[Jan-2022] Latest EC-COUNCIL 712-50 exam dumps and online Test Engine [Q70-Q88]

Share

[Jan-2022] Latest EC-COUNCIL 712-50 exam dumps and online Test Engine

EC-COUNCIL 712-50: Selling CCISO Products and Solutions


712-50 Exam topics

Candidates must know the exam topics before they start of preparation. Because it will really help them in hitting the core. Our 712-50 dumps will include the following topics:

  • Information Security Controls, Compliance, and Audit Management 19%
  • Security Program Management & Operations 22%
  • Information Security Core Competencies 25%
  • Strategic Planning, Finance, Procurement, and Vendor Management 17%
  • Governance and Risk Management (Policy, Legal, and Compliance) 17%

EC-Council 712-50 Exam Syllabus Topics:

TopicDetailsWeightage
Security Program Management & Operations- For each information systems project develop a clear project scope statement in alignment with organizational objectives
- Define activities needed to successfully execute the information systems program, estimate activity duration, and develop a schedule and staffng plan
- Develop, manage and monitor the information systems program budget, estimate and control costs of individual projects
- Identify, negotiate, acquire and manage the resources needed for successful design and implementation of the information systems program (e.g., people, infrastructure, and architecture)
- Acquire, develop and manage information security project team
- Assign clear information security personnel job functions and provide continuous training to ensure effective performance and accountability
- Direct information security personnel and establish communications, and team activities, between the information systems team and other security-related personnel (e.g., technical support, incident management, security engineering)
- Resolve personnel and teamwork issues within time, cost, and quality constraints
- Identify, negotiate and manage vendor agreement and community
- Participate with vendors and stakeholders to review/assess recommended solutions; identify incompatibilities, challenges, or issues with proposed solutions
- Evaluate the project management practices and controls to determine whether business requirements are achieved in a cost-effective manner while managing risks to the organization
- Develop a plan to continuously measure the effectiveness of the information systems projects to ensure optimal system performance
- Identify stakeholders, manage stakeholders’ expectations and communicate effectively to report progress and performance
- Ensure that necessary changes and improvements to the information systems processes are implemented as required
22%
Strategic Planning, Finance, Procurement, and Vendor Management​1.Strategic Planning
  • Design, develop and maintain enterprise information security architecture (EISA) by aligning business processes, IT software and hardware, local and wide area networks, people, operations, and projects with the organization’s overall security strategy
  • Perform external analysis of the organization (e.g., analysis of customers, competitors, markets and industry environment) and internal analysis (risk management, organizational capabilities, performance measurement etc.) and utilize them to align information security program with organization’s objectives
  • Identify and consult with key stakeholders to ensure understanding of organization’s objectives
  • Define a forward-looking, visionary and innovative strategic plan for the role of the information security program with clear goals, objectives and targets that support the operational needs of the organization
  • Define key performance indicators and measure effectiveness on continuous basis
  • Assess and adjust IT investments to ensure they are on track to support organization’s strategic objectives
  • Monitor and update activities to ensure accountability and progress
2.Finance
  • Analyze, forecast and develop the operational budget of the IT department
  • Acquire and manage the necessary resources for implementation and management of information security plan
  • Allocate financial resources to projects,processes and units within information security program
  • Monitor and oversee cost management of information security projects, return on investment (ROI) of key purchases related to IT infrastructure and security and ensure alignment with the strategic plan
  • Identify and report financial metrics to stakeholders
  • Balance the IT security investment portfolio based on EISA considerations and enterprise security priorities
  • Understand the acquisition life cycle and determine the importance of procurement by performing Business Impact Analysis
  • Identify different procurement strategies and understand the importance of cost benefit analysis during procurement of an information system
  • Understand the basic procurement concepts such as Statement of Objectives (SOO), Statement of Work (SOW), and Total Cost of Ownership (TCO)
  • Collaborate with various stakeholders (which may include internal client, lawyers, IT security professionals, privacy professionals, security engineers, suppliers, and others) on the procurement of IT security products and services
  • Ensure the inclusion of risk-based IT security requirements in acquisition plans, cost estimates, statements of work, contracts, and evaluation factors for award, service level agreements, and other pertinent procurement documents
  • Design vendor selection process and management policy
  • Develop contract administration policies that direct the evaluation and acceptance of delivered IT security products and services under a contract, as well as the security evaluation of IT and software being procured
  • Develop measures and reporting standards to measure and report on key objectives in procurements aligned with IT security policies and procedures
  • Understand the IA security requirements to be included in statements of work and other appropriate procurement documents







17%

 

NEW QUESTION 70
Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.
Using the best business practices for project management, you determine that the project correctly aligns with the organization goals. What should be verified next?

  • A. Resources
  • B. Scope
  • C. Budget
  • D. Constraints

Answer: B

 

NEW QUESTION 71
When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?

  • A. When there is a variety of technologies deployed in the infrastructure.
  • B. When it results in an overall lower cost of operating the security program.
  • C. When there is a need to develop a more unified incident response capability.
  • D. When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.

