512-50試験無料問題集（402題）「EC-COUNCIL EC-Council Information Security Manager (E|ISM) 認定」

出題：1

The Information Security Governance program MUST:

A. integrate with other organizational governance processes

B. show a return on investment for the organization

C. integrate with other organizational governance processes

D. support user choice for Bring Your Own Device (BYOD)

正解：C 解答を投票する

出題：2

Which of the following BEST describes an international standard framework that is based on the security model Information Technology-Code of Practice for Information Security Management?

A. National Institute of Standards and Technology Special Publication SP 800-26

B. National Institute of Standards and Technology Special Publication SP 800-12

C. Request For Comment 2196

D. International Organization for Standardization 27001

正解：D 解答を投票する

出題：3

Which of the following functions evaluates risk present in IT initiatives and/or systems when implementing an information security program?

A. Vulnerability Assessment

B. Risk Management

C. Risk Assessment

D. System Testing

正解：C 解答を投票する

出題：4

A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization's large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

A. Decrease the vulnerabilities within the scan tool settings

B. Filter the scan output so only pertinent data is analyzed

C. Scan a representative sample of systems

D. Perform the scans only during off-business hours

正解：C 解答を投票する

出題：5

The success of the Chief Information Security Officer is MOST dependent upon:

A. development of relationships with organization executives

B. favorable audit findings

C. raising awareness of security issues with end users

D. following the recommendations of consultants and contractors

正解：A 解答を投票する

出題：6

Which of the following is the MOST important component of any change management process?

A. Back-out procedures

B. Management approval

C. Scheduling

D. Outage planning

正解：B 解答を投票する

出題：7

Which of the following is considered the foundation for the Enterprise Information Security Architecture (EISA)?

A. Data classification

B. Asset classification

C. Information security policy

D. Security regulations

正解：C 解答を投票する

出題：8

You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

A. Relative likelihood of event

B. Controlled mitigation effort

C. Risk impact comparison

D. Comparative threat analysis

正解：A 解答を投票する

出題：9

Which of the following is true regarding expenditures?

A. Capital expenditures are used to define depreciation tables of intangible assets

B. Operating expenditures are for acquiring assets, capital expenditures are for support costs of that asset

C. Capital expenditures are for acquiring assets, whereas operating expenditures are for support costs of that asset

D. Capital expenditures are never taxable

正解：C 解答を投票する

出題：10

A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:

A. Security Incident Response

B. Business continuity planning

C. Thought leadership

D. Change management

正解：A 解答を投票する

出題：11

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the "real workers." What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?

A. Cite compliance with laws, statutes, and regulations - explaining the financial implications for the company for non-compliance

B. Understand the business and focus your efforts on enabling operations securely

C. Draw from your experience and recount stories of how other companies have been compromised

D. Cite corporate policy and insist on compliance with audit findings

正解：B 解答を投票する

出題：12

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
The organization wants a more permanent solution to the threat to user credential compromise through phishing. What technical solution would BEST address this issue?

A. Multi-factor authentication employing hard tokens

B. Forcing password changes every 90 days

C. Professional user education on phishing conducted by a reputable vendor

D. Decreasing the number of employees with administrator privileges

正解：A 解答を投票する

出題：13

An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected to help stabilize the availability and integrity of the organization's IT environment. Which of the following can be used to measure the effectiveness of this newly implemented process:

A. Number and length of planned outages

B. Number of change orders processed

C. Number of change orders rejected

D. Number of unplanned outages

正解：D 解答を投票する

512-50試験無料問題集「EC-COUNCIL EC-Council Information Security Manager (E|ISM) 認定」