EC-Council Information Security Manager (E|ISM) (512-50) Free Practice Test

Question 1

A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?

A. digital rights management

B. strong authentication

C. conflict resolution

D. non-repudiation

Correct Answer: D

Question 2

According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?

A. Susceptibility to attack, expected duration of attack, and mitigation availability

B. Vulnerability exploitation, attack recovery, and mean time to repair

C. Susceptibility to attack, mitigation response time, and cost

D. Attack vectors, controls cost, and investigation staffing needs

Correct Answer: C

Question 3

The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called

A. Security certification

B. Security system analysis

C. Security accreditation

D. Alignment with business practices and goals.

Correct Answer: C

Question 4

Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target company. Just as the employee opens the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so that he can enter. What is the best way to undermine the social engineering activity of tailgating?

A. Setup a mock video camera next to the special card reader adjacent to the secure door

B. Issue special cards to access secure doors at the company and provide a one-time only brief description of use of the special card

C. Educate and enforce physical security policies of the company to all the employees on a regular basis

D. Post a sign that states, "no tailgating" next to the special card reader adjacent to the secure door

Correct Answer: C

Question 5

As the Risk Manager of an organization, you are task with managing vendor risk assessments. During the assessment, you identified that the vendor is engaged with high profiled clients, and bad publicity can jeopardize your own brand.
Which is the BEST type of risk that defines this event?

A. Operational Risk

B. Reputation Risk

C. Strategic Risk

D. Compliance Risk

Correct Answer: B

Question 6

SCENARIO: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.
What phase of the response provides measures to reduce the likelihood of an incident from recurring?

A. Follow-up

B. Investigation

C. Response

D. Recovery

Correct Answer: A

Question 7

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
After determining the audit findings are accurate, which of the following is the MOST logical next activity?

A. Begin initial gap remediation analyses

B. Review the security organization's charter

C. Create a briefing of the findings for executive management

D. Validate gaps with the Information Technology team

Correct Answer: A

Question 8

A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?

A. Information Technology Infrastructure Library (ITIL)

B. Payment Card Industry Data Security Standards (PCI-DSS)

C. National Institute for Standards and Technology (NIST) standard

D. International Organization for Standardization (ISO) standards

Correct Answer: B

Question 9

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
Once supervisors and data owners have approved requests, information system administrators will implement

A. Policy control(s)

B. Technical control(s)

C. Management control(s)

D. Operational control(s)

Correct Answer: B

Question 10

How often should the SSAE16 report of your vendors be reviewed?

A. Quarterly

B. Semi-annually

C. Bi-annually

D. Annually

Correct Answer: D

Question 11

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

A. Disable SSID Broadcast and enable MAC address filtering on all wireless access points.

B. Provide IP and MAC address

C. Configure logging on each access point

D. Install a firewall software on each wireless access point.

Correct Answer: B

Question 12

Which of the following is a common technology for visual monitoring?

A. Blocked video

B. Local video

C. Open circuit television

D. Closed circuit television

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

EC-COUNCIL EC-Council Information Security Manager (E|ISM) (512-50) Free Practice Test