512-50 EC-Council Information Security Manager (E|ISM) Questions and Answers

tell him to shut down the server

tell him to call the police

tell him to invoke the incident response process

tell him to analyze the problem, preserve the evidence and provide a full analysis and report

Overly restrictive management

Excessive personnel on project

Failure to meet project deadlines

Insufficient resources

Board of directors

Third party vendors

CISO

Help Desk

Security budget augmentation

Process improvements

Real-time to remediate

Security control selection

Risk Management

Risk Assessment

System Testing

Vulnerability Assessment

A security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions

A clear set of security policies and procedures that are more concept-based than controls-based

A complete inventory of Information Technology assets including infrastructure, networks, applications and data

A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in

Vested in the success and/or failure of a project or initiative regardless of budget implications.

Vested in the success and/or failure of a project or initiative and is tied to the project budget.

That has budget authority.

That will ultimately use the system.

Upper management support

More frequent project milestone meetings

Stakeholder support

Extend work hours

Upper management support

More frequent project milestone meetings

More training of staff members

Involve internal audit

An administrator with too much time on their hands.

Putting undue time commitment on the system administrator.

Supporting the concept of layered security

Network segmentation.

Weekly

Monthly

Quarterly

Daily

The asset is more expensive than the remediation

The audit finding is incorrect

The asset being protected is less valuable than the remediation costs

The remediation costs are irrelevant; it must be implemented regardless of cost.

Single Loss Expectancy (SLE)

Exposure Factor (EF)

Annualized Rate of Occurrence (ARO)

Temporal Probability (TP)

Control Objective for Information Technology (COBIT)

Committee of Sponsoring Organizations (COSO)

Payment Card Industry (PCI)

Information Technology Infrastructure Library (ITIL)

To give information security management recommendations to those who are responsible for initiating, implementing, or maintaining security in their organization.

To provide a common basis for developing organizational security standards

To provide effective security management practice and to provide confidence in inter-organizational dealings

To established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization

integrate with other organizational governance processes

support user choice for Bring Your Own Device (BYOD)

integrate with other organizational governance processes

show a return on investment for the organization

Protect all information resource assets equally

Establish active firewall monitoring protocols

Purchase insurance for your compliance liability

Focus your security efforts on high value assets

Reduction of budget

Decreased security awareness

Improper use of information resources

Fines for regulatory non-compliance

Compliance Risk

Reputation Risk

Operational Risk

Strategic Risk

At the end of the day once the employee is off site

During the monthly review cycle

Immediately so the employee account(s) can be disabled

Before an audit

Risk Avoidance

Risk Acceptance

Risk Transfer

Risk Mitigation

That all information in an organization must be protected equally.

The information required to be protected by regulatory mandate does not have to be identified in the organizations data classification policy.

That the protection of some information such as National ID information is mandated by regulation and other information such as trade secrets are protected based on business need.

There is no relationship between the two.

Implement redundancy

move operations to another region

purchase breach insurance

Alignment with business operations

Risk = Probability x Impact

Risk = Threat x Probability

Risk = Financial Impact x Probability

Risk = Impact x Threat

Strong authentication technologies

Financial reporting regulations

Credit card compliance and regulations

Local privacy laws

Ensure efficient recovery and reinstate repaired systems

Create effective policies detailing program activities

Communicate details of information security incidents

Provide current employee awareness programs

Enforce the existing security standards and do not allow the deployment of the new technology.

Amend the standard to permit the deployment.

If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.

Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.

Peers

End Users

Executive Management

All of the above

Network based security preventative control

Software segmentation control

Security detective control

User segmentation control

Dual Control

Separation of Duties

Split Knowledge

Least Privilege

Maintain a log of discovered risks

Track individual risk assessments

Develop plans for mitigating identified risks

Coordinate the timing of scheduled risk assessments

The risk assessment schedule

The risk assessment framework

The risk assessment charter

The assessment context

Risk mitigation

Risk transfer

Risk tolerance

Risk acceptance

Identifying the risk

Finding economic balance between the impact of the risk and the cost of the control

Identifying the victim of any potential exploits.

Assessing the impact of potential threats

Systems logs

Hardware error reports

Utilization reports

Availability reports

Threat Level, Risk of Compromise, and Consequences of Compromise

Risk Avoidance, Threat Level, and Consequences of Compromise

Risk Transfer, Reputational Impact, and Consequences of Compromise

Reputational Impact, Financial Impact, and Risk of Compromise

Meet regulatory compliance requirements

Better understand the threats and vulnerabilities affecting the environment

Better understand strengths and weaknesses of the program

Meet legal requirements

Persistent risk

Residual risk

Accepted risk

Non-tolerated risk

The number of unique communication links is large

The volume of data being transmitted is small

The speed of the encryption / deciphering process is essential

The distance to the end node is farthest away

The percentage of earnings that are retained by the organization for reinvestment in the business

The details of expenses and revenue over a long period of time

A summarized statement of all assets and liabilities at a specific point in time

A review of regulations and requirements impacting the business from a financial perspective

Audits

Administration

Patching

Templates

Controlled spear phishing campaigns

Password changes

Baselining of computer systems

Scanning for viruses

Outsourcing the IT functions.

Understanding user requirements.

Hiring personnel with leading edge skills.

Implementing and enforcing good processes.

Tokenization combined with hashing is always better than encryption

Encryption can be mathematically reversed to provide the original information

The token contains the all original information

Tokenization can be mathematically reversed to provide the original information

Create timelines for mitigation

Develop a cost-benefit analysis

Calculate annual loss expectancy

Create a detailed technical executive summary

Traffic Analysis

Deep-Packet inspection

Packet sampling

Heuristic analysis

Threat analysis process

Asset configuration management process

Business Impact Analysis

Disaster Recovery plan

Physical, Technical, Operational

Technical, Strong Password, Operational

Operational, Biometric, Physical

Strong password, Biometric, Common Access Card

security coding

data security system

data classification

privacy protection

In-line hardware keyloggers don’t require physical access

In-line hardware keyloggers don’t comply to industry regulations

In-line hardware keyloggers are undetectable by software

In-line hardware keyloggers are relatively inexpensive

non-repudiation

conflict resolution

strong authentication

digital rights management

Containment

Recovery

Identification

Eradication

Session encryption

Removing all stored procedures

Input sanitization

Library control

Baseline the Environment

Maintain and Monitor

Organization Vulnerability

Define Policy

Enterprise Risk Assessment

Disaster recovery strategic plan

Business continuity plan

Application mapping document

‘ o 1=1 - -

/../../../../

“DROPTABLE USERNAME”

NOPS

It is an IPSec protocol.

It is a text-based communication protocol.

It uses TCP port 22 as the default port and operates at the application layer.

It uses UDP port 22