- (Exam Topic 2)
Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?

1. A. Plan-Check-Do-Act
2. B. Plan-Do-Check-Act
3. C. Plan-Select-Implement-Evaluate
4. D. SCORE (Security Consensus Operational Readiness Evaluation)

Correct Answer: B

- (Exam Topic 4)
A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?

1. A. non-repudiation
2. B. conflict resolution
3. C. strong authentication
4. D. digital rights management

Correct Answer: A

- (Exam Topic 6)
When obtaining new products and services, why is it essential to collaborate with lawyers, IT security professionals, privacy professionals, security engineers, suppliers, and others?

1. A. This makes sure the files you exchange aren’t unnecessarily flagged by the Data Loss Prevention (DLP) system
2. B. Contracting rules typically require you to have conversations with two or more groups
3. C. Discussing decisions with a very large group of people always provides a better outcome
4. D. It helps to avoid regulatory or internal compliance issues

Correct Answer: D
Reference:
https://www.eccouncil.org/wp-content/uploads/2016/07/NICE-2.0-and-EC-Council-Cert-Mapping.pdf

- (Exam Topic 5)
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?

1. A. Get approval from the board of directors
2. B. Screen potential vendor solutions
3. C. Verify that the cost of mitigation is less than the risk
4. D. Create a risk metrics for all unmitigated risks

Correct Answer: C

- (Exam Topic 6)
When reviewing a Solution as a Service (SaaS) provider’s security health and posture, which key document should you review?

1. A. SaaS provider’s website certifications and representations (certs and reps)
2. B. SOC-2 Report
3. C. Metasploit Audit Report
4. D. Statement from SaaS provider attesting their ability to secure your data

Correct Answer: B
Reference: https://www.threatstack.com/blog/how-saas-companies-can-build-a-compliance-roadmap