EC-Council Certified CISO (CCISO) (712-50) Free Practice Test

Question 1

Who is responsible for oversight of an information security program within an organization?

A. Senior leadership

B. General Counsel

C. Auditor

D. Human Resources

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

What is defined as the friction or opposition resulting from actual or perceived differences or incompatibilities?

A. Conflict

B. Disagreement

C. Disgruntlement

D. Silos

Correct Answer: C

Question 3

Where does bottom-up financial planning primarily gain information for creating budgets?

A. By adding all planned operational expenses per quarter then summarizing them in a budget request

B. By adding the cost of all known individual tasks and projects that are planned for the next budgetary cycle

C. By adding all capital and operational costs from the prior budgetary cycle, and determining potentialfinancial shortages

D. By reviewing last year's program-level costs and adding a percentage of expected additional portfolio costs

Correct Answer: A

Question 4

An organization correctly configured a Data Loss Prevention (DLP) technology. Afterward, sensitive data was found on public websites. What is the MOST likely reason for this situation?

A. Sensitive data was not encrypted while at rest

B. A risk assessment was performed on the technology

C. Data classification was not properly applied

D. The technology was not integrated with antivirus

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

Which of the following compliance standards is the MOST common among retail businesses?

A. NIST Cybersecurity Framework

B. Payment Card Industry (PCI) Data Security Standard (DSS)

C. Federal Risk and Authorization Management Program (FedRAMP)

D. ISO 27002

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

When performing a forensic investigation, what are the two MOST common sources for obtaining computer evidence?

A. Persistent and volatile data

B. Unallocated system storage and removable drives

C. Configurations and software patch level

D. Screen captures and keystroke logs

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

During a cyber incident, which of the following non-security personnel will MOST likely be required to assist the incident response team?

A. Human resources, facilities maintenance, and IT support

B. Financial analysts, payroll clerks, HR managers

C. Threat analysts, IT auditors, security operations managers

D. Legal, help desk, system and network administrators

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

Which of the following BEST describes revenue?

A. Non-operating financial liabilities minus expenses

B. The sum value of all assets and cash flow into the business

C. The future profit-making potential of an organization

D. The economic benefit derived by operating a business

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

What function in an organization is responsible for collecting and communicating processes to facilitate the recovery of critical functions within an organization?

A. Legal Advisement

B. Security Operations

C. Business Continuity

D. Disaster Recovery

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

Due to staff shortages during off-hours, the Security Operations Center (SOC) manager is considering outsourcing off-hour coverage. What type of SOC is being considered?

A. Cyber Center of Excellence

B. Virtual

C. Hybrid

D. In-house

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 11

A university recently hired a CISO. One of the first tasks is to develop a continuity of operations plan (COOP).
In developing the business impact assessment (BIA), which of the following MOST closely relate to the data backup and restoral?

A. Mean Time to Delivery (MTD)

B. Maximum Tolerable Downtime (MTD)

C. Recovery Point Objective (RPO)

D. Recovery Time Objective (RTO)

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 12

The formal certification and accreditation process has four primary steps, what are they?

A. Auditing, documenting, verifying, certifying

B. Discovery, testing, authorizing, certifying

C. Evaluating, describing, testing and authorizing

D. Evaluating, purchasing, testing, authorizing

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 13

The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to help mitigate the risks?

A. Implement Compensating Controls

B. Provide developer security training

C. Provide security testing tools

D. Deploy Intrusion Detection Systems

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

EC-COUNCIL EC-Council Certified CISO (CCISO) (712-50) Free Practice Test