← Back to exam page

512-50 EC-Council Information Security Manager (E|ISM)

Loading demo links...

Showing 10–12 of 20 questions

Question 10 (Governance, Risk, Compliance)

Information security policies should be reviewed:

Select an option, then click Submit answer.

  • by stakeholders at least annually

  • by the CISO when new systems are brought online

  • by the Incident Response team after an audit

  • by internal audit semiannually
Question 11 (Security Program Management and Operations)

A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?

Select an option, then click Submit answer.

  • Poor audit support for the security program

  • A lack of executive presence within the security program

  • Poor alignment of the security program to business needs

  • This is normal since business units typically resist security requirements
Question 12 (Governance, Risk, Compliance)

Which of the following are the MOST important factors for proactively determining system vulnerabilities?

Select an option, then click Submit answer.

  • Subscribe to vendor mailing list to get notification of system vulnerabilities

  • Deploy Intrusion Detection System (IDS) and install anti-virus on systems

  • Configure firewall, perimeter router and Intrusion Prevention System (IPS)

  • Conduct security testing, vulnerability scanning, and penetration testing