712-50 Exam Questions

An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standar...

Within an organization's vulnerability management program, who has the responsibility to implement remediation actions?

The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:

When deploying an Intrusion Prevention System (IPS) the BEST way to get maximum protection from the system is to deploy it

Which of the following represents the HIGHEST negative impact resulting from an ineffective security governance program?

The PRIMARY objective of security awareness is to:

Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?

When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?

Risk that remains after risk mitigation is known as

Ensuring that the actions of a set of people, applications and systems follow the organization's rules is BEST described as:

Which of the following international standards can be BEST used to define a Risk Management process in an organization?

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the...

Which of the following functions MUST your Information Security Governance program include for formal organizational reporting?

You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation througho...

A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and t...

An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security

When a CISO considers delaying or not remediating system vulnerabilities which of the following are MOST important to take into account?

Control Objectives for Information and Related Technology (COBIT) is which of the following?

An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. Wha...

A Chief Information Security Officer received a list of high, medium, and low impact audit findings. Which of the following represents the BEST course of action?

The regular review of a firewall ruleset is considered a

The BEST organization to provide a comprehensive, independent and certifiable perspective on established security controls in an environment is

Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

How often should an environment be monitored for cyber threats, risks, and exposures?

Which is the BEST solution to monitor, measure, and report changes to critical data in a system?

Which of the following best describes the purpose of the International Organization for Standardization (ISO) 27002 standard?

At which point should the identity access management team be notified of the termination of an employee?

An information security department is required to remediate system vulnerabilities when they are discovered. Please select the three primary remediation methods that can be used on...

Which of the following is a benefit of a risk-based approach to audit planning?

Which of the following reports should you as an IT auditor use to check on compliance with a service level agreement's requirement for uptime?

Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights. Which of the following would be the MOST concerning?

Which of the following activities is the MAIN purpose of the risk assessment process?

You have implemented the new controls. What is the next step?

A missing/ineffective security control is identified. Which of the following should be the NEXT step?

Which of the following are necessary to formulate responses to external audit findings?

Creating a secondary authentication process for network access would be an example of?

Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?

IT control objectives are useful to IT auditors as they provide the basis for understanding the:

When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

As the new CISO at the company you are reviewing the audit reporting process and notice that it includes only detailed technical diagrams. What else should be in the reporting proc...

Which of the following is the MOST important goal of risk management?

Which of the following illustrates an operational control process:

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the...

Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

Which of the following set of processes is considered to be one of the cornerstone cycles of the International Organization for Standardization (ISO) 27001 standard?

Assigning the role and responsibility of Information Assurance to a dedicated and independent security group is an example of:

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under...

You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis. Which of...

Which of the following are primary concerns for management with regard to assessing internal control objectives?

The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provid...