Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 712-50

EC-Council 712-50 Exam Questions
EC-Council Certified CISO (Page 12 )

Updated On: 16-Feb-2026
Page 12 of 93
PDF with 494 Questions

What is a difference from the list below between quantitative and qualitative Risk Assessment?

  1. Quantitative risk assessments result in an exact number (in monetary terms)
  2. Quantitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)
  3. Qualitative risk assessments map to business objectives
  4. Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)

Answer(s): A



You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?

  1. Risk Mitigation
  2. Risk Acceptance
  3. Risk Avoidance
  4. Risk Transfer

Answer(s): D



What is the definition of Risk in Information Security?

  1. Risk = Probability x Impact
  2. Risk = Impact x Threat
  3. Risk = Threat x Probability
  4. Risk = Financial Impact x Probability

Answer(s): A



A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards.

What immediate action should the information security manager take?

  1. Enforce the existing security standards and do not allow the deployment of the new technology.
  2. If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.
  3. Amend the standard to permit the deployment.
  4. Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.

Answer(s): B



The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:

  1. Getting authority to operate the system from executive management
  2. Contacting the Internet Service Provider for an IP scope
  3. Changing the default passwords
  4. Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities

Answer(s): A






Post your Comments and Discuss EC-Council 712-50 exam dumps with other Community members:

Join the 712-50 Discussion