512-50 Exam Questions

Which of the following has the GREATEST impact on the implementation of an information security governance model?

From an information security perspective, information that no longer supports the main purpose of the business should be:

When briefing senior management on the creation of a governance process, the MOST important aspect should be:

Which of the following most commonly falls within the scope of an information security governance steering committee?

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the...

Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of thei...

The alerting, monitoring and life-cycle management of security related events is typically handled by the

One of the MAIN goals of a Business Continuity Plan is to

When managing an Information Security Program, which of the following is of MOST importance in order to influence the culture of an organization?

Which of the following is considered the MOST effective tool against social engineering?

When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?

Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?

In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?

Which of the following is a MAJOR consideration when an organization retains sensitive customer data and uses this data to better target the organization's products and services?

You have implemented a new security control. Which of the following risk strategy options have you engaged in?

You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?

Quantitative Risk Assessments have the following advantages over qualitative risk assessments:

Which of the following is MOST important when dealing with an Information Security Steering committee:

A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate actio...

The PRIMARY objective of security awareness is to:

Which of the following is MOST likely to be discretionary?

Why is it vitally important that senior management endorse a security policy?

When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?

What is the relationship between information protection and regulatory compliance?

Regulatory requirements typically force organizations to implement

When managing the security architecture for your company you must consider:

If your organization operates under a model of "assumption of breach", you should:

A method to transfer risk is to:

You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

Ensuring that the actions of a set of people, applications and systems follow the organization's rules is BEST described as:

A security manager regualrly checks work areas after buisness hours for security violations; such as unsecured files or unattended computers with active sessions. This activity BES...

A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and t...

A company wants to fill a Chief Information Security Officer position in the organization. They need to define and implement a more holistic security program. Which of the followin...

An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notify...

An organization's firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The securi...

An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied. What is the NEXT...

A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

Which of the following international standards can be BEST used to define a Risk Management process in an organization?

An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standar...

A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?

A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units. Which of the following standar...

A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?

In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

The exposure factor of a threat to your organization is defined by?

Risk is defined as:

What two methods are used to assess risk impact?

According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?

You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation througho...

The success of the Chief Information Security Officer is MOST dependent upon:

An organization information security policy serves to