1. Home
  2. ECCouncil
  3. EISM
  4. 512-50
  5. EC-Council Information Security Manager (E|ISM) Questions and Answers

Pass the ECCouncil EISM 512-50 Questions and answers with CertsForce

 ECCouncil Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 13 pages
Viewing questions 1-10 out of questions
Questions # 1:

The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:

Options:
A.

Due Protection

B.

Due Care

C.

Due Compromise

D.

Due process

Expert Solution
Questions # 2:

In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

Options:
A.

The organization uses exclusively a quantitative process to measure risk

B.

The organization uses exclusively a qualitative process to measure risk

C.

The organization’s risk tolerance is high

D.

The organization’s risk tolerance is lo

Expert Solution
Questions # 3:

The single most important consideration to make when developing your security program, policies, and processes is:

Options:
A.

Budgeting for unforeseen data compromises

B.

Streamlining for efficiency

C.

Alignment with the business

D.

Establishing your authority as the Security Executive

Expert Solution
Questions # 4:

Which of the following is MOST likely to be discretionary?

Options:
A.

Policies

B.

Procedures

C.

Guidelines

D.

Standards

Expert Solution
Questions # 5:

A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?

Options:
A.

Enforce the existing security standards and do not allow the deployment of the new technology.

B.

Amend the standard to permit the deployment.

C.

If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.

D.

Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.

Expert Solution
Questions # 6:

What is the definition of Risk in Information Security?

Options:
A.

Risk = Probability x Impact

B.

Risk = Threat x Probability

C.

Risk = Financial Impact x Probability

D.

Risk = Impact x Threat

Expert Solution
Questions # 7:

Which of the following are the MOST important factors for proactively determining system vulnerabilities?

Options:
A.

Subscribe to vendor mailing list to get notification of system vulnerabilities

B.

Deploy Intrusion Detection System (IDS) and install anti-virus on systems

C.

Configure firewall, perimeter router and Intrusion Prevention System (IPS)

D.

Conduct security testing, vulnerability scanning, and penetration testing

Expert Solution
Questions # 8:

What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?

Options:
A.

Test every three years to ensure that things work as planned

B.

Conduct periodic tabletop exercises to refine the BC plan

C.

Outsource the creation and execution of the BC plan to a third party vendor

D.

Conduct a Disaster Recovery (DR) exercise every year to test the plan

Expert Solution
Questions # 9:

When briefing senior management on the creation of a governance process, the MOST important aspect should be:

Options:
A.

information security metrics.

B.

knowledge required to analyze each issue.

C.

baseline against which metrics are evaluated.

D.

linkage to business area objectives.

Expert Solution
Questions # 10:

Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?

Options:
A.

Awareness

B.

Compliance

C.

Governance

D.

Management

Expert Solution
Viewing page 1 out of 13 pages
Viewing questions 1-10 out of questions