Topic 3: Management – Projects and Operations (Projects, Technology & Operations)
A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?
A.
Poor audit support for the security program
B.
A lack of executive presence within the security program
C.
Poor alignment of the security program to business needs
D.
This is normal since business units typically resist security requirements
Poor alignment of the security program to business needs
A stakeholder is a person or group:
A.
Vested in the success and/or failure of a project or initiative regardless of budget implications.
B.
Vested in the success and/or failure of a project or initiative and is tied to the project budget.
C.
That has budget authority.
D.
That will ultimately use the system.
Vested in the success and/or failure of a project or initiative regardless of budget implications.
A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?
A.
tell him to shut down the server
B.
tell him to call the police
C.
tell him to invoke the incident response process
D.
tell him to analyze the problem, preserve the evidence and provide a full analysis and report
tell him to invoke the incident response process
Which of the following represents the best method of ensuring business unit alignment with security program requirements?
A.
Provide clear communication of security requirements throughout the organization
B.
Demonstrate executive support with written mandates for security policy adherence
C.
Create collaborative risk management approaches within the organization
D.
Perform increased audits of security processes and procedures
Create collaborative risk management approaches within the organization
A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims. Which of the following vendor provided documents is BEST to make your decision:
A.
Vendor’s client list of reputable organizations currently using their solution
B.
Vendor provided attestation of the detailed security controls from a reputable accounting firm
C.
Vendor provided reference from an existing reputable client detailing their implementation
D.
Vendor provided internal risk assessment and security control documentation
Vendor provided attestation of the detailed security controls from a reputable accounting firm
Risk appetite is typically determined by which of the following organizational functions?
A.
Security
B.
Business units
C.
Board of Directors
D.
Audit and compliance
Board of Directors
To get an Information Security project back on schedule, which of the following will provide the MOST help?
A.
Upper management support
B.
More frequent project milestone meetings
C.
Stakeholder support
D.
Extend work hours
Upper management support
Your incident response plan should include which of the following?
A.
Procedures for litigation
B.
Procedures for reclamation
C.
Procedures for classification
D.
Procedures for charge-back
Procedures for classification
Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?
A.
Upper management support
B.
More frequent project milestone meetings
C.
More training of staff members
D.
Involve internal audit
Upper management support
Which of the following is critical in creating a security program aligned with an organization’s goals?
A.
Ensure security budgets enable technical acquisition and resource allocation based on internal compliance requirements
B.
Develop a culture in which users, managers and IT professionals all make good decisions about information risk
C.
Provide clear communication of security program support requirements and audit schedules
D.
Create security awareness programs that include clear definition of security program goals and charters
Develop a culture in which users, managers and IT professionals all make good decisions about information risk
Which of the following information may be found in table top exercises for incident response?
A.
Security budget augmentation
B.
Process improvements
C.
Real-time to remediate
D.
Security control selection
Process improvements
A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?
A.
Alignment with the business
B.
Effective use of existing technologies
C.
Leveraging existing implementations
D.
Proper budget management
Alignment with the business
| Page 17 out of 38 Pages |
| 111213141516171819202122 |
| 712-50 Practice Test Home |
Real-World Scenario Mastery: Our 712-50 practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before EC-Council Certified CISO (CCISO) exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive 712-50 practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved