Practice Exams:

Free 712-50 Exam Braindumps

Pass your EC-Council Certified CISO (CCISO) exam with these free Questions and Answers

Page 8 of 90
PDF with 449 Questions
QUESTION 31

- (Topic 5)
As the CISO you need to write the IT security strategic plan. Which of the following is the MOST important to review before you start writing the plan?

  1. A. The existing IT environment.
  2. B. The company business plan.
  3. C. The present IT budget.
  4. D. Other corporate technology trends.

Correct Answer: B

QUESTION 32

- (Topic 5)
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?

  1. A. Annually
  2. B. Semi-annually
  3. C. Quarterly
  4. D. Never

Correct Answer: D

QUESTION 33

- (Topic 5)
The total cost of security controls should:

  1. A. Be equal to the value of the information resource being protected
  2. B. Be greater than the value of the information resource being protected
  3. C. Be less than the value of the information resource being protected
  4. D. Should not matter, as long as the information resource is protected

Correct Answer: C

QUESTION 34

- (Topic 5)
Your company has limited resources to spend on security initiatives. The Chief Financial Officer asks you to prioritize the protection of information resources based on their value to the company. It is essential that you be able to communicate in language that your fellow executives will understand. You should:

  1. A. Create timelines for mitigation
  2. B. Develop a cost-benefit analysis
  3. C. Calculate annual loss expectancy
  4. D. Create a detailed technical executive summary

Correct Answer: B

QUESTION 35

- (Topic 3)
Which of the following can the company implement in order to avoid this type of security issue in the future?

  1. A. Network based intrusion detection systems
  2. B. A security training program for developers
  3. C. A risk management process
  4. D. A audit management process

Correct Answer: B

Page 8 of 90
PDF with 449 Questions

Post your Comments and Discuss EC-Council 712-50 exam with other Community members: