512-50 : Information Security Manager (E|ISM) Exam

512-50 Dumps
512-50 Braindumps
512-50 Real Questions
512-50 Practice Test
512-50 Actual Questions


EC-COUNCIL
512-50
Information Security Manager (E|ISM)
https://killexams.com/pass4sure/exam-detail/512-50

Question: 84
Which of the following is MOST important when dealing with an Information Security Steering committee:
A. Include a mix of members from different departments and staff levels.
B. Ensure that security policies and procedures have been vetted and approved.
C. Review all past audit and compliance reports.
D. Be briefed about new trends and products at each meeting by a vendor.
Answer: C
Question: 85
When briefing senior management on the creation of a governance process, the MOST important aspect should be:
A. information security metrics.
B. knowledge required to analyze each issue.
C. baseline against which metrics are evaluated.
D. linkage to business area objectives.
Answer: D
Question: 86
What is the BEST way to achieve on-going compliance monitoring in an organization?
A. Only check compliance right before the auditors are scheduled to arrive onsite.
B. Outsource compliance to a 3rd party vendor and let them manage the program.
C. Have Compliance and Information Security partner to correct issues as they arise.
D. Have Compliance direct Information Security to fix issues after the auditors report.
Answer: C
Question: 87
Which of the following is considered the MOST effective tool against social engineering?
A. Anti-phishing tools
B. Anti-malware tools
C. Effective Security Vulnerability Management Program
D. Effective Security awareness program
Answer: D
Question: 88
Risk is defined as:
A. Threat times vulnerability divided by control
B. Advisory plus capability plus vulnerability
C. Asset loss times likelihood of event
D. Quantitative plus qualitative impact
Answer: A
Question: 89
When would it be more desirable to develop a set of decentralized security policies and procedures within an
enterprise environment?
A. When there is a need to develop a more unified incident response capability.
B. When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory
requirements.
C. When there is a variety of technologies deployed in the infrastructure.
D. When it results in an overall lower cost of operating the security program.
Answer: B
Question: 90
The FIRST step in establishing a security governance program is to?
A. Conduct a risk assessment.
B. Obtain senior level sponsorship.
C. Conduct a workshop for all end users.
D. Prepare a security budget.
Answer: B
Question: 91
Risk that remains after risk mitigation is known as
A. Persistent risk
B. Residual risk
C. Accepted risk
D. Non-tolerated risk
Answer: B
Question: 92
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?
A. The organization uses exclusively a quantitative process to measure risk
B. The organization uses exclusively a qualitative process to measure risk
C. The organizationās risk tolerance is high
D. The organizationās risk tolerance is lo
Answer: C
Question: 93
The PRIMARY objective for information security program development should be:
A. Reducing the impact of the risk to the business.
B. Establishing strategic alignment with business continuity requirements
C. Establishing incident response programs.
D. Identifying and implementing the best security solutions.
Answer: A
Question: 94
A business unit within your organization intends to deploy a new technology in a manner that places it in violation of
existing information security standards.
What immediate action should the information security manager take?
A. Enforce the existing security standards and do not allow the deployment of the new technology.
B. Amend the standard to permit the deployment.
C. If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk,
and allow the business unit to proceed based on the identified risk level.
D. Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.
Answer: C
Question: 95
According to ISO 27001, of the steps for establishing an Information Security Governance program listed below,
which comes first?
A. Identify threats, risks, impacts and vulnerabilities
B. Decide how to manage risk
C. Define the budget of the Information Security Management System
D. Define Information Security Policy
Answer: D
Question: 96
From an information security perspective, information that no longer supports the main purpose of the business should
be:
A. assessed by a business impact analysis.
B. protected under the information classification policy.
C. analyzed under the data ownership policy.
D. analyzed under the retention policy
Answer: D
Question: 97
What is the main purpose of the Incident Response Team?
A. Ensure efficient recovery and reinstate repaired systems
B. Create effective policies detailing program activities
C. Communicate details of information security incidents
D. Provide current employee awareness programs
Answer: A
Question: 98
Information security policies should be reviewed:
A. by stakeholders at least annually
B. by the CISO when new systems are brought online
C. by the Incident Response team after an audit
D. by internal audit semiannually
Answer: A
Question: 99
An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security
Management System.
Which of the following international standards can BEST assist this organization?
A. International Organization for Standardizations C 27004 (ISO-27004)
B. Payment Card Industry Data Security Standards (PCI-DSS)
C. Control Objectives for Information Technology (COBIT)
D. International Organization for Standardizations C 27005 (ISO-27005)
Answer: A
Question: 100
Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?
A. Use within an organization to formulate security requirements and objectives
B. Implementation of business-enabling information security
C. Use within an organization to ensure compliance with laws and regulations
D. To enable organizations that adopt it to obtain certifications
Answer: B

User: Nick***** The development of the exam simulator by Killexams.com is remarkable, and I acknowledge the effort put into it. With the help of the team, I passed my 512-50 exam, particularly with the questions and answers provided by Killexams.com.

User: Tatiana***** I am Aggarwal, and I work for Clever Corp. I was worried about the INFORMATION SECURITY MANAGER (E|ISM) exam because it contained difficult case studies. I used the killexams.com questions and answers, and my doubts were cleared because of the explanations provided for the answers. I also received well-solved case studies in my email. I am happy to mention that I got a 73% in the exam, and I credit killexams.com for helping me succeed.

User: Nadezhda***** I am pleased with the 512-50 Questions and Answers from Killexams.com, which helped me during the exam. I am considering taking other EC-Council certifications in the future.

User: Lukah***** Killexams.com is outstanding in every aspect. The 512-50 study guide is comprehensive, providing the latest updates and real exam questions, allowing you to focus on what matters most. I used their exam simulator extensively, which gave me the confidence to face the actual exam with ease. Investing in Killexams.com was undoubtedly a wise decision for my career, and I am thrilled to have passed the 512-50 exam with flying colors. I have added my certification to my resume and LinkedIn profile, which has helped boost my professional reputation.

User: Barbara***** Two weeks before my 512-50 exam, my books were burnt in a fire incident in my area. I thought of giving up on the exam as I had no resources to prepare. However, I opted for Killexams.com, and I am still surprised that I passed the exam. The free demo helped me understand the material easily.

---