EC-Council Information Security Manager (E|ISM) (512-50) Practice Test

Questions # 111:

To have accurate and effective information security policies how often should the CISO review the organization policies?

Options:

Every 6 months

Quarterly

Before an audit

At least once a year

Questions # 112:

Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

Options:

A substantive test of program library controls

A compliance test of program library controls

A compliance test of the program compiler controls

A substantive test of the program compiler controls

Questions # 113:

Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

Options:

Meet regulatory compliance requirements

Better understand the threats and vulnerabilities affecting the environment

Better understand strengths and weaknesses of the program

Meet legal requirements

Questions # 114:

A Chief Information Security Officer received a list of high, medium, and low impact audit findings. Which of the following represents the BEST course of action?

Options:

If the findings impact regulatory compliance, try to apply remediation that will address the most findings for the least cost.

If the findings do not impact regulatory compliance, remediate only the high and medium risk findings.

If the findings impact regulatory compliance, remediate the high findings as quickly as possible.

If the findings do not impact regulatory compliance, review current security controls.

Questions # 115:

The regular review of a firewall ruleset is considered a

Options:

Procedural control

Organization control

Technical control

Management control

Questions # 116:

Dataflow diagrams are used by IT auditors to:

Options:

Order data hierarchically.

Highlight high-level data definitions.

Graphically summarize data paths and storage processes.

Portray step-by-step details of data generation.

Questions # 117:

The patching and monitoring of systems on a consistent schedule is required by?

Options:

Local privacy laws

Industry best practices

Risk Management frameworks

Audit best practices

Questions # 118:

Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?

Options:

Plan-Check-Do-Act

Plan-Do-Check-Act

Plan-Select-Implement-Evaluate

SCORE (Security Consensus Operational Readiness Evaluation)

Questions # 119:

Creating a secondary authentication process for network access would be an example of?

Options:

Nonlinearities in physical security performance metrics

Defense in depth cost enumerated costs

System hardening and patching requirements

Anti-virus for mobile devices

Questions # 120:

As the new CISO at the company you are reviewing the audit reporting process and notice that it includes only detailed technical diagrams. What else should be in the reporting process?

Options:

Executive summary

Penetration test agreement

Names and phone numbers of those who conducted the audit

Business charter

Viewing page 12 out of 13 pages

Viewing questions 111-120 out of questions

Spring Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Pass the ECCouncil EISM 512-50 Questions and answers with ExamsMirror

Exam 512-50 Premium Access

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

Options:

TOP CODES