Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 512-50

EC-Council 512-50 Exam Questions
Information Security Manager (Page 5 )

Updated On: 25-Apr-2026
Page 5 of 82
PDF with 404 Questions

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently.
Which of the following is the MOST likely reason for the policy shortcomings?

  1. Lack of a formal security awareness program
  2. Lack of a formal security policy governance process
  3. Lack of formal definition of roles and responsibilities
  4. Lack of a formal risk management policy

Answer(s): B



Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?

  1. Need to comply with breach disclosure laws
  2. Need to transfer the risk associated with hosting PII data
  3. Need to better understand the risk associated with using PII data
  4. Fiduciary responsibility to safeguard credit card information

Answer(s): C



The alerting, monitoring and life-cycle management of security related events is typically handled by the

  1. security threat and vulnerability management process
  2. risk assessment process
  3. risk management process
  4. governance, risk, and compliance tools

Answer(s): A



One of the MAIN goals of a Business Continuity Plan is to

  1. Ensure all infrastructure and applications are available in the event of a disaster
  2. Allow all technical first-responders to understand their roles in the event of a disaster
  3. Provide step by step plans to recover business processes in the event of a disaster
  4. Assign responsibilities to the technical teams responsible for the recovery of all data.

Answer(s): C



When managing an Information Security Program, which of the following is of MOST importance in order to influence the culture of an organization?

  1. An independent Governance, Risk and Compliance organization
  2. Alignment of security goals with business goals
  3. Compliance with local privacy regulations
  4. Support from Legal and HR teams

Answer(s): B



Viewing page 5 of 82
Viewing questions 21 - 25 out of 404 questions
Share your experience with other


512-50 Exam Discussions & Posts

AI Tutor AI Tutor 👋 I’m here to help!