
[Jan-2022] Latest EC-COUNCIL 712-50 exam dumps and online Test Engine
EC-COUNCIL 712-50: Selling CCISO Products and Solutions
712-50 Exam topics
Candidates must know the exam topics before they start of preparation. Because it will really help them in hitting the core. Our 712-50 dumps will include the following topics:
- Information Security Controls, Compliance, and Audit Management 19%
- Security Program Management & Operations 22%
- Information Security Core Competencies 25%
- Strategic Planning, Finance, Procurement, and Vendor Management 17%
- Governance and Risk Management (Policy, Legal, and Compliance) 17%
EC-Council 712-50 Exam Syllabus Topics:
| Topic | Details | Weightage |
|---|---|---|
| Security Program Management & Operations | - For each information systems project develop a clear project scope statement in alignment with organizational objectives - Define activities needed to successfully execute the information systems program, estimate activity duration, and develop a schedule and staffng plan - Develop, manage and monitor the information systems program budget, estimate and control costs of individual projects - Identify, negotiate, acquire and manage the resources needed for successful design and implementation of the information systems program (e.g., people, infrastructure, and architecture) - Acquire, develop and manage information security project team - Assign clear information security personnel job functions and provide continuous training to ensure effective performance and accountability - Direct information security personnel and establish communications, and team activities, between the information systems team and other security-related personnel (e.g., technical support, incident management, security engineering) - Resolve personnel and teamwork issues within time, cost, and quality constraints - Identify, negotiate and manage vendor agreement and community - Participate with vendors and stakeholders to review/assess recommended solutions; identify incompatibilities, challenges, or issues with proposed solutions - Evaluate the project management practices and controls to determine whether business requirements are achieved in a cost-effective manner while managing risks to the organization - Develop a plan to continuously measure the effectiveness of the information systems projects to ensure optimal system performance - Identify stakeholders, manage stakeholders’ expectations and communicate effectively to report progress and performance - Ensure that necessary changes and improvements to the information systems processes are implemented as required | 22% |
| Strategic Planning, Finance, Procurement, and Vendor Management | 1.Strategic Planning
| 17% |
NEW QUESTION 70
Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.
Using the best business practices for project management, you determine that the project correctly aligns with the organization goals. What should be verified next?
- A. Resources
- B. Scope
- C. Budget
- D. Constraints
Answer: B
NEW QUESTION 71
When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?
- A. When there is a variety of technologies deployed in the infrastructure.
- B. When it results in an overall lower cost of operating the security program.
- C. When there is a need to develop a more unified incident response capability.
- D. When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.
Answer: D
Explanation:
ECCouncil 712-50 : Practice Test
NEW QUESTION 72
Control Objectives for Information and Related Technology (COBIT) is which of the following?
- A. A set of international regulations for Information Technology governance
- B. An Information Security audit standard
- C. A framework for Information Technology management and governance
- D. An audit guideline for certifying secure systems and controls
Answer: C
NEW QUESTION 73
One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?
- A. Your public key
- B. The recipient's private key
- C. The recipient's public key
- D. Certificate authority key
Answer: C
NEW QUESTION 74
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization. From an organizational perspective, which of the following is the LIKELY reason for this?
- A. The CISO has not implemented a security awareness program
- B. The CISO does not report directly to the CEO of the organization
- C. The CISO has not implemented a policy management framework
- D. The CISO reports to the IT organization
Answer: D
NEW QUESTION 75
The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):
- A. Used 1024 bit encryption when 256 bit would have sufficed
- B. Used hardware encryption instead of software encryption
- C. Failed to identify all stakeholders and their needs
- D. Deployed the encryption solution in an inadequate manner
Answer: C
NEW QUESTION 76
Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.
When multiple regulations or standards apply to your industry you should set controls to meet the:
- A. Stricter regulation or standard
- B. Recommendations of your Legal Staff
- C. Easiest regulation or standard to implement
- D. Most complex standard to implement
Answer: D
NEW QUESTION 77
You have implemented the new controls. What is the next step?
- A. Monitor the effectiveness of the controls
- B. Update the audit findings report
- C. Document the process for the stakeholders
- D. Perform a risk assessment
Answer: A
NEW QUESTION 78
The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?
- A. The need to change accounting periods on a regular basis.
- B. The requirement to post entries for a closed accounting period.
- C. The lack of policies and procedures for the proper segregation of duties.
- D. The need to create and modify the chart of accounts and its allocations.
Answer: C
NEW QUESTION 79
When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?
- A. Daily
- B. Weekly
- C. Hourly
- D. Monthly
Answer: A
NEW QUESTION 80
Which technology can provide a computing environment without requiring a dedicated hardware backend?
- A. Virtual Local Area Network
- B. Thin client
- C. Virtual Desktop
- D. Mainframe server
Answer: C
NEW QUESTION 81
The Information Security Governance program MUST:
- A. integrate with other organizational governance processes
- B. support user choice for Bring Your Own Device (BYOD)
- C. integrate with other organizational governance processes
- D. show a return on investment for the organization
Answer: C
NEW QUESTION 82
An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the senior computer operator.
The most appropriate course of action for the IT auditor is to:
- A. Develop a computer-assisted audit technique to detect instances of abuses of the arrangement.
- B. Agree to work with the security officer on these shifts as a form of preventative control.
- C. Inform senior management of the risk involved.
- D. Review the system log for each of the late night shifts to determine whether any irregular actions occurred.
Answer: C
NEW QUESTION 83
A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the following is a foundational requirement in order to initiate this type of program?
- A. A complete inventory of Information Technology assets including infrastructure, networks, applications and data
- B. A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in
- C. A security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions
- D. A clear set of security policies and procedures that are more concept-based than controls-based
Answer: B
NEW QUESTION 84
Which of the following are primary concerns for management with regard to assessing internal control objectives?
- A. Confidentiality, Compliance, Cost
- B. Communication, Reliability, Cost
- C. Compliance, Effectiveness, Efficiency
- D. Confidentiality, Availability, Integrity
Answer: C
NEW QUESTION 85
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?
- A. Quarterly
- B. Annually
- C. Never
- D. Semi-annually
Answer: C
NEW QUESTION 86
Which of the following is critical in creating a security program aligned with an organization's goals?
- A. Provide clear communication of security program support requirements and audit schedules
- B. Create security awareness programs that include clear definition of security program goals and charters
- C. Ensure security budgets enable technical acquisition and resource allocation based on internal compliance requirements
- D. Develop a culture in which users, managers and IT professionals all make good decisions about information risk
Answer: D
NEW QUESTION 87
Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified. The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning.
Which of the following is the MOST logical next step?
- A. Create detailed remediation funding and staffing plans
- B. Validate the effectiveness of current controls
- C. Review security procedures to determine if they need modified according to findings
- D. Report the audit findings and remediation status to business stake holders
Answer: D
NEW QUESTION 88
......
New 2022 712-50 Test Tutorial (Updated 396 Questions): https://www.actualtests4sure.com/712-50-test-questions.html
Reliable 712-50 Exam Tips Test Pdf Exam Material: https://drive.google.com/open?id=1kjtwjWNIhke_GSKlRC3_jVSIdFTHiamG

