Free Practice Questions for Eccouncil 512-50 Exam

An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?

• International Organization for Standardizations – 27004 (ISO-27004)
• Payment Card Industry Data Security Standards (PCI-DSS)
• Control Objectives for Information Technology (COBIT)
• International Organization for Standardizations – 27005 (ISO-27005)

When creating contractual agreements and procurement processes why should security requirements be included?

• To make sure they are added on after the process is completed
• To make sure the costs of security is included and understood
• To make sure the security process aligns with the vendor’s security process
• To make sure the patching process is included with the costs

Which of the following provides an independent assessment of a vendor’s internal security controls and overall posture?

• Alignment with business goals
• ISO27000 accreditation
• PCI attestation of compliance
• Financial statements

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

• Containment
• Recovery
• Identification
• Eradication

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and dat

• Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.Once supervisors and data owners have approved requests, information system administrators will implement
• Technical control(s)
• Management control(s)
• Policy control(s)
• Operational control(s)

Security related breaches are assessed and contained through which of the following?

• The IT support team.
• A forensic analysis.
• Incident response
• Physical security team.

Which type of physical security control scan a person’s external features through a digital video camera beforegranting access to a restricted area?

• Iris scan
• Retinal scan
• Facial recognition scan
• Signature kinetics scan

Which of the following provides an audit framework?

• Control Objectives for IT (COBIT)
• Payment Card Industry-Data Security Standard (PCI-DSS)
• International Organization Standard (ISO) 27002
• National Institute of Standards and Technology (NIST) SP 800-30

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.Which of the following would be the FIRST step when addressing Information Security formally and consistently in this organization?

• Contract a third party to perform a security risk assessment
• Define formal roles and responsibilities for Internal audit functions
• Define formal roles and responsibilities for Information Security
• Create an executive security steering committee

If a Virtual Machine’s (VM) data is being replicated and that data is corrupted, this corruption will automaticallybe replicated to the other machine(s). What would be the BEST control to safeguard data integrity?

• Backup to tape
• Maintain separate VM backups
• Backup to a remote location
• Increase VM replication frequency