EC-Council 512-50 EC-Council Information Security Manager (E|ISM) Online Training
EC-Council 512-50 Online Training
The questions for 512-50 were last updated at Dec 24,2024.
- Exam Code: 512-50
- Exam Name: EC-Council Information Security Manager (E|ISM)
- Certification Provider: EC-Council
- Latest update: Dec 24,2024
When choosing a risk mitigation method what is the MOST important factor?
- A . Approval from the board of directors
- B . Cost of the mitigation is less than the risk
- C . Metrics of mitigation method success
- D . Mitigation method complies with PCI regulations
What role should the CISO play in properly scoping a PCI environment?
- A . Validate the business units’ suggestions as to what should be included in the scoping process
- B . Work with a Qualified Security Assessor (QSA) to determine the scope of the PCI environment
- C . Ensure internal scope validation is completed and that an assessment has been done to discover all credit card data
- D . Complete the self-assessment questionnaire and work with an Approved Scanning Vendor (ASV) to determine scope
What is the MAIN reason for conflicts between Information Technology and Information Security programs?
- A . Technology governance defines technology policies and standards while security governance does not.
- B . Security governance defines technology best practices and Information Technology governance does not.
- C . Technology Governance is focused on process risks whereas Security Governance is focused on business risk.
- D . The effective implementation of security controls can be viewed as an inhibitor to rapid Information Technology implementations.
Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?
- A . Security officer
- B . Data owner
- C . Vulnerability engineer
- D . System administrator
When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it
- A . In promiscuous mode and only detect malicious traffic.
- B . In-line and turn on blocking mode to stop malicious traffic.
- C . In promiscuous mode and block malicious traffic.
- D . In-line and turn on alert mode to stop malicious traffic.
When managing an Information Security Program, which of the following is of MOST importance in order to influence the culture of an organization?
- A . An independent Governance, Risk and Compliance organization
- B . Alignment of security goals with business goals
- C . Compliance with local privacy regulations
- D . Support from Legal and HR teams
What is the first thing that needs to be completed in order to create a security program for your organization?
- A . Risk assessment
- B . Security program budget
- C . Business continuity plan
- D . Compliance and regulatory analysis
A security manager has created a risk program.
Which of the following is a critical part of ensuring the program is successful?
- A . Providing a risk program governance structure
- B . Ensuring developers include risk control comments in code
- C . Creating risk assessment templates based on specific threats
- D . Allowing for the acceptance of risk for regulatory compliance requirements
Which of the following is a critical operational component of an Incident Response Program (IRP)?
- A . Weekly program budget reviews to ensure the percentage of program funding remains constant.
- B . Annual review of program charters, policies, procedures and organizational agreements.
- C . Daily monitoring of vulnerability advisories relating to your organization’s deployed technologies.
- D . Monthly program tests to ensure resource allocation is sufficient for supporting the needs of the organization
Which of the following is the MOST important for a CISO to understand when identifying threats?
- A . How vulnerabilities can potentially be exploited in systems that impact the organization
- B . How the security operations team will behave to reported incidents
- C . How the firewall and other security devices are configured to prevent attacks
- D . How the incident management team prepares to handle an attack