512-50試験無料問題集（402題）「EC-COUNCIL EC-Council Information Security Manager (E|ISM) 認定」

出題：1

Acceptable levels of information security risk tolerance in an organization should be determined by?

A. CEO and board of director

B. Corporate compliance committee

C. Corporate legal counsel

D. CISO with reference to the company goals

正解：A 解答を投票する

出題：2

The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong?
(choose the BEST answer):

A. Used hardware encryption instead of software encryption

B. Failed to identify all stakeholders and their needs

C. Deployed the encryption solution in an inadequate manner

D. Used 1024 bit encryption when 256 bit would have sufficed

正解：B 解答を投票する

出題：3

While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?

A. Business continuity plan

B. Application mapping document

C. Disaster recovery strategic plan

D. Enterprise Risk Assessment

正解：C 解答を投票する

出題：4

To get an Information Security project back on schedule, which of the following will provide the MOST help?

A. Stakeholder support

B. Extend work hours

C. More frequent project milestone meetings

D. Upper management support

正解：D 解答を投票する

出題：5

Which of the following activities is the MAIN purpose of the risk assessment process?

A. Classifying and organizing information assets into meaningful groups

B. Assigning value to each information asset

C. Creating an inventory of information assets

D. Calculating the risks to which assets are exposed in their current setting

正解：D 解答を投票する

出題：6

The Information Security Management program MUST protect:

A. all organizational assets

B. critical business processes and /or revenue streams

C. intellectual property released into the public domain

D. against distributed denial of service attacks

正解：B 解答を投票する

出題：7

Risk that remains after risk mitigation is known as

A. Non-tolerated risk

B. Persistent risk

C. Accepted risk

D. Residual risk

正解：D 解答を投票する

出題：8

A security manager regualrly checks work areas after buisness hours for security violations; such as unsecured files or unattended computers with active sessions. This activity BEST demonstrates what part of a security program?

A. Compliance management

B. Physical control testing

C. Security awareness training

D. Audit validation

正解：A 解答を投票する

出題：9

During the 3rd quarter of a budget cycle, the CISO noticed she spent more than was originally planned in her annual budget. What is the condition of her current budgetary posture?

A. The budget is operating at a deficit

B. The budget is in a temporary state of imbalance

C. She can realign the budget through moderate capital expense (CAPEX) allocation

D. She has a surplus of operational expenses (OPEX)

正解：B 解答を投票する

出題：10

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

A. Mitigate risk

B. Perform a risk assessment

C. Determine appetite

D. Evaluate risk avoidance criteria

正解：A 解答を投票する

出題：11

Which of the following is critical in creating a security program aligned with an organization's goals?

A. Provide clear communication of security program support requirements and audit schedules

B. Develop a culture in which users, managers and IT professionals all make good decisions about information risk

C. Create security awareness programs that include clear definition of security program goals and charters

D. Ensure security budgets enable technical acquisition and resource allocation based on internal compliance requirements

正解：B 解答を投票する

出題：12

If a Virtual Machine's (VM) data is being replicated and that data is corrupted, this corruption will automatically be replicated to the other machine(s). What would be the BEST control to safeguard data integrity?

A. Backup to tape

B. Increase VM replication frequency

C. Maintain separate VM backups

D. Backup to a remote location

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
Recently, members of your organization have been targeted through a number of sophisticated phishing attempts and have compromised their system credentials. What action can you take to prevent the misuse of compromised credentials to change bank account information from outside your organization while still allowing employees to manage their bank information?

A. Enable monitoring on the VPN for suspicious activity

B. Force a change of all passwords

C. Turn off VPN access for users originating from outside the country

D. Block access to the Employee-Self Service application via VPN

正解：D 解答を投票する

出題：14

Which of the following is an accurate description of a balance sheet?

A. The details of expenses and revenue over a long period of time

B. The percentage of earnings that are retained by the organization for reinvestment in the business

C. A summarized statement of all assets and liabilities at a specific point in time

D. A review of regulations and requirements impacting the business from a financial perspective

正解：C 解答を投票する

出題：15

A recommended method to document the respective roles of groups and individuals for a given process is to:

A. Develop a telephone call tree for emergency response

B. Develop an isolinear response matrix with cost benefit analysis projections

C. Develop a detailed internal organization chart

D. Develop a Responsible, Accountable, Consulted, Informed (RACI) chart

正解：D 解答を投票する

出題：16

A missing/ineffective security control is identified. Which of the following should be the NEXT step?

A. Establish Key Risk Indicators

B. Perform a risk assessment to measure risk

C. Perform an audit to measure the control formally

D. Escalate the issue to the IT organization

正解：B 解答を投票する

出題：17

Which of the following is the MOST important component of any change management process?

A. Back-out procedures

B. Management approval

C. Scheduling

D. Outage planning

正解：B 解答を投票する

512-50試験無料問題集「EC-COUNCIL EC-Council Information Security Manager (E|ISM) 認定」