712-50無料問題集「EC-COUNCIL EC-Council Certified CISO (CCISO)」

質問 1

Which of the following is a common technology for visual monitoring?

（A）Open circuit television

（B）Local video

（C）Blocked video

（D）Closed circuit television

正解：D 解答を投票する

質問 2

Risk appetite directly affects what part of a vulnerability management program?

（A）Scope

（B）Scan tools

（C）Schedule

（D）Staff

正解：A 解答を投票する

質問 3

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company's building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted are a. Which type of attack did the consultant perform?

（A）Tailgating

（B）Social engineering

（C）Shoulder surfing

（D）Mantrap

正解：A 解答を投票する

質問 4

Which of the following is critical in creating a security program aligned with an organization's goals?

（A）Create security awareness programs that include clear definition of security program goals and charters

（B）Develop a culture in which users, managers and IT professionals all make good decisions about information risk

（C）Provide clear communication of security program support requirements and audit schedules

（D）Ensure security budgets enable technical acquisition and resource allocation based on internal compliance requirements

正解：B 解答を投票する

質問 5

Control Objectives for Information and Related Technology (COBIT) is which of the following?

（A）A framework for Information Technology management and governance

（B）An audit guideline for certifying secure systems and controls

（C）An Information Security audit standard

（D）A set of international regulations for Information Technology governance

正解：A 解答を投票する

質問 6

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to organizational implementation and management requirements. Which of the following principles does this BEST demonstrate?

（A）Effective use of existing technologies

（B）Leveraging existing implementations

（C）Alignment with the business

（D）Proper budget management

正解：C 解答を投票する

質問 7

What oversight should the information security team have in the change management process for application security?

（A）Information security should be aware of all application changes and work with developers before changes are deployed in production

（B）Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production

（C）Development team should tell the information security team about any application security flaws

（D）Information security should be informed of changes to applications only

正解：B 解答を投票する

質問 8

What is meant by password aging?

（A）The amount of time it takes for a password to activate

（B）Time in seconds a user is allocated to change a password

（C）An expiration date set for passwords

（D）A Single Sign-On requirement

正解：B 解答を投票する

質問 9

You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll. Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff? (choose the best answer):

（A）Contract with a managed security provider and have current staff on recall for incident response

（B）Configure your syslog to send SMS messages to current staff when target events are triggered

（C）Employ an assumption of breach protocol and defend only essential information resources

（D）Deploy a SEIM solution and have current staff review incidents first thing in the morning

正解：A 解答を投票する

質問 10

What organizational structure combines the functional and project structures to create a hybrid of the two?

（A）Project

（B）Composite

（C）Matrix

（D）Traditional

正解：C 解答を投票する

質問 11

You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?

（A）Risk Transfer

（B）Risk Mitigation

（C）Risk Avoidance

（D）Risk Acceptance

正解：A 解答を投票する

質問 12

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?

（A）Comprehensive Log-Files from all servers and network devices affected during the attack

（B）Fully trained network forensic experts to analyze all data right after the attack

（C）Expert forensics witness

（D）Uninterrupted Chain of Custody

正解：D 解答を投票する

質問 13

A method to transfer risk is to:

（A）Implement redundancy

（B）move operations to another region

（C）purchase breach insurance

（D）Alignment with business operations

正解：C 解答を投票する

質問 14

Risk that remains after risk mitigation is known as

（A）Non-tolerated risk

（B）Accepted risk

（C）Residual risk

（D）Persistent risk

正解：C 解答を投票する

質問 15

The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:

（A）Changing the default passwords

（B）Getting authority to operate the system from executive management

（C）Contacting the Internet Service Provider for an IP scope

（D）Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities

正解：B 解答を投票する

712-50 無料問題集「EC-COUNCIL EC-Council Certified CISO (CCISO)」

弊社を連絡する

関連リンク

トップ試験