PECB EBIOS Risk Manager EBIOS Risk Manager Dumps in PDF

Free PECB EBIOS Risk Manager Real Questions (page: 4)

What does the strategic scenario represent?

  1. All the paths of attack that a risk origin is likely to take to achieve its intended objective
  2. All risk origins that can be brought to reach their target objective on an organization business asset
  3. All the target objectives that a risk origin may search for within the same business asset ecosystem

Answer(s): A

Explanation:

A strategic scenario represents the set of plausible attack paths that a risk origin could use to achieve its objective against a business asset. It captures the attacker's overall strategy and possible approaches at a high level, without detailing the technical execution steps.



SCENARIO - ManageSys

ManageSys is an outsourcing company that carries out systems administration and maintenance on behalf of its customers. ManageSys' commercial outsourcing offering includes a range of services such as installation, administration, supervision and maintenance of systems and application services. ManageSys does not have its own hosting infrastructure and has a hosting contract with HostServ.

ManageSys customers include a number of major international accounts and small and medium-sized enterprises in all sectors of activity in several European countries. ManageSys is ITIL-certified (Information Technology Infrastructure Library) and has technical staff certified by solution providers and security product suppliers.

Its main partner, HostServ, is a systems hosting company with a presence at 2 sites (one in France and another one in Germany), providing its infrastructure with a standard level of security. HostServ also uses subcontractors to ensure the smooth running of the various sites, in accordance with established specifications and regular monitoring of services. A security policy is in place and serves as an operating framework for all stakeholders

HostServ is organized as follows:

General services are provided directly by the host for the air conditioning, electricity, fire extinguishing and smoke detection systems, etc., as well as for the management of electrical power and back-up power (battery, generator).
The management of security services (access control, intrusion, video surveillance, human security) is also handled by HostServ, even though the hardware (cameras and access control equipment) is maintained by suppliers.
Guarding (physical security) is provided for each site. These are different guarding companies for each site, subcontracted by the hosting provider.

Relations between ManageSys staff and HostServ staff are rather difficult: HostServ's general services management staff refuse to receive orders from customers like ManageSys.

Access conditions to HostServ's hosting sites change regularly, often depending on who is on duty on site, making it difficult for ManageSys staff to access the sites.

The working conditions of ManageSys staff are sometimes difficult to ensure a good quality of service to its own customers, particularly when maintenance operations are carried out by HostServ staff without notifying ManageSys (which regularly causes power cuts or other malfunctions affecting the servers).

Recently, a ManageSys customer wanted to audit all its suppliers, including ManageSys. During this audit, the customer's auditors wanted to check the equipment on HostServ's premises. HostServ refused to carry out this part of the audit, arguing that the audit clause did not apply to it.

Under which category of the risk treatment plan does HostServ or ManageSys train staff on the procedures to be applied?

  1. Protection
  2. Governance
  3. Defense

Answer(s): B

Explanation:

Training staff on procedures is part of governance because it concerns defining, communicating, and ensuring the proper application of organizational rules, responsibilities, and processes. In EBIOS Risk Manager, governance measures aim to structure how people act and coordinate, particularly across organizational boundaries such as those between ManageSys and HostServ.



Does an organizations security baseline depend on the level of compliance?

  1. The security baseline depends on the activity of the CISO, whereas the level of compliance is linked to legal obligations, which are managed by the Legal Director in the contracts, with little adherence
  2. The security baseline depends on the level of compliance, but also on the means, resources and budget allocated to information systems security
  3. The security baseline is the result of the level of compliance, as it depends on the effectiveness of the security measures implemented

Answer(s): B

Explanation:

In EBIOS Risk Manager, the security baseline is influenced by the level of compliance with legal, regulatory, and contractual obligations, but it is not determined by compliance alone. It also depends on the organization's available means, resources, and budget, which condition the realistic implementation and maintenance of security measures.



What is the purpose of having business managers define the level of severity for each feared event?

  1. It enables each business manager to obtain quantified results concerning the impact of feared events. In this way, prioritization can be carried out more easily
  2. It provides the list of impacts and the list of feared events to define the scope to be analyzed
  3. It ensures that business managers apply the EBIOS Risk Manager method to their scope of activity

Answer(s): A

Explanation:

Having business managers define the severity of feared events ensures that impacts are assessed from a business perspective using quantified criteria. This makes the consequences of feared events comparable and allows risks to be prioritized objectively according to their potential impact on the organization's activities.



Does the identification of the threat level only concern external stakeholders?

  1. Yes, because stakeholders are mainly those representing a potential danger to the organization
  2. No, all internal and external stakeholders must be identified and assessed to define their respective threat level
  3. No, external stakeholders must first have a defined threat level before carrying out the same analysis and assessment of the internal stakeholders

Answer(s): B

Explanation:

In EBIOS Risk Manager, the identification of threat levels applies to all stakeholders, whether internal or external. Both categories can represent potential risk origins depending on their position, access, capabilities, and intent within the ecosystem, and must therefore be assessed consistently.



At the end of Workshop 2, what type of mapping is carried out based on the results of the feared events obtained by business managers?