Answer: D

Explanation:
ECCouncil 712-50 : Practice Test

 

NEW QUESTION 72
Control Objectives for Information and Related Technology (COBIT) is which of the following?

  • A. A set of international regulations for Information Technology governance
  • B. An Information Security audit standard
  • C. A framework for Information Technology management and governance
  • D. An audit guideline for certifying secure systems and controls

Answer: C

 

NEW QUESTION 73
One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

  • A. Your public key
  • B. The recipient's private key
  • C. The recipient's public key
  • D. Certificate authority key

Answer: C

 

NEW QUESTION 74
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization. From an organizational perspective, which of the following is the LIKELY reason for this?

  • A. The CISO has not implemented a security awareness program
  • B. The CISO does not report directly to the CEO of the organization
  • C. The CISO has not implemented a policy management framework
  • D. The CISO reports to the IT organization

Answer: D

 

NEW QUESTION 75
The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):

  • A. Used 1024 bit encryption when 256 bit would have sufficed
  • B. Used hardware encryption instead of software encryption
  • C. Failed to identify all stakeholders and their needs
  • D. Deployed the encryption solution in an inadequate manner

Answer: C

 

NEW QUESTION 76
Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.
When multiple regulations or standards apply to your industry you should set controls to meet the:

  • A. Stricter regulation or standard
  • B. Recommendations of your Legal Staff
  • C. Easiest regulation or standard to implement
  • D. Most complex standard to implement

Answer: D

 

NEW QUESTION 77
You have implemented the new controls. What is the next step?

  • A. Monitor the effectiveness of the controls
  • B. Update the audit findings report
  • C. Document the process for the stakeholders
  • D. Perform a risk assessment

Answer: A

 

NEW QUESTION 78
The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

  • A. The need to change accounting periods on a regular basis.
  • B. The requirement to post entries for a closed accounting period.
  • C. The lack of policies and procedures for the proper segregation of duties.
  • D. The need to create and modify the chart of accounts and its allocations.

Answer: C

 

NEW QUESTION 79
When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?

  • A. Daily
  • B. Weekly
  • C. Hourly
  • D. Monthly

Answer: A

 

NEW QUESTION 80
Which technology can provide a computing environment without requiring a dedicated hardware backend?

  • A. Virtual Local Area Network
  • B. Thin client
  • C. Virtual Desktop
  • D. Mainframe server

Answer: C

 

NEW QUESTION 81
The Information Security Governance program MUST:

  • A. integrate with other organizational governance processes
  • B. support user choice for Bring Your Own Device (BYOD)
  • C. integrate with other organizational governance processes
  • D. show a return on investment for the organization

Answer: C

 

NEW QUESTION 82
An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the senior computer operator.
The most appropriate course of action for the IT auditor is to:

  • A. Develop a computer-assisted audit technique to detect instances of abuses of the arrangement.
  • B. Agree to work with the security officer on these shifts as a form of preventative control.
  • C. Inform senior management of the risk involved.
  • D. Review the system log for each of the late night shifts to determine whether any irregular actions occurred.

Answer: C

 

NEW QUESTION 83
A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the following is a foundational requirement in order to initiate this type of program?

  • A. A complete inventory of Information Technology assets including infrastructure, networks, applications and data
  • B. A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in
  • C. A security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions
  • D. A clear set of security policies and procedures that are more concept-based than controls-based

Answer: B

 

NEW QUESTION 84
Which of the following are primary concerns for management with regard to assessing internal control objectives?

  • A. Confidentiality, Compliance, Cost
  • B. Communication, Reliability, Cost
  • C. Compliance, Effectiveness, Efficiency
  • D. Confidentiality, Availability, Integrity

Answer: C

 

NEW QUESTION 85
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?

  • A. Quarterly
  • B. Annually
  • C. Never
  • D. Semi-annually

Answer: C

 

NEW QUESTION 86
Which of the following is critical in creating a security program aligned with an organization's goals?

  • A. Provide clear communication of security program support requirements and audit schedules
  • B. Create security awareness programs that include clear definition of security program goals and charters
  • C. Ensure security budgets enable technical acquisition and resource allocation based on internal compliance requirements
  • D. Develop a culture in which users, managers and IT professionals all make good decisions about information risk

Answer: D

 

NEW QUESTION 87
Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified. The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning.
Which of the following is the MOST logical next step?

  • A. Create detailed remediation funding and staffing plans
  • B. Validate the effectiveness of current controls
  • C. Review security procedures to determine if they need modified according to findings
  • D. Report the audit findings and remediation status to business stake holders

Answer: D

 

NEW QUESTION 88
......

New 2022 712-50 Test Tutorial (Updated 396 Questions): https://www.actualtests4sure.com/712-50-test-questions.html

Reliable 712-50 Exam Tips Test Pdf Exam Material: https://drive.google.com/open?id=1kjtwjWNIhke_GSKlRC3_jVSIdFTHiamG