512-50 Exam Questions

The patching and monitoring of systems on a consistent schedule is required by?

As the new CISO at the company you are reviewing the audit reporting process and notice that it includes only detailed technical diagrams. What else should be in the reporting proc...

As a new CISO at a large healthcare company you are told that everyone has to badge in to get in the building. Below your office window you notice a door that is normally propped o...

Assigning the role and responsibility of Information Assurance to a dedicated and independent security group is an example of:

The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because

The BEST organization to provide a comprehensive, independent and certifiable perspective on established security controls in an environment is

An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected...

Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network?

Which of the following organizations is typically in charge of validating the implementation and effectiveness of security controls?

A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding. Which of the following is the MOST...

The remediation of a specific audit finding is deemed too expensive and will not be implemented. Which of the following is a TRUE statement?

A missing/ineffective security control is identified. Which of the following should be the NEXT step?

The risk found after a control has been fully implemented is called:

In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?

At which point should the identity access management team be notified of the termination of an employee?

To have accurate and effective information security policies how often should the CISO review the organization policies?

How often should an environment be monitored for cyber threats, risks, and exposures?

Which is the BEST solution to monitor, measure, and report changes to critical data in a system?

When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?

Which represents PROPER separation of duties in the corporate environment?

Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?

Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under...

An information security department is required to remediate system vulnerabilities when they are discovered. Please select the three primary remediation methods that can be used on...

When a CISO considers delaying or not remediating system vulnerabilities which of the following are MOST important to take into account?

The effectiveness of an audit is measured by?

A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After readi...

You have implemented the new controls. What is the next step?

An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to th...

Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical is...

Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?

Which of the following best describes the purpose of the International Organization for Standardization (ISO) 27002 standard?

Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. Wha...

Which of the following illustrates an operational control process:

With respect to the audit management process, management response serves what function?

Which of the following are primary concerns for management with regard to assessing internal control objectives?

Which of the following are necessary to formulate responses to external audit findings?

The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provid...

Creating a secondary authentication process for network access would be an example of?

Which of the following activities is the MAIN purpose of the risk assessment process?

Which of the following activities must be completed BEFORE you can calculate risk?

Step-by-step procedures to regain normalcy in the event of a major earthquake is PRIMARILY covered by which of the following plans?

Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.

Which of the following BEST describes an international standard framework that is based on the security model Information Technology--Code of Practice for Information Security Mana...

Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?

The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to

The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization's

Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

The mean time to patch, number of virus outbreaks prevented, and number of vulnerabilities mitigated are examples of what type of performance metrics?