1. Home
  2. ECCouncil
  3. EISM
  4. 512-50
  5. EC-Council Information Security Manager (E|ISM) Questions and Answers

Pass the ECCouncil EISM 512-50 Questions and answers with CertsForce

 ECCouncil Exams      Go to Exam Detail      Get Premium Access
Viewing page 5 out of 13 pages
Viewing questions 41-50 out of questions
Questions # 41:

When operating under severe budget constraints a CISO will have to be creative to maintain a strong security organization. Which example below is the MOST creative way to maintain a strong security posture during these difficult times?

Options:
A.

Download open source security tools and deploy them on your production network

B.

Download trial versions of commercially available security tools and deploy on your production network

C.

Download open source security tools from a trusted site, test, and then deploy on production network

D.

Download security tools from a trusted source and deploy to production network

Expert Solution
Questions # 42:

The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?

Options:
A.

Work with the IT group and tell them to put IPS in-line and say it won’t cause any network impact

B.

Explain to the IT group that the IPS won’t cause any network impact because it will fail open

C.

Explain to the IT group that this is a business need and the IPS will fail open however, if there is a network failure the CISO will accept responsibility

D.

Explain to the IT group that the IPS will fail open once in-line however it will be deployed in monitor mode for a set period of time to ensure that it doesn’t block any legitimate traffic

Expert Solution
Questions # 43:

An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a MAJOR constraint for the project?

Options:
A.

Time zone differences

B.

Compliance to local hiring laws

C.

Encryption import/export regulations

D.

Local customer privacy laws

Expert Solution
Questions # 44:

An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?

Options:
A.

Ineffective configuration management controls

B.

Lack of change management controls

C.

Lack of version/source controls

D.

High turnover in the application development department

Expert Solution
Questions # 45:

In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool selection represents the BEST choice to achieve situational awareness?

Options:
A.

Vmware, router, switch, firewall, syslog, vulnerability management system (VMS)

B.

Intrusion Detection System (IDS), firewall, switch, syslog

C.

Security Incident Event Management (SIEM), IDS, router, syslog

D.

SIEM, IDS, firewall, VMS

Expert Solution
Questions # 46:

Which of the following is MOST beneficial in determining an appropriate balance between uncontrolled innovation and excessive caution in an organization?

Options:
A.

Define the risk appetite

B.

Determine budget constraints

C.

Review project charters

D.

Collaborate security projects

Expert Solution
Questions # 47:

A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?

Options:
A.

Security alignment to business goals

B.

Regulatory compliance effectiveness

C.

Increased security program presence

D.

Proper organizational policy enforcement

Expert Solution
Questions # 48:

What oversight should the information security team have in the change management process for application security?

Options:
A.

Information security should be informed of changes to applications only

B.

Development team should tell the information security team about any application security flaws

C.

Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production

D.

Information security should be aware of all application changes and work with developers before changes are deployed in production

Expert Solution
Questions # 49:

You are the CISO of a commercial social media organization. The leadership wants to rapidly create new methods of sharing customer data through creative linkages with mobile devices. You have voiced concern about privacy regulations but the velocity of the business is given priority. Which of the following BEST describes this organization?

Options:
A.

Risk averse

B.

Risk tolerant

C.

Risk conditional

D.

Risk minimal

Expert Solution
Questions # 50:

An organization has a stated requirement to block certain traffic on networks. The implementation of controls will disrupt a manufacturing process and cause unacceptable delays, resulting in sever revenue disruptions. Which of the following is MOST likely to be responsible for accepting the risk until mitigating controls can be implemented?

Options:
A.

The CISO

B.

Audit and Compliance

C.

The CFO

D.

The business owner

Expert Solution
Viewing page 5 out of 13 pages
Viewing questions 41-50 out of questions