512-50試験無料問題集（402題）「EC-COUNCIL EC-Council Information Security Manager (E|ISM) 認定」

出題：1

What is the relationship between information protection and regulatory compliance?

A. There is no relationship between the two.

B. The information required to be protected by regulatory mandate does not have to be identified in the organizations data classification policy.

C. That the protection of some information such as National ID information is mandated by regulation and other information such as trade secrets are protected based on business need.

D. That all information in an organization must be protected equally.

正解：C 解答を投票する

出題：2

SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

A. ' o 1=1 - -

B. NOPS

C. "DROPTABLE USERNAME"

D. /../../../../

正解：A 解答を投票する

出題：3

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

A. Configure logging on each access point

B. Provide IP and MAC address

C. Install a firewall software on each wireless access point.

D. Disable SSID Broadcast and enable MAC address filtering on all wireless access points.

正解：B 解答を投票する

出題：4

A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims.
Which of the following vendor provided documents is BEST to make your decision:

A. Vendor's client list of reputable organizations currently using their solution

B. Vendor provided attestation of the detailed security controls from a reputable accounting firm

C. Vendor provided reference from an existing reputable client detailing their implementation

D. Vendor provided internal risk assessment and security control documentation

正解：B 解答を投票する

出題：5

As the CISO you need to write the IT security strategic plan. Which of the following is the MOST important to review before you start writing the plan?

A. The company business plan.

B. The existing IT environment.

C. The present IT budget.

D. Other corporate technology trends.

正解：A 解答を投票する

出題：6

Which of the following represents the HIGHEST negative impact resulting from an ineffective security governance program?

A. Reduction of budget

B. Decreased security awareness

C. Fines for regulatory non-compliance

D. Improper use of information resources

正解：C 解答を投票する

出題：7

You have implemented a new security control. Which of the following risk strategy options have you engaged in?

A. Risk Transfer

B. Risk Avoidance

C. Risk Mitigation

D. Risk Acceptance

正解：C 解答を投票する

出題：8

The PRIMARY objective for information security program development should be:

A. Reducing the impact of the risk to the business.

B. Establishing strategic alignment with business continuity requirements

C. Identifying and implementing the best security solutions.

D. Establishing incident response programs.

正解：A 解答を投票する

出題：9

An organization's firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?

A. I low vulnerability environment

B. A high threat environment

C. A high risk tolerance environment

D. A low risk tolerance environment

正解：C 解答を投票する

出題：10

An organization has a number of Local Area Networks (LANs) linked to form a single Wide Area Network (WAN). Which of the following would BEST ensure network continuity?

A. Pre-built servers and routers

B. Full off-site backup of every server

C. Permanent alternative routing

D. Third-party emergency repair contract

正解：C 解答を投票する

出題：11

Your penetration testing team installs an in-line hardware key logger onto one of your network machines.
Which of the following is of major concern to the security organization?

A. In-line hardware keyloggers are undetectable by software

B. In-line hardware keyloggers are relatively inexpensive

C. In-line hardware keyloggers don't comply to industry regulations

D. In-line hardware keyloggers don't require physical access

正解：A 解答を投票する

出題：12

The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because

A. This represents a conflict of interest

B. The IT team is not certified to perform audits

C. The IT team is not familiar in IT audit practices

D. This represents a bad implementation of the Least Privilege principle

正解：A 解答を投票する

出題：13

You have implemented the new controls. What is the next step?

A. Perform a risk assessment

B. Document the process for the stakeholders

C. Monitor the effectiveness of the controls

D. Update the audit findings report

正解：C 解答を投票する

512-50試験無料問題集「EC-COUNCIL EC-Council Information Security Manager (E|ISM) 認定」