712-50 Exam Questions

Which of the following intellectual Property components is focused on maintaining brand recognition?

Which of the following provides an audit framework?

The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:

A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate actio...

An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notify...

What is the definition of Risk in Information Security?

Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?

When managing an Information Security Program, which of the following is of MOST importance in order to influence the culture of an organization?

When dealing with a risk management process, asset classification is important because it will impact the overall:

When managing the security architecture for your company you must consider:

If your organization operates under a model of "assumption of breach", you should:

Information security policies should be reviewed:

Payment Card Industry (PCI) compliance requirements are based on what criteria?

What role should the CISO play in properly scoping a PCI environment?

From an information security perspective, information that no longer supports the main purpose of the business should be:

You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?

What two methods are used to assess risk impact?

When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?

Which of the following is considered the MOST effective tool against social engineering?

Quantitative Risk Assessments have the following advantages over qualitative risk assessments:

The FIRST step in establishing a security governance program is to?

What is the first thing that needs to be completed in order to create a security program for your organization?

An organization's Information Security Policy is of MOST importance because

Which of the following should be determined while defining risk management strategies?

Which of the following is a MAJOR consideration when an organization retains sensitive customer data and uses this data to better target the organization's products and services?

Which of the following is a detective control?

Which of the following lists are valid data-gathering activities associated with a risk assessment?

Developing effective security controls is a balance between:

The alerting, monitoring and life-cycle management of security related events is typically handled by the

When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?

According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?

What is the MAIN reason for conflicts between Information Technology and Information Security programs?

An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied. What is the NEXT...

The PRIMARY objective for information security program development should be:

Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?

A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units. Which of the following standar...

A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization's large IT infrast...

What is the main purpose of the Incident Response Team?

In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?

What is the relationship between information protection and regulatory compliance?

An organization's firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The securi...

A security manager regualrly checks work areas after buisness hours for security violations; such as unsecured files or unattended computers with active sessions. This activity BES...

Which of the following is a benefit of information security governance?

The single most important consideration to make when developing your security program, policies, and processes is:

The Information Security Management program MUST protect:

A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?

Who is responsible for securing networks during a security incident?