Pass the ECCouncil EISM 512-50 Questions and answers with ExamsMirror

A CISO has implemented a risk management capability within the security portfolio. Which of the following

terms best describes this functionality?

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how

hardware and software is implemented and managed within the organization. Which of the following principles

does this best demonstrate?

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.

Recently, members of your organization have been targeted through a number of sophisticated phishing attempts and have compromised their system credentials. What action can you take to prevent the misuse of compromised credentials to change bank account information from outside your organization while still allowing employees to manage their bank information?

What process defines the framework of rules and practices by which a board of directors ensure accountability, fairness and transparency in an organization's relationship with its shareholders?

When creating contractual agreements and procurement processes why should security requirements be included?

Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals

the increasing need to address security consistently at the enterprise level. This new CISO, while confident with

skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.

From an Information Security Leadership perspective, which of the following is a MAJOR concern about the

CISO’s approach to security?

Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.

Symmetric encryption in general is preferable to asymmetric encryption when:

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”

Which group of people should be consulted when developing your security program?

As the Chief Information Security Officer, you are performing an assessment of security posture to understand

what your Defense-in-Depth capabilities are. Which network security technology examines network traffic flows

to detect and actively stop vulnerability exploits and attacks?