712-50 Exam Questions

A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

Regulatory requirements typically force organizations to implement

You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?

Credit card information, medical data, and government records are all examples of:

A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?

Which of the following are the MOST important factors for proactively determining system vulnerabilities?

Which of the following is MOST likely to be discretionary?

You have implemented a new security control. Which of the following risk strategy options have you engaged in?

According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management...

Risk is defined as:

Who in the organization determines access to information?

Which of the following is the MOST important benefit of an effective security governance process?

Which of the following most commonly falls within the scope of an information security governance steering committee?

What is a difference from the list below between quantitative and qualitative Risk Assessment?

Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of thei...

Which of the following is the MOST important for a CISO to understand when identifying threats?

The success of the Chief Information Security Officer is MOST dependent upon:

The Information Security Governance program MUST:

A method to transfer risk is to:

An organization information security policy serves to

Which of the following methodologies references the recommended industry standard that Information security project managers should follow?

Which one of the following BEST describes which member of the management team is accountable for the day-to-day operation of the information security program?

The ultimate goal of an IT security projects is:

A stakeholder is a person or group:

Which of the following represents the best method of ensuring business unit alignment with security program requirements?

A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determi...

In effort to save your company money which of the following methods of training results in the lowest cost for the organization?

When managing the critical path of an IT security project, which of the following is MOST important?

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance leve...

In order for a CISO to have true situational awareness there is a need to deploy technology that can give a real-time view of security events across the enterprise. Which tool sele...

You currently cannot provide for 24/7 coverage of your security monitoring and incident response duties and your company is resistant to the idea of adding more full-time employees...

Which of the following are not stakeholders of IT security projects?

What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?

When choosing a risk mitigation method what is the MOST important factor?

What is the BEST way to achieve on-going compliance monitoring in an organization?

Risk appetite directly affects what part of a vulnerability management program?

Which of the following is a critical operational component of an Incident Response Program (IRP)?

When briefing senior management on the creation of a governance process, the MOST important aspect should be:

After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of

Why is it vitally important that senior management endorse a security policy?

The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems add...

The exposure factor of a threat to your organization is defined by?

A company wants to fill a Chief Information Security Officer position in the organization. They need to define and implement a more holistic security program. Which of the followin...

Which of the following is MOST important when dealing with an Information Security Steering committee:

Which of the following has the GREATEST impact on the implementation of an information security governance model?

Which of the following statements about Encapsulating Security Payload (ESP) is true?

What type of attack requires the least amount of technical equipment and has the highest success rate?

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

File Integrity Monitoring (FIM) is considered a

SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is com...