712-50 Exam Questions

In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?

The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because

When you develop your audit remediation plan what is the MOST important criteria?

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT)...

Which of the following organizations is typically in charge of validating the implementation and effectiveness of security controls?

Dataflow diagrams are used by IT auditors to:

Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology?

Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?

Which of the following activities results in change requests?

Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

An audit was conducted and many critical applications were found to have no disaster recovery plans in place. You conduct a Business Impact Analysis (BIA) to determine impact to th...

When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?

Creating a secondary authentication process for network access would be an example of?

Which of the following BEST describes an international standard framework that is based on the security model Information Technology--Code of Practice for Information Security Mana...

The effectiveness of an audit is measured by?

An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the s...

With respect to the audit management process, management response serves what function?

Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?

A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding. Which of the following is the MOST...

A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After readi...

The risk found after a control has been fully implemented is called:

Step-by-step procedures to regain normalcy in the event of a major earthquake is PRIMARILY covered by which of the following plans?

Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?

Which of the following is the MOST effective way to measure the effectiveness of security controls on a perimeter network?

To have accurate and effective information security policies how often should the CISO review the organization policies?

The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization's

Which of the following activities must be completed BEFORE you can calculate risk?

Which of the following is a fundamental component of an audit record?

Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical is...

The amount of risk an organization is willing to accept in pursuit of its mission is known as

Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

Which represents PROPER separation of duties in the corporate environment?

As a new CISO at a large healthcare company you are told that everyone has to badge in to get in the building. Below your office window you notice a door that is normally propped o...

During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?

An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected...

The remediation of a specific audit finding is deemed too expensive and will not be implemented. Which of the following is a TRUE statement?

The patching and monitoring of systems on a consistent schedule is required by?

The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to

The mean time to patch, number of virus outbreaks prevented, and number of vulnerabilities mitigated are examples of what type of performance metrics?

Your company has a "no right to privacy" notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer g...

Which of the following is considered one of the most frequent failures in project management?

You are the CISO of a commercial social media organization. The leadership wants to rapidly create new methods of sharing customer data through creative linkages with mobile device...

Which of the following information may be found in table top exercises for incident response?

When operating under severe budget constraints a CISO will have to be creative to maintain a strong security organization. Which example below is the MOST creative way to maintain...

Which of the following methods are used to define contractual obligations that force a vendor to meet customer expectations?

When gathering security requirements for an automated business process improvement program, which of the following is MOST important?

Your incident response plan should include which of the following?

A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents...

An organization has a stated requirement to block certain traffic on networks. The implementation of controls will disrupt a manufacturing process and cause unacceptable delays, re...