Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 712-50 All Questions

View all questions & answers for the 712-50 exam
Go to Exam

Exam 712-50 topic 1 question 331 discussion

Actual exam question from ECCouncil's 712-50
Question #: 331
Topic #: 1
[All 712-50 Questions]

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?

  • A. Never
  • B. Quarterly
  • C. Annually
  • D. Semi-annually
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Otto_Aulicino at Dec. 16, 2021, 1:40 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
alfaMegatron
3 months, 1 week ago
Selected Answer: C
Annually
upvoted 1 times
...
johndoe69
4 months, 1 week ago
Selected Answer: C
Annually: Performing an audit annually is a standard practice in many organizations. It provides a regular, systematic review of security controls to ensure they are still effective in mitigating risks. This frequency balances thoroughness with practicality, ensuring that controls are regularly reviewed without being overly burdensome on resources.
upvoted 1 times
...
Emporeo
8 months ago
Selected Answer: C
controls should be monitored, in that case can be via audit. suggest annually
upvoted 1 times
...
Perseus_68
9 months ago
Unsure, everything should be done at least annually, but is this question about independance. For example the CISO and the team could test and measure a control, should they audit there own implementation or should that come from the audit team that is typically under the CFO. So in that case the CISO should not audit it's own work....
upvoted 1 times
...
Pika26
1 year, 8 months ago
Answer is C. Annually.
upvoted 2 times
...
Otto_Aulicino
2 years, 11 months ago
Even the next question, #332 is somewhat in line with what I am saying on previous comment. When you implement the control, you check its effectiveness, which could be qualified as an audit.
upvoted 1 times
...
Otto_Aulicino
2 years, 11 months ago
Is this related to the fact that either internal audit or external audit should be doing so, not the CISO? Because to me, it seems like a good idea to audit the controls.
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel