Updated Sep-2022 Exam Engine for 512-50 Exam Free Demo & 365 Day Updates

Exam Passing Guarantee 512-50 Exam with Accurate Quastions!

EC-Council Information Security Manager (E|ISM) 512-50 Exam

EC-Council Information Security Manager (E|ISM) 512-50 Exam which is related to Information Security Manager certification. This exam validates the Candidate ability to define, implement, manage and maintain an information security governance program that includes leadership, organizational structures, and processes, identify the organization's operational process and objectives as well as risk tolerance level. It also deals with the ability to design, develop and maintain enterprise information security architecture (EISA) by aligning business processes, IT software and hardware, local and wide area networks, operations, people, and projects with the organization's overall security strategy.

How much 512-50 Exam Cost

The price of the 512-50 exam is $950 USD.

 

NEW QUESTION 154
The primary purpose of a risk register is to:

• A. Develop plans for mitigating identified risks
• B. Track individual risk assessments
• C. Coordinate the timing of scheduled risk assessments
• D. Maintain a log of discovered risks

Answer: D

Explanation:
Reference: https://sitemate.com/us/resources/articles/safety/purpose-of-a-risk-register/

 

NEW QUESTION 155
What is the BEST way to achieve on-going compliance monitoring in an organization?

• A. Outsource compliance to a 3rd party vendor and let them manage the program.
• B. Only check compliance right before the auditors are scheduled to arrive onsite.
• C. Have Compliance direct Information Security to fix issues after the auditors report.
• D. Have Compliance and Information Security partner to correct issues as they arise.

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 156
The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?

• A. The company does not believe the security vulnerabilities to be real
• B. The company has a high risk tolerance
• C. The company lacks a risk management process
• D. The company lacks the tools to perform a vulnerability assessment

Answer: B

 

NEW QUESTION 157
A Chief Information Security Officer received a list of high, medium, and low impact audit findings. Which of the following represents the BEST course of action?

• A. If the findings do not impact regulatory compliance, review current security controls.
• B. If the findings impact regulatory compliance, remediate the high findings as quickly as possible.
• C. If the findings impact regulatory compliance, try to apply remediation that will address the most findings for the least cost.
• D. If the findings do not impact regulatory compliance, remediate only the high and medium risk findings.

Answer: B

 

NEW QUESTION 158
Which type of scan is used on the eye to measure the layer of blood vessels?

• A. Signature kinetics scan
• B. Facial recognition scan
• C. Iris scan
• D. Retinal scan

Answer: D

 

NEW QUESTION 159
If your organization operates under a model of "assumption of breach", you should:

• A. Purchase insurance for your compliance liability
• B. Establish active firewall monitoring protocols
• C. Protect all information resource assets equally
• D. Focus your security efforts on high value assets

Answer: A

 

NEW QUESTION 160
What is the first thing that needs to be completed in order to create a security program for your organization?

• A. Risk assessment
• B. Security program budget
• C. Business continuity plan
• D. Compliance and regulatory analysis

Answer: A

 

NEW QUESTION 161
The process of identifying and classifying assets is typically included in the

• A. Disaster Recovery plan
• B. Business Impact Analysis
• C. Threat analysis process
• D. Asset configuration management process

Answer: D

 

NEW QUESTION 162
Which of the following provides an independent assessment of a vendor's internal security controls and overall posture?

• A. PCI attestation of compliance
• B. Alignment with business goals
• C. Financial statements
• D. ISO27000 accreditation

Answer: D

 

NEW QUESTION 163
How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?

• A. Quarterly
• B. Semi-annually
• C. Annually
• D. Bi-annually

Answer: C

 

NEW QUESTION 164
Which of the following are the MOST important factors for proactively determining system vulnerabilities?

• A. Conduct security testing, vulnerability scanning, and penetration testing
• B. Configure firewall, perimeter router and Intrusion Prevention System (IPS)
• C. Deploy Intrusion Detection System (IDS) and install anti-virus on systems
• D. Subscribe to vendor mailing list to get notification of system vulnerabilities

Answer: A

 

NEW QUESTION 165
Which of the following is a symmetric encryption algorithm?

• A. ECC
• B. 3DES
• C. RSA
• D. MD5

Answer: B

 

NEW QUESTION 166
The amount of risk an organization is willing to accept in pursuit of its mission is known as

• A. Risk tolerance
• B. Risk transfer
• C. Risk mitigation
• D. Risk acceptance

Answer: A

 

NEW QUESTION 167
Which of the following is the MOST logical method of deploying security controls within an organization?

• A. Apply the least costly controls to demonstrate positive program activity
• B. Obtain business unit buy-in through close communication and coordination
• C. Obtain funding for all desired controls and then create project plans for implementation
• D. Apply the simpler controls as quickly as possible and use a risk-based approach for the more difficult and costly controls

Answer: D

 

NEW QUESTION 168
Which of the following BEST describes an international standard framework that is based on the security model Information Technology-Code of Practice for Information Security Management?

• A. National Institute of Standards and Technology Special Publication SP 800-12
• B. National Institute of Standards and Technology Special Publication SP 800-26
• C. Request For Comment 2196
• D. International Organization for Standardization 27001

Answer: D

 

NEW QUESTION 169
The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to help mitigate the risks?

• A. Provide developer security training
• B. Provide security testing tools
• C. Implement Compensating Controls
• D. Deploy Intrusion Detection Systems

Answer: C

 

NEW QUESTION 170
Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.

• A. ISO 27004
• B. ISO 27002
• C. ISO 27005
• D. ISO 27001

Answer: C

 

NEW QUESTION 171
The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Annual Safeguard Cost is the formula for determining:

• A. Life Cycle Loss Expectancy
• B. Safeguard Value
• C. Cost Benefit Analysis
• D. Single Loss Expectancy

Answer: C

 

NEW QUESTION 172
A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

• A. Creating risk assessment templates based on specific threats
• B. Ensuring developers include risk control comments in code
• C. Providing a risk program governance structure
• D. Allowing for the acceptance of risk for regulatory compliance requirements

Answer: C

 

NEW QUESTION 173
You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees to the payroll. Which combination of solutions would help to provide the coverage needed without the addition of more dedicated staff? (choose the best answer):

• A. Employ an assumption of breach protocol and defend only essential information resources
• B. Contract with a managed security provider and have current staff on recall for incident response
• C. Deploy a SEIM solution and have current staff review incidents first thing in the morning
• D. Configure your syslog to send SMS messages to current staff when target events are triggered

Answer: B

 

NEW QUESTION 174
What is one key difference between Capital expenditures and Operating expenditures?

• A. Operating expense cannot be written off while Capital expense can
• B. Operating expenses can be depreciated over time and Capital expenses cannot
• C. Capital expenses cannot include salaries and Operating expenses can
• D. Capital expenditures allow for the cost to be depreciated over time and Operating does not

Answer: C

 

NEW QUESTION 175
A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?

• A. Have internal audit conduct another audit to see what has changed.
• B. Meet with audit team to determine a timeline for corrections
• C. Contract with an external audit company to conduct an unbiased audit
• D. Review the recommendations and follow up to see if audit implemented the changes

Answer: D

 

NEW QUESTION 176
Which of the following methodologies references the recommended industry standard that Information security project managers should follow?

• A. Project Management Body of Knowledge
• B. The Security Project And Management Methodology
• C. The Security Systems Development Life Cycle
• D. Project Management System Methodology

Answer: A

 

NEW QUESTION 177
......

Exam Questions for 512-50 Updated Versions With Test Engine: https://www.testsimulate.com/512-50-study-materials.html