2022年最新の実際に出る712-50問題集テストエンジン試験問題はここにある [Q27-Q43]

Share

2022年最新の実際に出る712-50問題集テストエンジン試験問題はここにある

更新された公式資料は712-50認証済みの712-50問題集PDF

質問 27
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and dat a. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
Once supervisors and data owners have approved requests, information system administrators will implement

  • A. Operational control(s)
  • B. Management control(s)
  • C. Technical control(s)
  • D. Policy control(s)

正解: C

 

質問 28
Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

  • A. The Return on Investment (ROI) is larger than 10 months
  • B. The Net Present Value (NPV) of the project is positive
  • C. The NPV of the project is negative
  • D. The ROI is lower than 10 months

正解: C

 

質問 29
The effectiveness of an audit is measured by?

  • A. The number of actionable items in the recommendations
  • B. How it exposes the risk tolerance of the company
  • C. How the recommendations directly support the goals of the company
  • D. The number of security controls the company has in use

正解: C

 

質問 30
When managing the security architecture for your company you must consider:

  • A. Company values
  • B. Security and IT Staff size
  • C. Budget
  • D. All of the above

正解: D

 

質問 31
SCENARIO: A CISO has several two-factor authentication systems under review and
selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization's needs.
What is the MOST logical course of action the CISO should take?

  • A. Review the original solution set to determine if another system would fit the organization's risk appetite and budget regulatory compliance requirements
  • B. Continue with the project until the scalability issue is validated by others, such as an auditor or third party assessor
  • C. Cancel the project if the business need was based on internal requirements versus regulatory compliance requirements
  • D. Continue with the implementation and submit change requests to the vendor in order to ensure required functionality will be provided when needed

正解: A

 

質問 32
Who in the organization determines access to information?

  • A. Compliance officer
  • B. Information security officer
  • C. Data Owner
  • D. Legal department

正解: C

 

質問 33
Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
Symmetric encryption in general is preferable to asymmetric encryption when:

  • A. The speed of the encryption / deciphering process is essential
  • B. The volume of data being transmitted is small
  • C. The number of unique communication links is large
  • D. The distance to the end node is farthest away

正解: A

 

質問 34
Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.
When multiple regulations or standards apply to your industry you should set controls to meet the:

  • A. Stricter regulation or standard
  • B. Easiest regulation or standard to implement
  • C. Most complex standard to implement
  • D. Recommendations of your Legal Staff

正解: B

 

質問 35
Which of the following is a primary method of applying consistent configurations to IT systems?

  • A. Administration
  • B. Audits
  • C. Templates
  • D. Patching

正解: D

 

質問 36
Which of the following is a major benefit of applying risk levels?

  • A. Risk budgets are more easily managed due to fewer due to fewer identified risks as a result of using a methodology
  • B. Resources are not wasted on risks that are already managed to an acceptable level
  • C. Risk management governance becomes easier since most risks remain low once mitigated
  • D. Risk appetite increase within the organization once the levels are understood

正解: B

 

質問 37
The process to evaluate the technical and non-technical security controls of an IT system to validate that a given design and implementation meet a specific set of security requirements is called

  • A. Alignment with business practices and goals.
  • B. Security certification
  • C. Security accreditation
  • D. Security system analysis

正解: B

 

質問 38
The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

  • A. Collaboration with law enforcement
  • B. Well established and defined digital forensics process
  • C. Establishing Enterprise-owned Botnets for preemptive attacks
  • D. Be able to retaliate under the framework of Active Defense

正解: B

 

質問 39
What is the BEST way to achieve on-going compliance monitoring in an organization?

  • A. Outsource compliance to a 3rd party vendor and let them manage the program.
  • B. Have Compliance and Information Security partner to correct issues as they arise.
  • C. Have Compliance Direct Information Security to fix issues after the auditor's report.
  • D. Only check compliance right before the auditors are scheduled to arrive onsite.

正解: B

解説:
Explanation

 

質問 40
An organization's Information Security Policy is of MOST importance because_____________.

  • A. It establishes a framework to protect confidential information
  • B. It communicates management's commitment to protecting information resources
  • C. It is formally acknowledged by all employees and vendors
  • D. It defines a process to meet compliance requirements

正解: B

 

質問 41
The ability to demand the implementation and management of security controls on third parties providing services to an organization is

  • A. Compliance management
  • B. Vendor management
  • C. Security Governance
  • D. Disaster recovery

正解: B

 

質問 42
The newly appointed CISO of an organization is reviewing the IT security strategic plan. Which of the following is the MOST important component of the strategic plan?

  • A. There is an auditing methodology in place.
  • B. The plan requires return on investment for all security projects.
  • C. There is a clear definition of the IT security mission and vision.
  • D. There is integration between IT security and business staffing.

正解: C

解説:
ECCouncil 712-50 : Practice Test

 

質問 43
......

最新版無料体験を掴み取れ!EC-COUNCIL 712-50問題集PDFは更新された:https://www.goshiken.com/EC-COUNCIL/712-50-mondaishu.html

最新リリースの712-50問題集はCCISO認証済み:https://drive.google.com/open?id=1bMaCG-naPqfOoCElavlAGd1Jg813P9uU