policy should include which of the following?

  1. Information security theory

  2. Roles and responsibilities

  3. Incident response contacts

  4. Desktop configuration standards

Correct Answer: B

Get Full Version of the Exam
712-50 Dumps
712-50 VCE and PDF

Leave a Reply