Practice Exams:

Free 712-50 Exam Braindumps

Pass your EC-Council Certified CISO (CCISO) exam with these free Questions and Answers

Page 6 of 90
PDF with 449 Questions
QUESTION 21

- (Topic 2)
Which of the following activities must be completed BEFORE you can calculate risk?

  1. A. Determining the likelihood that vulnerable systems will be attacked by specific threats
  2. B. Calculating the risks to which assets are exposed in their current setting
  3. C. Assigning a value to each information asset
  4. D. Assessing the relative risk facing the organization’s information assets

Correct Answer: C

QUESTION 22

- (Topic 5)
The newly appointed CISO of an organization is reviewing the IT security strategic plan. Which of the following is the MOST important component of the strategic plan?

  1. A. There is integration between IT security and business staffing.
  2. B. There is a clear definition of the IT security mission and vision.
  3. C. There is an auditing methodology in place.
  4. D. The plan requires return on investment for all security projects.

Correct Answer: B

QUESTION 23

- (Topic 2)
The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because

  1. A. The IT team is not familiar in IT audit practices
  2. B. This represents a bad implementation of the Least Privilege principle
  3. C. This represents a conflict of interest
  4. D. The IT team is not certified to perform audits

Correct Answer: C

QUESTION 24

- (Topic 3)
As the CISO for your company you are accountable for the protection of information resources commensurate with:

  1. A. Customer demand
  2. B. Cost and time to replace
  3. C. Insurability tables
  4. D. Risk of exposure

Correct Answer: D

QUESTION 25

- (Topic 5)
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO’s approach to security?

  1. A. Lack of risk management process
  2. B. Lack of sponsorship from executive management
  3. C. IT security centric agenda
  4. D. Compliance centric agenda

Correct Answer: C

Page 6 of 90
PDF with 449 Questions

Post your Comments and Discuss EC-Council 712-50 exam with other Community members: