EC-Council 512-50 EC-Council Information Security Manager (E|ISM) Online Training
EC-Council 512-50 Online Training
The questions for 512-50 were last updated at Nov 23,2024.
- Exam Code: 512-50
- Exam Name: EC-Council Information Security Manager (E|ISM)
- Certification Provider: EC-Council
- Latest update: Nov 23,2024
Risk that remains after risk mitigation is known as
- A . Persistent risk
- B . Residual risk
- C . Accepted risk
- D . Non-tolerated risk
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?
- A . The organization uses exclusively a quantitative process to measure risk
- B . The organization uses exclusively a qualitative process to measure risk
- C . The organization’s risk tolerance is high
- D . The organization’s risk tolerance is lo
The PRIMARY objective for information security program development should be:
- A . Reducing the impact of the risk to the business.
- B . Establishing strategic alignment with business continuity requirements
- C . Establishing incident response programs.
- D . Identifying and implementing the best security solutions.
A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards.
What immediate action should the information security manager take?
- A . Enforce the existing security standards and do not allow the deployment of the new technology.
- B . Amend the standard to permit the deployment.
- C . If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.
- D . Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.
According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?
- A . Identify threats, risks, impacts and vulnerabilities
- B . Decide how to manage risk
- C . Define the budget of the Information Security Management System
- D . Define Information Security Policy
From an information security perspective, information that no longer supports the main purpose of the business should be:
- A . assessed by a business impact analysis.
- B . protected under the information classification policy.
- C . analyzed under the data ownership policy.
- D . analyzed under the retention policy
What is the main purpose of the Incident Response Team?
- A . Ensure efficient recovery and reinstate repaired systems
- B . Create effective policies detailing program activities
- C . Communicate details of information security incidents
- D . Provide current employee awareness programs
Information security policies should be reviewed:
- A . by stakeholders at least annually
- B . by the CISO when new systems are brought online
- C . by the Incident Response team after an audit
- D . by internal audit semiannually
An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System.
Which of the following international standards can BEST assist this organization?
- A . International Organization for Standardizations C 27004 (ISO-27004)
- B . Payment Card Industry Data Security Standards (PCI-DSS)
- C . Control Objectives for Information Technology (COBIT)
- D . International Organization for Standardizations C 27005 (ISO-27005)
Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?
- A . Use within an organization to formulate security requirements and objectives
- B . Implementation of business-enabling information security
- C . Use within an organization to ensure compliance with laws and regulations
- D . To enable organizations that adopt it to obtain certifications
Latest 512-50 Dumps Valid Version with 404 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
