712-50 Exam Questions

A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of...

Which business stakeholder is accountable for the integrity of a new information system?

The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporat...

A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do y...

Knowing the potential financial loss an organization is willing to suffer if a system fails is a determination of which of the following?

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization....

Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed. What can be done to ensure that security is addressed cost eff...

The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to h...

The company decides to release the application without remediating the high-risk vulnerabilities. Which of the following is the MOST likely reason for the company to release the ap...

This occurs when the quantity or quality of project deliverables is expanded from the original project plan.

Which of the following is considered a project versus a managed process?

What is the name of a formal statement that defines the strategy, approach, or expectations related to specific concerns within an organization?

When considering using a vendor to help support your security devices remotely, what is the BEST choice for allowing access?

Which of the following functions implements and oversees the use of controls to reduce risk when creating an information security program?

Which of the following is the BEST indicator of a successful project?

Risk appetite is typically determined by which of the following organizational functions?

An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three co...

Which of the following is a major benefit of applying risk levels?

The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putt...

Which of the following best summarizes the primary goal of a security program?

Which of the following represents the BEST method of ensuring security program alignment to business needs?

Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of r...

How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be revie...

An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the app...

Which of the following is MOST beneficial in determining an appropriate balance between uncontrolled innovation and excessive caution in an organization?

A recommended method to document the respective roles of groups and individuals for a given process is to:

Which of the following can the company implement in order to avoid this type of security issue in the future?

What oversight should the information security team have in the change management process for application security?

When should IT security project management be outsourced?

A newly appointed security officer finds data leakage software licenses that had never been used. The officer decides to implement a project to ensure it gets installed, but the pr...

Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security...

A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration differe...

Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?

Which of the following is the MOST important component of any change management process?

How often should the SSAE16 report of your vendors be reviewed?

An example of professional unethical behavior is:

When is an application security development project complete?

When selecting a security solution with reoccurring maintenance costs after the first year (choose the BEST answer):

As the CISO for your company you are accountable for the protection of information resources commensurate with:

You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don't know what to do. What is the BEST approach to handle this s...

A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which...

A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the follow...

To get an Information Security project back on schedule, which of the following will provide the MOST help?

Which of the following functions evaluates risk present in IT initiatives and/or systems when implementing an information security program?

Which of the following is critical in creating a security program aligned with an organization's goals?

Which of the following represents the BEST method for obtaining business unit acceptance of security controls within an organization?

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network...

The process of identifying and classifying assets is typically included in the

As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order. 1.Covering tracks 2.Scanning and enumeration...

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of c...