712-50 Exam Questions

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined sec...

A system is designed to dynamically block offending Internet IP-addresses from requesting services from a secure website. This type of control is considered

Which of the following is considered the foundation for the Enterprise Information Security Architecture (EISA)?

Which of the following provides an independent assessment of a vendor's internal security controls and overall posture?

Scenario: You are the CISO and are required to brief the C-level executive team on your information security audit for the year. During your review of the audit findings you discov...

Annual Loss Expectancy is derived from the function of which two factors?

SCENARIO: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As...

The rate of change in technology increases the importance of:

John is the project manager for a large project in his organization. A new change request has been proposed that will affect several areas of the project. One area of the project c...

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only...

What is the primary reason for performing vendor management?

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate c...

Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be adminis...

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organizat...

Human resource planning for security professionals in your organization is a:

You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedul...

When analyzing and forecasting an operating expense budget what are not included?

Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget. Whi...

Your company has limited resources to spend on security initiatives. The Chief Financial Officer asks you to prioritize the protection of information resources based on their value...

Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates. What is one proven method...

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organizat...

The formal certification and accreditation process has four primary steps, what are they?

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined sec...

Access Control lists (ACLs), Firewalls, and Intrusion Prevention Systems are examples of

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only...

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used a...

The total cost of security controls should:

Scenario: Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have per...

SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is com...

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individ...

When analyzing and forecasting a capital expense budget what are not included?

One advantage of an application-level firewall is the ability to

Which of the following is an advantage of utilizing security testing methodologies to conduct a security audit?

When dealing with risk, the information security practitioner may choose to:

SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is com...

The new CISO was informed of all the Information Security projects that the organization has in progress. Two projects are over a year behind schedule and over budget. Using best b...

Involvement of senior management is MOST important in the development of:

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate c...

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individ...

The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Annual Safeguard Cost is the formula for determining:

What are the primary reasons for the development of a business case for a security project?

Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget. Usi...

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate c...

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations. You have decided to deal with risk to information from...

Which of the following is MOST useful when developing a business case for security initiatives?

SCENARIO: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As...

Acceptable levels of information security risk tolerance in an organization should be determined by?

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used a...

One of the MAIN goals of a Business Continuity Plan is to