512-50 : Information Security Manager (E|ISM) Exam

512-50 Dumps
512-50 Braindumps
512-50 Real Questions
512-50 Practice Test
512-50 Actual Questions


EC-COUNCIL
512-50
Information Security Manager (E|ISM)
https://killexams.com/pass4sure/exam-detail/512-50

Question: 84
Which of the following is MOST important when dealing with an Information Security Steering committee:
A. Include a mix of members from different departments and staff levels.
B. Ensure that security policies and procedures have been vetted and approved.
C. Review all past audit and compliance reports.
D. Be briefed about new trends and products at each meeting by a vendor.
Answer: C
Question: 85
When briefing senior management on the creation of a governance process, the MOST important aspect should be:
A. information security metrics.
B. knowledge required to analyze each issue.
C. baseline against which metrics are evaluated.
D. linkage to business area objectives.
Answer: D
Question: 86
What is the BEST way to achieve on-going compliance monitoring in an organization?
A. Only check compliance right before the auditors are scheduled to arrive onsite.
B. Outsource compliance to a 3rd party vendor and let them manage the program.
C. Have Compliance and Information Security partner to correct issues as they arise.
D. Have Compliance direct Information Security to fix issues after the auditors report.
Answer: C
Question: 87
Which of the following is considered the MOST effective tool against social engineering?
A. Anti-phishing tools
B. Anti-malware tools
C. Effective Security Vulnerability Management Program
D. Effective Security awareness program
Answer: D
Question: 88
Risk is defined as:
A. Threat times vulnerability divided by control
B. Advisory plus capability plus vulnerability
C. Asset loss times likelihood of event
D. Quantitative plus qualitative impact
Answer: A
Question: 89
When would it be more desirable to develop a set of decentralized security policies and procedures within an
enterprise environment?
A. When there is a need to develop a more unified incident response capability.
B. When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory
requirements.
C. When there is a variety of technologies deployed in the infrastructure.
D. When it results in an overall lower cost of operating the security program.
Answer: B
Question: 90
The FIRST step in establishing a security governance program is to?
A. Conduct a risk assessment.
B. Obtain senior level sponsorship.
C. Conduct a workshop for all end users.
D. Prepare a security budget.
Answer: B
Question: 91
Risk that remains after risk mitigation is known as
A. Persistent risk
B. Residual risk
C. Accepted risk
D. Non-tolerated risk
Answer: B
Question: 92
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?
A. The organization uses exclusively a quantitative process to measure risk
B. The organization uses exclusively a qualitative process to measure risk
C. The organizationās risk tolerance is high
D. The organizationās risk tolerance is lo
Answer: C
Question: 93
The PRIMARY objective for information security program development should be:
A. Reducing the impact of the risk to the business.
B. Establishing strategic alignment with business continuity requirements
C. Establishing incident response programs.
D. Identifying and implementing the best security solutions.
Answer: A
Question: 94
A business unit within your organization intends to deploy a new technology in a manner that places it in violation of
existing information security standards.
What immediate action should the information security manager take?
A. Enforce the existing security standards and do not allow the deployment of the new technology.
B. Amend the standard to permit the deployment.
C. If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk,
and allow the business unit to proceed based on the identified risk level.
D. Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.
Answer: C
Question: 95
According to ISO 27001, of the steps for establishing an Information Security Governance program listed below,
which comes first?
A. Identify threats, risks, impacts and vulnerabilities
B. Decide how to manage risk
C. Define the budget of the Information Security Management System
D. Define Information Security Policy
Answer: D
Question: 96
From an information security perspective, information that no longer supports the main purpose of the business should
be:
A. assessed by a business impact analysis.
B. protected under the information classification policy.
C. analyzed under the data ownership policy.
D. analyzed under the retention policy
Answer: D
Question: 97
What is the main purpose of the Incident Response Team?
A. Ensure efficient recovery and reinstate repaired systems
B. Create effective policies detailing program activities
C. Communicate details of information security incidents
D. Provide current employee awareness programs
Answer: A
Question: 98
Information security policies should be reviewed:
A. by stakeholders at least annually
B. by the CISO when new systems are brought online
C. by the Incident Response team after an audit
D. by internal audit semiannually
Answer: A
Question: 99
An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security
Management System.
Which of the following international standards can BEST assist this organization?
A. International Organization for Standardizations C 27004 (ISO-27004)
B. Payment Card Industry Data Security Standards (PCI-DSS)
C. Control Objectives for Information Technology (COBIT)
D. International Organization for Standardizations C 27005 (ISO-27005)
Answer: A
Question: 100
Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?
A. Use within an organization to formulate security requirements and objectives
B. Implementation of business-enabling information security
C. Use within an organization to ensure compliance with laws and regulations
D. To enable organizations that adopt it to obtain certifications
Answer: B

User: Rurik***** I had 12 days left to prepare for the 512-50 exam, and I was facing a few challenges. I urgently needed a smooth and effective guide, and ultimately, I got the Killexams.com Questions and Answers. The quick answers were not difficult to complete in 15 days. In the actual 512-50 exam, I scored 88%, and I had answered 90% of the questions similarly to the pattern papers they provided. I am grateful to Killexams.com.

User: Richard***** When I was approaching my 512-50 exam, I found myself running out of time and feeling extremely anxious. I regretted wasting time on useless material and began to search for a solution. Thats when I came across killexams.com and its comprehensive resources specifically designed for candidates taking the 512-50 exam for EC-COUNCIL. With their help, I was able to achieve good scores in the exam.

User: Leanne***** Killexams.com covers everything in the 512-50 exam, and using their real exam questions, passing with less stress is a lot easier. The range of topics covered is vast, and without a proven strategy, some things can fall through the cracks. However, Killexams.com has helped me cover everything, and I highly recommend their guide to all students preparing for the 512-50 exam.

User: Natalyah***** I am pleased to report that I have passed the INFORMATION SECURITY MANAGER (E|ISM) exam with the help of Killexams.com. All of the questions on the exam were from their study material. Their guide was a real asset in my success, as it properly guided me to tackle the exam questions and achieve a 100% accomplishment rate.

User: Omar***** One of the best features of killexams.com question bank is the explanations provided with the answers. These explanations helped me understand the subject conceptually, and I was able to pass the 512-50 exam with a score of 90%. I am grateful to the team for making it easy for me to succeed.

---