EC-COUNCIL 512-50 問題集

質問 1：
Which of the following most commonly falls within the scope of an information security governance steering committee?
A. Vetting information security policies
B. Developing content for security awareness programs
C. Interviewing candidates for information security specialist positions
D. Approving access to critical financial systems
正解：A

質問 2：
Which of the following best describes revenue?
A. The economic benefit derived by operating a business
B. The sum value of all assets and cash flow into the business
C. Non-operating financial liabilities minus expenses
D. The true profit-making potential of an organization
正解：A
解説: (Topexam メンバーにのみ表示されます)

質問 3：
John is the project manager for a large project in his organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed. The vendor is refusing to make the changes as they've already completed the project work they were contracted to do. What can John do in this instance?
A. Review the Request for Proposal (RFP) for guidance.
B. Withhold the vendor's payments until the issue is resolved.
C. Refer to the contract agreement for direction.
D. Refer the vendor to the Service Level Agreement (SLA) and insist that they make the changes.
正解：C

質問 4：
To have accurate and effective information security policies how often should the CISO review the organization policies?
A. Before an audit
B. Every 6 months
C. At least once a year
D. Quarterly
正解：C

質問 5：
You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don't know what to do. What is the BEST approach to handle this situation?
A. Tell the team to only respond to the critical and high alerts
B. Tune the sensors to help reduce false positives so the team can react better
C. Request additional resources to handle the workload
D. Tell the team to do their best and respond to each alert
正解：B

質問 6：
The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the application?
A. The company does not believe the security vulnerabilities to be real
B. The company lacks a risk management process
C. The company has a high risk tolerance
D. The company lacks the tools to perform a vulnerability assessment
正解：C

質問 7：
The patching and monitoring of systems on a consistent schedule is required by?
A. Local privacy laws
B. Audit best practices
C. Risk Management frameworks
D. Industry best practices
正解：C

質問 8：
When analyzing and forecasting an operating expense budget what are not included?
A. Network connectivity costs
B. Software and hardware license fees
C. New datacenter to operate from
D. Utilities and power costs
正解：C

質問 9：
A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?
A. Poor alignment of the security program to business needs
B. Poor audit support for the security program
C. This is normal since business units typically resist security requirements
D. A lack of executive presence within the security program
正解：A