512-50 Exam Questions

When you develop your audit remediation plan what is the MOST important criteria?

Control Objectives for Information and Related Technology (COBIT) is which of the following?

A Chief Information Security Officer received a list of high, medium, and low impact audit findings. Which of the following represents the BEST course of action?

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT)...

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the...

Who is responsible for verifying that audit directives are implemented?

A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do y...

An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three co...

A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration differe...

Which of the following are not stakeholders of IT security projects?

The ultimate goal of an IT security projects is:

When managing the critical path of an IT security project, which of the following is MOST important?

When is an application security development project complete?

When should IT security project management be outsourced?

Which business stakeholder is accountable for the integrity of a new information system?

As the CISO for your company you are accountable for the protection of information resources commensurate with:

A stakeholder is a person or group:

Your company has a "no right to privacy" notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer g...

Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of r...

The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporat...

When gathering security requirements for an automated business process improvement program, which of the following is MOST important?

When selecting a security solution with reoccurring maintenance costs after the first year (choose the BEST answer):

Which of the following information may be found in table top exercises for incident response?

Your incident response plan should include which of the following?

You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees...

To get an Information Security project back on schedule, which of the following will provide the MOST help?

How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be revie...

Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed. What can be done to ensure that security is addressed cost eff...

An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the app...

Which of the following is the MOST important component of any change management process?

Which of the following methods are used to define contractual obligations that force a vendor to meet customer expectations?

The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the ap...

The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to h...

Which of the following can the company implement in order to avoid this type of security issue in the future?

Which of the following is considered a project versus a managed process?

Which of the following is the BEST indicator of a successful project?

Which of the following methodologies references the recommended industry standard that Information security project managers should follow?

This occurs when the quantity or quality of project deliverables is expanded from the original project plan.

Which of the following is considered one of the most frequent failures in project management?

When considering using a vendor to help support your security devices remotely, what is the BEST choice for allowing access?

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance leve...

When operating under severe budget constraints a CISO will have to be creative to maintain a strong security organization. Which example below is the MOST creative way to maintain...

The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putt...

What oversight should the information security team have in the change management process for application security?

In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool sele...

You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don't know what to do. What is the BEST approach to handle this s...

An example of professional unethical behavior is:

A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of...

A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determi...

A recommended method to document the respective roles of groups and individuals for a given process is to: