← Back to exam page

512-50 EC-Council Information Security Manager (E|ISM)

Loading demo links...

Showing 1–3 of 20 questions

Question 1 (Strategic Planning, Finance, Procurement, and Third-Party Management)

Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

Select an option, then click Submit answer.

  • The Net Present Value (NPV) of the project is positive

  • The NPV of the project is negative

  • The Return on Investment (ROI) is larger than 10 months

  • The ROI is lower than 10 months
Question 2 (Strategic Planning, Finance, Procurement, and Third-Party Management)

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.

The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?

Select an option, then click Submit answer.

  • Validate the effectiveness of current controls

  • Create detailed remediation funding and staffing plans

  • Report the audit findings and remediation status to business stake holders

  • Review security procedures to determine if they need modified according to findings
Question 3 (Governance, Risk, Compliance)

According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?

Select an option, then click Submit answer.

  • Susceptibility to attack, mitigation response time, and cost

  • Attack vectors, controls cost, and investigation staffing needs

  • Vulnerability exploitation, attack recovery, and mean time to repair

  • Susceptibility to attack, expected duration of attack, and mitigation availability