EC-Council Certified CISO v1.0

Page:    1 / 32   
Exam contains 467 questions
Expand All

An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied.
What is the NEXT logical step in applying the controls in the organization?

  • A. Determine the risk tolerance
  • B. Perform an asset classification
  • C. Analyze existing controls on systems
  • D. Create an architecture gap analysis


Answer : B

The single most important consideration to make when developing your security program, policies, and processes is:

  • A. Alignment with the business
  • B. Budgeting for unforeseen data compromises
  • C. Establishing your authority as the Security Executive
  • D. Streaming for efficiency


Answer : A

In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?

  • A. Every 18 months
  • B. Every 12 months
  • C. High risk environments 6 months, low-risk environments 12 months
  • D. Every 6 months


Answer : B

Which of the following is a MAJOR consideration when an organization retains sensitive customer data and uses this data to better target the organization's products and services?

  • A. Strong authentication technologies
  • B. Financial reporting regulations
  • C. Credit card compliance and regulations
  • D. Local privacy laws


Answer : D

If your organization operates under a model of "assumption of breach", you should:

  • A. Establish active firewall monitoring protocols
  • B. Purchase insurance for your compliance liability
  • C. Focus your security efforts on high value assets
  • D. Protect all information resource assets equally


Answer : B

When dealing with a risk management process, asset classification is important because it will impact the overall:

  • A. Threat identification
  • B. Risk treatment
  • C. Risk monitoring
  • D. Risk tolerance


Answer : B

You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

  • A. Relative likelihood of event
  • B. Controlled mitigation effort
  • C. Risk impact comparison
  • D. Comparative threat analysis


Answer : A

Which of the following is a benefit of information security governance?

  • A. Direct involvement of senior management in developing control processes
  • B. Reduction of the potential for civil and legal liability
  • C. Questioning the trust in vendor relationships
  • D. Increasing the risk of decisions based on incomplete management information


Answer : B

Developing effective security controls is a balance between:

  • A. Technology and Vendor Management
  • B. Operations and Regulations
  • C. Risk Management and Operations
  • D. Corporate Culture and Job Expectations


Answer : C

The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:

  • A. Due Compromise
  • B. Due process
  • C. Due Care
  • D. Due Protection


Answer : C

Which of the following is considered the MOST effective tool against social engineering?

  • A. Effective Security Vulnerability Management Program
  • B. Anti-malware tools
  • C. Effective Security awareness program
  • D. Anti-phishing tools


Answer : C

When managing the security architecture for your company you must consider:

  • A. Budget
  • B. Security and IT Staff size
  • C. Company values
  • D. All of the above


Answer : D

The PRIMARY objective for information security program development should be:

  • A. Reducing the impact of the risk to the business.
  • B. Establishing incident response programs.
  • C. Establishing strategic alignment with business continuity requirements.
  • D. Identifying and implementing the best security solutions.


Answer : A

After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD.
This is an example of____________.

  • A. Qualitative risk analysis
  • B. Risk Appetite
  • C. Quantitative risk analysis
  • D. Risk Tolerance


Answer : C

Quantitative Risk Assessments have the following advantages over qualitative risk assessments:

  • A. They are subjective and can be completed more quickly
  • B. They are objective and express risk / cost in approximates
  • C. They are subjective and can express risk / cost in real numbers
  • D. They are objective and can express risk / cost in real numbers


Answer : D

Page:    1 / 32   
Exam contains 467 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy