Practice Exams:

Free 712-50 Exam Braindumps

Pass your EC-Council Certified CISO (CCISO) exam with these free Questions and Answers

Page 2 of 90
PDF with 449 Questions
QUESTION 1

- (Topic 5)
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?

  1. A. Get approval from the board of directors
  2. B. Screen potential vendor solutions
  3. C. Verify that the cost of mitigation is less than the risk
  4. D. Create a risk metrics for all unmitigated risks

Correct Answer: C

QUESTION 2

- (Topic 5)
Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?

  1. A. NIST and Privacy Regulations
  2. B. ISO 27000 and Payment Card Industry Data Security Standards
  3. C. NIST and data breach notification laws
  4. D. ISO 27000 and Human resources best practices

Correct Answer: B

QUESTION 3

- (Topic 1)
Which of the following has the GREATEST impact on the implementation of an information security governance model?

  1. A. Organizational budget
  2. B. Distance between physical locations
  3. C. Number of employees
  4. D. Complexity of organizational structure

Correct Answer: D

QUESTION 4

- (Topic 1)
Which of the following is the MOST important for a CISO to understand when identifying threats?

  1. A. How vulnerabilities can potentially be exploited in systems that impact the organization
  2. B. How the security operations team will behave to reported incidents
  3. C. How the firewall and other security devices are configured to prevent attacks
  4. D. How the incident management team prepares to handle an attack

Correct Answer: A

QUESTION 5

- (Topic 2)
Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

  1. A. Meet regulatory compliance requirements
  2. B. Better understand the threats and vulnerabilities affecting the environment
  3. C. Better understand strengths and weaknesses of the program
  4. D. Meet legal requirements

Correct Answer: C

Page 2 of 90
PDF with 449 Questions

Post your Comments and Discuss EC-Council 712-50 exam with other Community members: