Eccouncil 712-50 Exam Questions
Questions for the 712-50 were updated on : Dec 12 ,2025
Question 1
What is the primary difference between Intrusion Detection Systems (IDS) and Intrusion Prevention
Systems (IPS)?
-
A. Only IDS is susceptible to false positives
-
B. An IPS examines network traffic flows to detect and actively stop exploits and attacks
-
C. IPS identify potentially malicious traffic based on signature or behavior and IDS does not
-
D. IDS are typically deployed behind the firewall and IPS are deployed in front of the firewall
Question 2
While Cost Benefit Analysis (CBA) is the easiest calculation among financial tools, what is its main
weakness?
-
A. it is not effective for smaller investments
-
B. It is not accepted by many accounting rules
-
C. lt is the least precise
-
D. positive result is an indication that the effort should be pursued
Question 3
What is the estimate of all direct and indirect costs associated with an asset or acquisition over its
entire life cycle?
-
A. Total COST of Product
-
B. Total Cost of Ownership
-
C. Return on Investment
-
D. Total Cost of Production
Question 4
Who is PRIMARILY responsible for declaring a disaster and initiating processes to facilitate the
recovery of critical assets in an organization?
-
A. Business Continuity Manager
-
B. Board of Directors
-
C. Chief Executive Officer (CEO)
-
D. CISO
Question 5
What are the security features that control how users and systems communicate and interact with
other systems and resources?
-
A. Compensating controls
-
B. Rights Management
-
C. Access controls
-
D. Firewall rules
Question 6
When developing the Business Impact Assessment (BIA), which of the following MOST closely relates
to data backup and restoration?
-
A. Maximum Tolerable Downtime (MTD)
-
B. Recovery Point Objective (RPO)
-
C. Mean Time to Del very >MTD)
-
D. Recovery Time Objective (RTO)
Question 7
What is protected by Federal Information Processing Standards (FIPS) 140-2?
-
A. Integrity
-
B. Confidentiality
-
C. Non-repudiation
-
D. Availability
Question 8
Providing oversight of an information security program for the organization is the primary
responsibility of which group?
-
A. Office of the Auditor
-
B. Senior Executives
-
C. Office of the General Counsel
-
D. All employees and users
Question 9
Which publication serves as a resource of enterprise security-based standards and BEST practices?
-
A. NIS Standard Publication 800-53 R5
-
B. HIPAA
-
C. ISO 27004
-
D. PCI DSS
Question 10
What Enterprise Architecture Framework is business-centric and is composed of eight phases?
-
A. Federal Enterprise Architecture
-
B. The Open Group Architecture Framework (TOGAF)
-
C. Zochman
-
D. Sherwood Applied Business Security Architecture
Question 11
To reduce the threat of spear phishing, which of the following is the MOST critical security control to
implement?
-
A. Security awareness and training
-
B. Firewall
-
C. Data loss prevention
-
D. Antivirus
Question 12
Which of the following is an example of risk transference?
-
A. Writing specific language in an agreement that puts the burden back on the other party
-
B. Outsourcing the function on run 3rd party
-
C. Implementing changes to current operating procedure
-
D. Purchasing cyber insurance
Question 13
Over 90% of successful cyber-attacks currently include: Social engineering
-
A. Social engineering
-
B. Misconfiguration
-
C. All of these
-
D. Phishing Attacks
Question 14
What is an example of a key performance indicator for cybersecurity?
-
A. Percentage of product defects that negatively impact the security posture of the system
-
B. Year over year comparison of organizational cybersecurity incidents
-
C. Mean the to repair (MTTR)
-
D. NetFlow data
Question 15
What standard provides a comprehensive framework for information security risk management
within organizations?
-
A. Informal ion Technology Library (ITIL )
-
B. Information Security Management System (ISMS!
-
C. NIST 800-218
-
D. International Standards Organization (ISO) 27005