Exam 1: EC-Council Certified Incident Handler

A) Reducing the impact of the risk to the business.
B) Establishing strategic alignment with bunsiness continuity requirements
C) Establishing incident response programs.
D) Identifying and implementing the best security solutions.

A) Organizational objectives and risk tolerance
B) Risk assessment criteria
C) IT architecture complexity
D) Enterprise disaster recovery plans

A) Conduct a risk assessment.
B) Obtain senior level sponsorship.
C) Conduct a workshop for all end users.
D) Prepare a security budget.

A) Approving access to critical financial systems
B) Developing content for security awareness programs
C) Interviewing candidates for information security specialist positions
D) Vetting information security policies

A) information security metrics.
B) knowledge required to analyze each issue.
C) baseline against which metrics are evaluated.
D) linkage to business area objectives.

A) Ensure all infrastructure and applications are available in the event of a disaster
B) Allow all technical first-responders to understand their roles in the event of a disaster
C) Provide step by step plans to recover business processes in the event of a disaster
D) Assign responsibilities to the technical teams responsible for the recovery of all data.

A) Organizational budget
B) Distance between physical locations
C) Number of employees
D) Complexity of organizational structure

A) Poses a strong technical background
B) Understand all regulations affecting the organization
C) Understand the business goals of the organization
D) Poses a strong auditing background

A) assessed by a business impact analysis.
B) protected under the information classification policy.
C) analyzed under the data ownership policy.
D) analyzed under the retention policy

A) Anti-phishing tools
B) Anti-malware tools
C) Effective Security Vulnerability Management Program
D) Effective Security awareness program

A) Lack of a formal security awareness program
B) Lack of a formal security policy governance process
C) Lack of formal definition of roles and responsibilities
D) Lack of a formal risk management policy

A) Legal department
B) Compliance officer
C) Data Owner
D) Information security officer

A) Reduction of liability and overall risk to the organization
B) Better vendor management
C) Reduction of security breaches
D) Senior management participation in the incident response process

A) Escalation
B) Recovery
C) Eradication
D) Containment

A) Questioning the trust in vendor relationships.
B) Increasing the risk of decisions based on incomplete management information.
C) Direct involvement of senior management in developing control processes
D) Reduction of the potential for civil and legal liability

A) it communicates management's commitment to protecting information resources
B) it is formally acknowledged by all employees and vendors
C) it defines a process to meet compliance requirements
D) it establishes a framework to protect confidential information

A) Need to comply with breach disclosure laws
B) Need to transfer the risk associated with hosting PII data
C) Need to better understand the risk associated with using PII data
D) Fiduciary responsibility to safeguard credit card information

A) An independent Governance, Risk and Compliance organization
B) Alignment of security goals with business goals
C) Compliance with local privacy regulations
D) Support from Legal and HR teams

A) security threat and vulnerability management process
B) risk assessment process
C) risk management process
D) governance, risk, and compliance tools

A) Security and IT Staff size
B) Company Values
C) Budget
D) All of the above

A) Risk Avoidance
B) Risk Acceptance
C) Risk Transfer
D) Risk Mitigation

A) Include a mix of members from different departments and staff levels.
B) Ensure that security policies and procedures have been vetted and approved.
C) Review all past audit and compliance reports.
D) Be briefed about new trends and products at each meeting by a vendor.

A) Due Protection
B) Due Care
C) Due Compromise
D) Due process

A) Persistent risk
B) Residual risk
C) Accepted risk
D) Non-tolerated risk

A) Threat identification
B) Risk monitoring
C) Risk treatment
D) Risk tolerance

A) Ensure that security policies are read.
B) Encourage security-conscious employee behavior.
C) Meet legal and regulatory requirements.
D) Put employees on notice in case follow-up action for noncompliance is necessary

A) Strong authentication technologies
B) Financial reporting regulations
C) Credit card compliance and regulations
D) Local privacy laws

A) Risk Avoidance
B) Risk Acceptance
C) Risk Transfer
D) Risk Mitigation

A) Risk = Probability x Impact
B) Risk = Threat x Probability
C) Risk = Financial Impact x Probability
D) Risk = Impact x Threat

A) Policies
B) Procedures
C) Guidelines
D) Standards

A) They are objective and can express risk / cost in real numbers
B) They are subjective and can be completed more quickly
C) They are objective and express risk / cost in approximates
D) They are subjective and can express risk /cost in real numbers

A) Implement redundancy
B) move operations to another region
C) purchase breach insurance
D) Alignment with business operations

A) Mandatory controls
B) Discretionary controls
C) Optional controls
D) Financial controls

A) Quantitative risk assessments result in an exact number (in monetary terms)
B) Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)
C) Qualitative risk assessments map to business objectives
D) Quantitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

A) Risk Tolerance
B) Qualitative risk analysis
C) Risk Appetite
D) Quantitative risk analysis

A) Protect all information resource assets equally
B) Establish active firewall monitoring protocols
C) Purchase insurance for your compliance liability
D) Focus your security efforts on high value assets

A) High risk environments 6 months, low risk environments 12 months
B) Every 12 months
C) Every 18 months
D) Every six months

A) Trademark
B) Patent
C) Research Logs
D) Copyright

A) How many credit card records are stored?
B) How many servers do you have?
C) What is the scope of the certification?
D) What is the value of the assets at risk?

A) International Organization for Standardizations - 27004 (ISO-27004)
B) Payment Card Industry Data Security Standards (PCI-DSS)
C) Control Objectives for Information Technology (COBIT)
D) International Organization for Standardizations - 27005 (ISO-27005)

A) Threat times vulnerability divided by control
B) Advisory plus capability plus vulnerability
C) Asset loss times likelihood of event
D) Quantitative plus qualitative impact

A) International Organization for Standardizations - 22301 (ISO-22301)
B) Information Technology Infrastructure Library (ITIL)
C) Payment Card Industry Data Security Standards (PCI-DSS)
D) International Organization for Standardizations - 27005 (ISO-27005)

A) Internal audit
B) The data owner
C) All executive staff
D) Government regulators

A) Chief Information Security Officer
B) Chief Executive Officer
C) Chief Information Officer
D) Chief Legal Counsel

A) Determine the risk tolerance
B) Perform an asset classification
C) Create an architecture  gap analysis
D) Analyze existing controls on systems

A) Asset value times exposure factor
B) Annual rate of occurrence
C) Annual loss expectancy minus current cost of controls
D) Percentage of loss experienced due to a realized threat event

A) Cost and annual rate of expectance
B) Subjective and Objective
C) Qualitative and percent of loss realized
D) Quantitative and qualitative

A) Audit validation
B) Physical control testing
C) Compliance management
D) Security awareness training

A) Data breach disclosure
B) Consumer right disclosure
C) Security incident disclosure
D) Special circumstance disclosure

A) Information Technology Infrastructure Library (ITIL)
B) International Organization for Standardization (ISO) standards
C) Payment Card Industry Data Security Standards (PCI-DSS)
D) National Institute for Standards and Technology (NIST) standard

A) Providing a risk program governance structure
B) Ensuring developers include risk control comments in code
C) Creating risk assessment templates based on specific threats
D) Allowing for the acceptance of risk for regulatory compliance requirements

A) The organization uses exclusively a quantitative process to measure risk
B) The organization uses exclusively a qualitative process to measure risk
C) The organization's risk tolerance is high
D) The organization's risk tolerance is lo

A) Multiple certifications, strong technical capabilities and lengthy resume
B) Industry certifications, technical knowledge and program management skills
C) College degree, audit capabilities and complex project management
D) Multiple references, strong background check and industry certifications

A) Identify threats, risks, impacts and vulnerabilities
B) Decide how to manage risk
C) Define the budget of the Information Security Management System
D) Define Information Security Policy

