712-50 Exam Questions

Total 445 Questions

Last Updated Exam : 16-Dec-2024

Topic 1: Governance (Policy, Legal & Compliance)

Regulatory requirements typically force organizations to implement


A.

Mandatory controls


B.

Discretionary controls


C.

Optional controls


D.

Financial controls





A.
  

Mandatory controls



What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?


A.

Determine appetite


B.

Evaluate risk avoidance criteria


C.

Perform a risk assessment


D.

Mitigate risk





D.
  

Mitigate risk



Which of the following is a critical operational component of an Incident Response Program (IRP)?


A.

Weekly program budget reviews to ensure the percentage of program funding remains constant.


B.

Annual review of program charters, policies, procedures and organizational agreements.


C.

Daily monitoring of vulnerability advisories relating to your organization’s deployed technologies.


D.

Monthly program tests to ensure resource allocation is sufficient for supporting the needs of the organization





C.
  

Daily monitoring of vulnerability advisories relating to your organization’s deployed technologies.



When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?


A.

The asset owner


B.

The asset manager


C.

The data custodian


D.

The project manager





A.
  

The asset owner



When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?


A.

How many credit card records are stored?


B.

How many servers do you have?


C.

What is the scope of the certification?


D.

What is the value of the assets at risk?





C.
  

What is the scope of the certification?



Which of the following intellectual Property components is focused on maintaining brand recognition?


A.

Trademark


B.

Patent


C.

Research Logs


D.

Copyright





A.
  

Trademark



Quantitative Risk Assessments have the following advantages over qualitative risk assessments:


A.

They are objective and can express risk / cost in real numbers


B.

They are subjective and can be completed more quickly


C.

They are objective and express risk / cost in approximates


D.

They are subjective and can express risk /cost in real numbers





A.
  

They are objective and can express risk / cost in real numbers



Developing effective security controls is a balance between:


A.

Risk Management and Operations


B.

Corporate Culture and Job Expectations


C.

Operations and Regulations


D.

Technology and Vendor Management





A.
  

Risk Management and Operations



The alerting, monitoring and life-cycle management of security related events is typically handled by the


A.

security threat and vulnerability management process


B.

risk assessment process


C.

risk management process


D.

governance, risk, and compliance tools





A.
  

security threat and vulnerability management process



Which of the following are the MOST important factors for proactively determining system vulnerabilities?


A.

Subscribe to vendor mailing list to get notification of system vulnerabilities


B.

Deploy Intrusion Detection System (IDS) and install anti-virus on systems


C.

Configure firewall, perimeter router and Intrusion Prevention System (IPS)


D.

Conduct security testing, vulnerability scanning, and penetration testing





D.
  

Conduct security testing, vulnerability scanning, and penetration testing




Page 3 out of 45 Pages
Previous