1. Home
  2. ECCouncil
  3. EISM
  4. 512-50
  5. EC-Council Information Security Manager (E|ISM) Questions and Answers

Pass the ECCouncil EISM 512-50 Questions and answers with CertsForce

 ECCouncil Exams      Go to Exam Detail      Get Premium Access
Viewing page 2 out of 13 pages
Viewing questions 11-20 out of questions
Questions # 11:

Which of the following is the MOST important benefit of an effective security governance process?

Options:
A.

Reduction of liability and overall risk to the organization

B.

Better vendor management

C.

Reduction of security breaches

D.

Senior management participation in the incident response process

Expert Solution
Questions # 12:

A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization’s large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

Options:
A.

Scan a representative sample of systems

B.

Perform the scans only during off-business hours

C.

Decrease the vulnerabilities within the scan tool settings

D.

Filter the scan output so only pertinent data is analyzed

Expert Solution
Questions # 13:

Ensuring that the actions of a set of people, applications and systems follow the organization’s rules is BEST described as:

Options:
A.

Risk management

B.

Security management

C.

Mitigation management

D.

Compliance management

Expert Solution
Questions # 14:

When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it

Options:
A.

In promiscuous mode and only detect malicious traffic.

B.

In-line and turn on blocking mode to stop malicious traffic.

C.

In promiscuous mode and block malicious traffic.

D.

In-line and turn on alert mode to stop malicious traffic.

Expert Solution
Questions # 15:

A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected. Who must be informed of this incident?

Options:
A.

Internal audit

B.

The data owner

C.

All executive staff

D.

Government regulators

Expert Solution
Questions # 16:

A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

Options:
A.

Providing a risk program governance structure

B.

Ensuring developers include risk control comments in code

C.

Creating risk assessment templates based on specific threats

D.

Allowing for the acceptance of risk for regulatory compliance requirements

Expert Solution
Questions # 17:

When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?

Options:
A.

The asset owner

B.

The asset manager

C.

The data custodian

D.

The project manager

Expert Solution
Questions # 18:

Which of the following has the GREATEST impact on the implementation of an information security governance model?

Options:
A.

Organizational budget

B.

Distance between physical locations

C.

Number of employees

D.

Complexity of organizational structure

Expert Solution
Questions # 19:

Which of the following should be determined while defining risk management strategies?

Options:
A.

Organizational objectives and risk tolerance

B.

Risk assessment criteria

C.

IT architecture complexity

D.

Enterprise disaster recovery plans

Expert Solution
Questions # 20:

Which of the following is MOST important when dealing with an Information Security Steering committee:

Options:
A.

Include a mix of members from different departments and staff levels.

B.

Ensure that security policies and procedures have been vetted and approved.

C.

Review all past audit and compliance reports.

D.

Be briefed about new trends and products at each meeting by a vendor.

Expert Solution
Viewing page 2 out of 13 pages
Viewing questions 11-20 out of questions