A) A high threat environment
B) A low risk tolerance environment
C) I low vulnerability environment
D) A high risk tolerance environment

A) Risk management
B) Security management
C) Mitigation management
D) Compliance management

A) Controlled mitigation effort
B) Risk impact comparison
C) Relative likelihood of event
D) Comparative threat analysis

A) Compliance to the Payment Card Industry (PCI) regulations.
B) Alignment with financial reporting regulations for each country where they operate.
C) Alignment with International Organization for Standardization (ISO) standards.
D) Compliance with patient data protection regulations for each country where they operate.

A) National Institute for Standards and Technology 800-50 (NIST 800-50)
B) International Organization for Standardizations - 27005 (ISO-27005)
C) Payment Card Industry Data Security Standards (PCI-DSS)
D) International Organization for Standardizations - 27004 (ISO-27004)

A) Technology governance defines technology policies and standards while security governance does not.
B) Security governance defines technology best practices and Information Technology governance does not.
C) Technology Governance is focused on process risks whereas Security Governance is focused on business risk.
D) The effective implementation of security controls can be viewed as an inhibitor to rapid Information Technology implementations.

A) Ensure efficient recovery and reinstate repaired systems
B) Create effective policies detailing program activities
C) Communicate details of information security incidents
D) Provide current employee awareness programs

A) Awareness
B) Compliance
C) Governance
D) Management

A) Only check compliance right before the auditors are scheduled to arrive onsite.
B) Outsource compliance to a 3rd party vendor and let them manage the program.
C) Have Compliance and Information Security partner to correct issues as they arise.
D) Have Compliance direct Information Security to fix issues after the auditors report.

A) Security officer
B) Data owner
C) Vulnerability engineer
D) System administrator

A) Scan a representative sample of systems
B) Perform the scans only during off-business hours
C) Decrease the vulnerabilities within the scan tool settings
D) Filter the scan output so only pertinent data is analyzed

A) favorable audit findings
B) following the recommendations of consultants and contractors
C) development of relationships with organization executives
D) raising awareness of security issues with end users

A) Reduction of budget
B) Decreased security awareness
C) Improper use of information resources
D) Fines for regulatory non-compliance

A) Staff
B) Scope
C) Schedule
D) Scan tools

A) Audit and Legal
B) Budget and Compliance
C) Human Resources and Budget
D) Legal and Human Resources

A) by stakeholders at least annually
B) by the CISO when new systems are brought online
C) by the Incident Response team after an audit  
D) by internal audit semiannually

A) Approval from the board of directors
B) Cost of the mitigation is less than the risk
C) Metrics of mitigation method success
D) Mitigation method complies with PCI regulations

A) The asset owner
B) The asset manager
C) The data custodian
D) The project manager

A) Threat
B) Vulnerability
C) Attack vector
D) Exploitation

A) Control Objectives for IT (COBIT)
B) Payment Card Industry-Data Security Standard (PCI-DSS)
C) International Organization Standard (ISO) 27002
D) National Institute of Standards and Technology (NIST) SP 800-30

A) establish budgetary input in order to meet compliance requirements
B) establish acceptable systems and user behavior
C) define security configurations for systems
D) define relationships with external law enforcement agencies

A) The types of cardholder data retained
B) The duration card holder data is retained
C) The size of the organization processing credit card data
D) The number of transactions performed per year by an organization

A) all organizational assets
B) critical business processes and /or revenue streams
C) intellectual property released into the public domain
D) against distributed denial of service attacks

A) In promiscuous mode and only detect malicious traffic.
B) In-line and turn on blocking mode to stop malicious traffic.
C) In promiscuous mode and block malicious traffic.
D) In-line and turn on alert mode to stop malicious traffic.

A) Confidentiality, Integrity and Availability
B) Assurance, Compliance and Availability
C) International Compliance
D) Integrity and Availability