1. Home
  2. ECCouncil
  3. EISM
  4. 512-50
  5. EC-Council Information Security Manager (E|ISM) Questions and Answers

Pass the ECCouncil EISM 512-50 Questions and answers with CertsForce

 ECCouncil Exams      Go to Exam Detail      Get Premium Access
Viewing page 3 out of 13 pages
Viewing questions 21-30 out of questions
Questions # 21:

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

Options:
A.

Determine appetite

B.

Evaluate risk avoidance criteria

C.

Perform a risk assessment

D.

Mitigate risk

Expert Solution
Questions # 22:

Information security policies should be reviewed:

Options:
A.

by stakeholders at least annually

B.

by the CISO when new systems are brought online

C.

by the Incident Response team after an audit

D.

by internal audit semiannually

Expert Solution
Questions # 23:

Who is responsible for securing networks during a security incident?

Options:
A.

Chief Information Security Officer (CISO)

B.

Security Operations Center (SO

C.

Disaster Recovery (DR) manager

D.

Incident Response Team (IRT)

Expert Solution
Questions # 24:

When dealing with a risk management process, asset classification is important because it will impact the overall:

Options:
A.

Threat identification

B.

Risk monitoring

C.

Risk treatment

D.

Risk tolerance

Expert Solution
Questions # 25:

An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?

Options:
A.

International Organization for Standardizations – 27004 (ISO-27004)

B.

Payment Card Industry Data Security Standards (PCI-DSS)

C.

Control Objectives for Information Technology (COBIT)

D.

International Organization for Standardizations – 27005 (ISO-27005)

Expert Solution
Questions # 26:

Risk appetite is typically determined by which of the following organizational functions?

Options:
A.

Security

B.

Business units

C.

Board of Directors

D.

Audit and compliance

Expert Solution
Questions # 27:

A newly appointed security officer finds data leakage software licenses that had never been used. The officer decides to implement a project to ensure it gets installed, but the project gets a great deal of resistance across the organization. Which of the following represents the MOST likely reason for this situation?

Options:
A.

The software license expiration is probably out of synchronization with other software licenses

B.

The project was initiated without an effort to get support from impacted business units in the organization

C.

The software is out of date and does not provide for a scalable solution across the enterprise

D.

The security officer should allow time for the organization to get accustomed to her presence before initiating security projects

Expert Solution
Questions # 28:

Which of the following information may be found in table top exercises for incident response?

Options:
A.

Security budget augmentation

B.

Process improvements

C.

Real-time to remediate

D.

Security control selection

Expert Solution
Questions # 29:

Which of the following are the triple constraints of project management?

Options:
A.

Time, quality, and scope

B.

Cost, quality, and time

C.

Scope, time, and cost

D.

Quality, scope, and cost

Expert Solution
Questions # 30:

Which of the following methodologies references the recommended industry standard that Information security project managers should follow?

Options:
A.

The Security Systems Development Life Cycle

B.

The Security Project And Management Methodology

C.

Project Management System Methodology

D.

Project Management Body of Knowledge

Expert Solution
Viewing page 3 out of 13 pages
Viewing questions 21-30 out of questions