  1. A map of dangerous situations concerning business assets
  2. A mapping of the operational threats on the ecosystem
  3. A mapping of risk origins and associated target objectives

Answer(s): C

Explanation:

At the end of Workshop 2, the method establishes a mapping of risk origins and their associated target objectives. Based on the feared events identified by business managers, this mapping links potential attackers or threat sources to the business assets they may target, preparing the development of strategic scenarios.



With regard to the results of Workshop 4, what factors should be taken into account to protect business assets?

  1. Vulnerabilities with the highest probability of success and technical difficulty scores should be investigated as a priority
  2. Vulnerabilities with the highest probability of success scores or the lowest technical difficulty scores should be investigated as a priority
  3. All the vulnerabilities are worth remembering. All the basic actions indicated in the methods of attack are vulnerabilities

Answer(s): B

Explanation:

Following Workshop 4, protection priorities focus on vulnerabilities that are most exploitable by an attacker.
Those with a high probability of success or low technical difficulty represent the easiest and most realistic attack opportunities, so addressing them first most effectively reduces the risk to business assets.



What is the best practice recommended by the EBIOS Risk Manager method for analyzing the results of feared events?

  1. The results of the analyses should be prioritized according to the highest level of severity first, ending with the lowest level of severity of the feared events
  2. The results of the analyses must be prioritized according to the criticality level of the activity only, without taking into account the level of severity. Business asset concerns have priority
  3. The results of the analyses must be prioritized from the lowest to the highest level of severity. The resolution work will be applied progressively to all levels of severity and will automatically reduce them

Answer(s): A

Explanation:

EBIOS Risk Manager recommends prioritizing the analysis of feared events by starting with those that have the highest severity. Addressing the most severe impacts first ensures that the most critical business consequences are treated as a priority, enabling efficient allocation of resources to what threatens the organization the most.



Share your comments for PECB EBIOS Risk Manager exam with other users:

A
Ali Azam
12/7/2023 1:51:00 AM

really helped with preparation of my scrum exam

J
Jerman
9/29/2023 8:46:00 AM

very informative and through explanations

J
Jimmy
11/4/2023 12:11:00 PM

prep for exam

A
Abhi
9/19/2023 1:22:00 PM

thanks for helping us

M
mrtom33
11/20/2023 4:51:00 AM

i prepared for the eccouncil 350-401 exam. i scored 92% on the test.

J
JUAN
6/28/2023 2:12:00 AM

aba questions to practice

L
LK
1/2/2024 11:56:00 AM

great content

S
Srijeeta
10/8/2023 6:24:00 AM

how do i get the remaining questions?

J
Jovanne
7/26/2022 11:42:00 PM

well formatted pdf and the test engine software is free. well worth the money i sept.

C
CHINIMILLI SATISH
8/29/2023 6:22:00 AM

looking for 1z0-116

P
Pedro Afonso
1/15/2024 8:01:00 AM

in question 22, shouldnt be in the data (option a) layer?

P
Pushkar
11/7/2022 12:12:00 AM

the questions are incredibly close to real exam. you people are amazing.

A
Ankit S
11/13/2023 3:58:00 AM

q15. answer is b. simple

S
S. R
12/8/2023 9:41:00 AM

great practice

M
Mungara
3/14/2023 12:10:00 AM

thanks to this exam dumps, i felt confident and passed my exam with ease.

A
Anonymous
7/25/2023 2:55:00 AM

need 1z0-1105-22 exam

N
Nigora
5/31/2022 10:05:00 PM

this is a beautiful tool. passed after a week of studying.

A
Av dey
8/16/2023 2:35:00 PM

can you please upload the dumps for 1z0-1096-23 for oracle

M
Mayur Shermale
11/23/2023 12:22:00 AM

its intresting, i would like to learn more abouth this

J
JM
12/19/2023 2:23:00 PM

q252: dns poisoning is the correct answer, not locator redirection. beaconing is detected from a host. this indicates that the system has been infected with malware, which could be the source of local dns poisoning. location redirection works by either embedding the redirection in the original websites code or having a user click on a url that has an embedded redirect. since users at a different office are not getting redirected, it isnt an embedded redirection on the original website and since the user is manually typing in the url and not clicking a link, it isnt a modified link.

F
Freddie
12/12/2023 12:37:00 PM

helpful dump questions

D
Da Costa
8/25/2023 7:30:00 AM

question 423 eigrp uses metric

B
Bsmaind
8/20/2023 9:22:00 AM

hello nice dumps

B
beau
1/12/2024 4:53:00 PM

good resource for learning

S
Sandeep
12/29/2023 4:07:00 AM

very useful

K
kevin
9/29/2023 8:04:00 AM

physical tempering techniques

B
Blessious Phiri
8/15/2023 4:08:00 PM

its giving best technical knowledge

T
Testbear
6/13/2023 11:15:00 AM

please upload

S
shime
10/24/2023 4:23:00 AM

great question with explanation thanks!!

T
Thembelani
5/30/2023 2:40:00 AM

does this exam have lab sections?

S
Shin
9/8/2023 5:31:00 AM

please upload

P
priti kagwade
7/22/2023 5:17:00 AM

please upload the braindump for .net

R
Robe
9/27/2023 8:15:00 PM

i need this exam 1z0-1107-2. please.

C
Chiranthaka
9/20/2023 11:22:00 AM

very useful!

AI Tutor 👋 I’m here to help!