1. Home
  2. ECCouncil
  3. EISM
  4. 512-50
  5. EC-Council Information Security Manager (E|ISM) Questions and Answers

Pass the ECCouncil EISM 512-50 Questions and answers with CertsForce

 ECCouncil Exams      Go to Exam Detail      Get Premium Access
Viewing page 9 out of 13 pages
Viewing questions 81-90 out of questions
Questions # 81:

Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?

Options:
A.

All vulnerabilities found on servers and desktops

B.

Only critical and high vulnerabilities on servers and desktops

C.

Only critical and high vulnerabilities that impact important production servers

D.

All vulnerabilities that impact important production servers

Expert Solution
Questions # 82:

An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the senior computer operator. The most appropriate course of action for the IT auditor is to:

Options:
A.

Inform senior management of the risk involved.

B.

Agree to work with the security officer on these shifts as a form of preventative control.

C.

Develop a computer assisted audit technique to detect instances of abuses of the arrangement.

D.

Review the system log for each of the late night shifts to determine whether any irregular actions occurred.

Expert Solution
Questions # 83:

When you develop your audit remediation plan what is the MOST important criteria?

Options:
A.

To remediate half of the findings before the next audit.

B.

To remediate all of the findings before the next audit.

C.

To validate that the cost of the remediation is less than the risk of the finding.

D.

To validate the remediation process with the auditor.

Expert Solution
Questions # 84:

Which of the following are necessary to formulate responses to external audit findings?

Options:
A.

Internal Audit, Management, and Technical Staff

B.

Internal Audit, Budget Authority, Management

C.

Technical Staff, Budget Authority, Management

D.

Technical Staff, Internal Audit, Budget Authority

Expert Solution
Questions # 85:

Who is responsible for verifying that audit directives are implemented?

Options:
A.

IT Management

B.

Internal Audit

C.

IT Security

D.

BOD Audit Committee

Expert Solution
Questions # 86:

Which of the following is a benefit of a risk-based approach to audit planning?

Options:
A.

Resources are allocated to the areas of the highest concern

B.

Scheduling may be performed months in advance

C.

Budgets are more likely to be met by the IT audit staff

D.

Staff will be exposed to a variety of technologies

Expert Solution
Questions # 87:

Assigning the role and responsibility of Information Assurance to a dedicated and independent security group is an example of:

Options:
A.

Detective Controls

B.

Proactive Controls

C.

Preemptive Controls

D.

Organizational Controls

Expert Solution
Questions # 88:

Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

Options:
A.

Senior Executives

B.

Office of the Auditor

C.

Office of the General Counsel

D.

All employees and users

Expert Solution
Questions # 89:

The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to

Options:
A.

assign the responsibility to the information security team.

B.

assign the responsibility to the team responsible for the management of the controls.

C.

create operational reports on the effectiveness of the controls.

D.

perform an independent audit of the security controls.

Expert Solution
Questions # 90:

Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?

Options:
A.

International Organization for Standardization 27001

B.

National Institute of Standards and Technology Special Publication SP 800-12

C.

Request For Comment 2196

D.

National Institute of Standards and Technology Special Publication SP 800-26

Expert Solution
Viewing page 9 out of 13 pages
Viewing questions 81-90 out of questions