← Back to exam page

712-50 EC-Council Certified CISO (CCISO)

Loading demo links...

Showing 7–9 of 20 questions

Question 7

What oversight should the information security team have in the change management process for application security?

Select an option, then click Submit answer.

  • Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production

  • Information security should be aware of all application changes and work with developers before changes and deployed in production

  • Information security should be informed of changes to applications only

  • Development team should tell the information security team about any application security flaws
Question 8

In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise.

Which of the following tools represents the BEST choice to achieve this awareness?

Select an option, then click Submit answer.

  • Intrusion Detection System (IDS), firewall, switch, syslog

  • Security Incident Event Management (SIEM), IDS, router, syslog

  • VMware, router, switch, firewall, syslog, vulnerability management system (VMS)

  • SIEM, IDS, firewall, VMS
Question 9

Your company has limited resources to spend on security initiatives. The Chief Financial Officer asks you to prioritize the protection of information resources based on their value to the company. It is essential that you be able to communicate in language that your fellow executives will understand.

You should:

Select an option, then click Submit answer.

  • Create a detailed technical executive summary

  • Create timelines for mitigation

  • Calculate annual loss expectancy

  • Develop a cost-benefit analysis