512-50 Exam Questions

The ability to demand the implementation and management of security controls on third parties providing services to an organization is

Which of the following is considered the foundation for the Enterprise Information Security Architecture (EISA)?

The process to evaluate the technical and non-technical security controls of an IT system to validate that a given design and implementation meet a specific set of security require...

The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called

Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of

File Integrity Monitoring (FIM) is considered a

A system is designed to dynamically block offending Internet IP-addresses from requesting services from a secure website. This type of control is considered

When dealing with risk, the information security practitioner may choose to:

Your company has limited resources to spend on security initiatives. The Chief Financial Officer asks you to prioritize the protection of information resources based on their value...

The total cost of security controls should:

Annual Loss Expectancy is derived from the function of which two factors?

The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Annual Safeguard Cost is the formula for determining:

Which of the following provides an independent assessment of a vendor's internal security controls and overall posture?

The rate of change in technology increases the importance of:

As the CISO you need to write the IT security strategic plan. Which of the following is the MOST important to review before you start writing the plan?

Involvement of senior management is MOST important in the development of:

The newly appointed CISO of an organization is reviewing the IT security strategic plan. Which of the following is the MOST important component of the strategic plan?

John is the project manager for a large project in his organization. A new change request has been proposed that will affect several areas of the project. One area of the project c...

When updating the security strategic planning document what two items must be included?

Acceptable levels of information security risk tolerance in an organization should be determined by?

The formal certification and accreditation process has four primary steps, what are they?

Human resource planning for security professionals in your organization is a:

What are the primary reasons for the development of a business case for a security project?

When analyzing and forecasting a capital expense budget what are not included?

When analyzing and forecasting an operating expense budget what are not included?

What is the primary reason for performing a return on investment analysis?

What is the primary reason for performing vendor management?

What is the BEST reason for having a formal request for proposal process?

When creating contractual agreements and procurement processes why should security requirements be included?

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations. You have decided to deal with risk to information from...

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations. An effective way to evaluate the effectiveness of an in...

Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates. What is one proven method...

Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates. When multiple regulations...

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined sec...

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined sec...

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organizat...

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organizat...

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organizat...

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organizat...

SCENARIO: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As...

SCENARIO: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As...

SCENARIO: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As...

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used a...

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used a...

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used a...

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used a...

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate c...

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate c...

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate c...

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individ...