EC-Council Information Security Manager (E|ISM)
Last Update May 4, 2024
Total Questions : 404
We are offering FREE 512-50 ECCouncil exam questions. All you do is to just go and sign up. Give your details, prepare 512-50 free exam questions and then go for complete pool of EC-Council Information Security Manager (E|ISM) test questions that will help you more.
SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.
What is the MOST logical course of action the CISO should take?
Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?
The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Annual Safeguard Cost is the formula for determining:
The network administrator wants to strengthen physical security in the organization. Specifically, to implement a
solution stopping people from entering certain restricted zones without proper credentials. Which of following
physical security measures should the administrator use?
What is the MAIN reason for conflicts between Information Technology and Information Security programs?
Which of the following is a critical operational component of an Incident Response Program (IRP)?
What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?
The alerting, monitoring and life-cycle management of security related events is typically handled by the
A company wants to fill a Chief Information Security Officer position in the organization. They need to define and implement a more holistic security program. Which of the following qualifications and experience would be MOST desirable to find in a candidate?
You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation throughout the entire organization?
A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?
Your company has a “no right to privacy” notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee’s email account. What should you do? (choose the BEST answer):
Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?
This occurs when the quantity or quality of project deliverables is expanded from the original project plan.
A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:
When operating under severe budget constraints a CISO will have to be creative to maintain a strong security organization. Which example below is the MOST creative way to maintain a strong security posture during these difficult times?
You are the CISO of a commercial social media organization. The leadership wants to rapidly create new methods of sharing customer data through creative linkages with mobile devices. You have voiced concern about privacy regulations but the velocity of the business is given priority. Which of the following BEST describes this organization?
Which of the following strategies provides the BEST response to a ransomware attack?
A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?
The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?
In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:
Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?
How often should an environment be monitored for cyber threats, risks, and exposures?
Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.
Which of the following will be most helpful for getting an Information Security project that is behind schedule back on schedule?
What are the three hierarchically related aspects of strategic planning and in which order should they be done?
The ability to demand the implementation and management of security controls on third parties providing services to an organization is
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
Once supervisors and data owners have approved requests, information system administrators will implement
During the 3rd quarter of a budget cycle, the CISO noticed she spent more than was originally planned in her
annual budget. What is the condition of her current budgetary posture?
Risk appetite directly affects what part of a vulnerability management program?
Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?
According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?
A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?
Risk appetite is typically determined by which of the following organizational functions?
Which of the following represents the BEST method of ensuring security program alignment to business needs?
The process of creating a system which divides documents based on their security level to manage access to private data is known as
Which of the following is the MAIN security concern for public cloud computing?
Which of the following statements about Encapsulating Security Payload (ESP) is true?
Which of the following is a countermeasure to prevent unauthorized database access from web applications?
An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?
Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?
You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis. Which of the following activities will help you in this?
As the new CISO at the company you are reviewing the audit reporting process and notice that it includes only detailed technical diagrams. What else should be in the reporting process?
An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security
At which point should the identity access management team be notified of the termination of an employee?
Creating a secondary authentication process for network access would be an example of?
An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application. What should be the NEXT step?