The Secret Of EC-Council 712-50 Testing Material

We provide real 712-50 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass EC-Council 712-50 Exam quickly & easily. The 712-50 PDF type is available for reading and printing. You can print more and practice many times. With the help of our EC-Council 712-50 dumps pdf and vce product and material, you can easily pass the 712-50 exam.

Check 712-50 free dumps before getting the full version:


You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis. Which of the following activities will help you in this?

  • A. Qualitative analysis
  • B. Quantitative analysis
  • C. Risk mitigation
  • D. Estimate activity duration

Answer: A


Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

  • A. Containment
  • B. Recovery
  • C. Identification
  • D. Eradication

Answer: D


John is the project manager for a large project in his organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed. The vendor is refusing to make the changes as they’ve already completed the project work they were contracted to do. What can John do in this instance?

  • A. Refer the vendor to the Service Level Agreement (SLA) and insist that they make the changes.
  • B. Review the Request for Proposal (RFP) for guidance.
  • C. Withhold the vendor’s payments until the issue is resolved.
  • D. Refer to the contract agreement for direction.

Answer: D


The process to evaluate the technical and non-technical security controls of an IT system to validate that a given design and implementation meet a specific set of security requirements is called

  • A. Security certification
  • B. Security system analysis
  • C. Security accreditation
  • D. Alignment with business practices and goals.

Answer: A


How often should an environment be monitored for cyber threats, risks, and exposures?

  • A. Weekly
  • B. Monthly
  • C. Quarterly
  • D. Daily

Answer: D


Which of the following is the MOST important component of any change management process?

  • A. Scheduling
  • B. Back-out procedures
  • C. Outage planning
  • D. Management approval

Answer: D


Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.
Using the best business practices for project management, you determine that the project
correctly aligns with the organization goals. What should be verified next?

  • A. Scope
  • B. Budget
  • C. Resources
  • D. Constraints

Answer: A


Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?

  • A. Threat
  • B. Vulnerability
  • C. Attack vector
  • D. Exploitation

Answer: B


Who is responsible for securing networks during a security incident?

  • A. Chief Information Security Officer (CISO)
  • B. Security Operations Center (SO
  • C. Disaster Recovery (DR) manager
  • D. Incident Response Team (IRT)

Answer: D


What oversight should the information security team have in the change management process for application security?

  • A. Information security should be informed of changes to applications only
  • B. Development team should tell the information security team about any application security flaws
  • C. Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production
  • D. Information security should be aware of all application changes and work with developers before changes are deployed in production

Answer: C


To get an Information Security project back on schedule, which of the following will provide the MOST help?

  • A. Upper management support
  • B. More frequent project milestone meetings
  • C. Stakeholder support
  • D. Extend work hours

Answer: A


Which of the following statements about Encapsulating Security Payload (ESP) is true?

  • A. It is an IPSec protocol.
  • B. It is a text-based communication protocol.
  • C. It uses TCP port 22 as the default port and operates at the application layer.
  • D. It uses UDP port 22

Answer: A


Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

  • A. Senior Executives
  • B. Office of the Auditor
  • C. Office of the General Counsel
  • D. All employees and users

Answer: :A


Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.
What is one proven method to account for common elements found within separate
regulations and/or standards?

  • A. Hire a GRC expert
  • B. Use the Find function of your word processor
  • C. Design your program to meet the strictest government standards
  • D. Develop a crosswalk

Answer: D


The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

  • A. The need to change accounting periods on a regular basis.
  • B. The requirement to post entries for a closed accounting period.
  • C. The need to create and modify the chart of accounts and its allocations.
  • D. The lack of policies and procedures for the proper segregation of duties.

Answer: D


The process for identifying, collecting, and producing digital information in support of legal proceedings is called

  • A. chain of custody.
  • B. electronic discovery.
  • C. evidence tampering.
  • D. electronic review.

Answer: B


Risk that remains after risk mitigation is known as

  • A. Persistent risk
  • B. Residual risk
  • C. Accepted risk
  • D. Non-tolerated risk

Answer: B


An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a MAJOR constraint for the

  • A. Time zone differences
  • B. Compliance to local hiring laws
  • C. Encryption import/export regulations
  • D. Local customer privacy laws

Answer: C


SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.
The CISO discovers the scalability issue will only impact a small number of network segments. What is the next logical step to ensure the proper application of risk management methodology within the two-facto implementation project?

  • A. Create new use cases for operational use of the solution
  • B. Determine if sufficient mitigating controls can be applied
  • C. Decide to accept the risk on behalf of the impacted business units
  • D. Report the deficiency to the audit team and create process exceptions

Answer: B


Why is it vitally important that senior management endorse a security policy?

  • A. So that they will accept ownership for security within the organization.
  • B. So that employees will follow the policy directives.
  • C. So that external bodies will recognize the organizations commitment to security.
  • D. So that they can be held legally accountable.

Answer: A


What is the primary reason for performing a return on investment analysis?

  • A. To decide between multiple vendors
  • B. To decide is the solution costs less than the risk it is mitigating
  • C. To determine the current present value of a project
  • D. To determine the annual rate of loss

Answer: B


What is the FIRST step in developing the vulnerability management program?

  • A. Baseline the Environment
  • B. Maintain and Monitor
  • C. Organization Vulnerability
  • D. Define Policy

Answer: A


A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization’s large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

  • A. Scan a representative sample of systems
  • B. Perform the scans only during off-business hours
  • C. Decrease the vulnerabilities within the scan tool settings
  • D. Filter the scan output so only pertinent data is analyzed

Answer: A


Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?

  • A. Get approval from the board of directors
  • B. Screen potential vendor solutions
  • C. Verify that the cost of mitigation is less than the risk
  • D. Create a risk metrics for all unmitigated risks

Answer: C


The ability to demand the implementation and management of security controls on third parties providing services to an organization is

  • A. Security Governance
  • B. Compliance management
  • C. Vendor management
  • D. Disaster recovery

Answer: C


Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network?

  • A. Perform a vulnerability scan of the network
  • B. External penetration testing by a qualified third party
  • C. Internal Firewall ruleset reviews
  • D. Implement network intrusion prevention systems

Answer: B


While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?

  • A. Enterprise Risk Assessment
  • B. Disaster recovery strategic plan
  • C. Business continuity plan
  • D. Application mapping document

Answer: B


During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

  • A. Identify and evaluate the existing controls.
  • B. Disclose the threats and impacts to management.
  • C. Identify information assets and the underlying systems.
  • D. Identify and assess the risk assessment process used by management.

Answer: A


100% Valid and Newest Version 712-50 Questions & Answers shared by, Get Full Dumps HERE: (New 343 Q&As)