512-50 Exam Questions

Information security policies should be reviewed:

Who is responsible for securing networks during a security incident?

Which of the following is a critical operational component of an Incident Response Program (IRP)?

What is the first thing that needs to be completed in order to create a security program for your organization?

What is the main purpose of the Incident Response Team?

Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?

Within an organization's vulnerability management program, who has the responsibility to implement remediation actions?

The Information Security Management program MUST protect:

What is the MAIN reason for conflicts between Information Technology and Information Security programs?

The Information Security Governance program MUST:

A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization's large IT infrast...

When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?

Which of the following functions MUST your Information Security Governance program include for formal organizational reporting?

Risk appetite directly affects what part of a vulnerability management program?

When choosing a risk mitigation method what is the MOST important factor?

Payment Card Industry (PCI) compliance requirements are based on what criteria?

Which of the following provides an audit framework?

Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?

Which of the following represents the HIGHEST negative impact resulting from an ineffective security governance program?

The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems add...

When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it

What is the BEST way to achieve on-going compliance monitoring in an organization?

Which of the following is the MOST important for a CISO to understand when identifying threats?

Which of the following are the MOST important factors for proactively determining system vulnerabilities?

What role should the CISO play in properly scoping a PCI environment?

What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management...

As the Risk Manager of an organization, you are task with managing vendor risk assessments. During the assessment, you identified that the vendor is engaged with high profiled clie...

With a focus on the review and approval aspects of board responsibilities, the Data Governance Council recommends that the boards provide strategic oversight regarding information...

Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

The regular review of a firewall ruleset is considered a

The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?

An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security

The amount of risk an organization is willing to accept in pursuit of its mission is known as

Which of the following is a fundamental component of an audit record?

Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights. Which of the following would be the MOST concerning?

Which of the following is a benefit of a risk-based approach to audit planning?

Dataflow diagrams are used by IT auditors to:

During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

Which of the following reports should you as an IT auditor use to check on compliance with a service level agreement's requirement for uptime?

IT control objectives are useful to IT auditors as they provide the basis for understanding the:

An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the s...

Which of the following is the MOST important goal of risk management?

You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis. Which of...

Which of the following activities results in change requests?

Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

Creating a secondary authentication process for network access would be an example of?