712-50 実際試験問題と解答 - 模擬練習 - 受験自信を増やす

Question No : 1
To have accurate and effective information security policies how often should the CISO review the organization policies?

A.Every 6 months
B.Quarterly
C.Before an audit
D.At least once a year

正解:

Question No : 2
Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?

A.Plan-Check-Do-Act
B.Plan-Do-Check-Act
C.Plan-Select-Implement-Evaluate
D.SCORE (Security Consensus Operational Readiness Evaluation)

正解:

Question No : 3
Assigning the role and responsibility of Information Assurance to a dedicated and independent security group is an example of:

A.Detective Controls
B.Proactive Controls
C.Preemptive Controls
D.Organizational Controls

正解:

Question No : 4
Which of the following international standards can be BEST used to define a Risk Management process in an organization?

A.National Institute for Standards and Technology 800-50 (NIST 800-50)
B.International Organization for Standardizations C 27005 (ISO-27005)
C.Payment Card Industry Data Security Standards (PCI-DSS)
D.International Organization for Standardizations C 27004 (ISO-27004)

正解:

Question No : 5
Which of the following is the MOST important benefit of an effective security governance process?

A.Reduction of liability and overall risk to the organization
B.Better vendor management
C.Reduction of security breaches
D.Senior management participation in the incident response process

正解:

Question No : 6
Who is responsible for securing networks during a security incident?

A.Chief Information Security Officer (CISO)
B.Security Operations Center (SO
C.Disaster Recovery (DR) manager
D.Incident Response Team (IRT)

正解:

Question No : 7
A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization’s large IT infrastructure .
What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

A.Scan a representative sample of systems
B.Perform the scans only during off-business hours
C.Decrease the vulnerabilities within the scan tool settings
D.Filter the scan output so only pertinent data is analyzed

正解:

Question No : 8
The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:

A.Due Protection
B.Due Care
C.Due Compromise
D.Due process

正解:

Question No : 9
What is the definition of Risk in Information Security?

A.Risk = Probability x Impact
B.Risk = Threat x Probability
C.Risk = Financial Impact x Probability
D.Risk = Impact x Threat

正解:

Question No : 10
What two methods are used to assess risk impact?

A.Cost and annual rate of expectance
B.Subjective and Objective
C.Qualitative and percent of loss realized
D.Quantitative and qualitative

正解:

Question No : 11
You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

A.Controlled mitigation effort
B.Risk impact comparison
C.Relative likelihood of event
D.Comparative threat analysis

正解:

Question No : 12
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

A.The organization uses exclusively a quantitative process to measure risk
B.The organization uses exclusively a qualitative process to measure risk
C.The organization’s risk tolerance is high
D.The organization’s risk tolerance is lo

正解:

Question No : 13
Risk appetite directly affects what part of a vulnerability management program?

A.Staff
B.Scope
C.Schedule
D.Scan tools

正解:

Question No : 14
What role should the CISO play in properly scoping a PCI environment?

A.Validate the business units’ suggestions as to what should be included in the scoping process
B.Work with a Qualified Security Assessor (QSA) to determine the scope of the PCI environment
C.Ensure internal scope validation is completed and that an assessment has been done to discover all credit card data
D.Complete the self-assessment questionnaire and work with an Approved Scanning Vendor (ASV) to determine scope

正解:

Question No : 15
According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?

A.Identify threats, risks, impacts and vulnerabilities
B.Decide how to manage risk
C.Define the budget of the Information Security Management System
D.Define Information Security Policy

正解:

EC-Council 712-50 問題練習