712-50 Exam Questions

Total 445 Questions

Last Updated Exam : 16-Dec-2024

Topic 1: Governance (Policy, Legal & Compliance)

An organization's Information Security Policy is of MOST importance because


A.

it communicates management’s commitment to protecting information resources


B.

it is formally acknowledged by all employees and vendors


C.

it defines a process to meet compliance requirements


D.

it establishes a framework to protect confidential information





A.
  

it communicates management’s commitment to protecting information resources



Which of the following should be determined while defining risk management strategies?


A.

Organizational objectives and risk tolerance


B.

Risk assessment criteria


C.

IT architecture complexity


D.

Enterprise disaster recovery plans





A.
  

Organizational objectives and risk tolerance



A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected. Who must be informed of this incident?


A.

Internal audit


B.

The data owner


C.

All executive staff


D.

Government regulators





B.
  

The data owner



You have implemented a new security control. Which of the following risk strategy options have you engaged in?


A.

Risk Avoidance


B.

Risk Acceptance


C.

Risk Transfer


D.

Risk Mitigation





D.
  

Risk Mitigation



Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?


A.

Threat


B.

Vulnerability


C.

Attack vector


D.

Exploitation





B.
  

Vulnerability



Which of the following most commonly falls within the scope of an information security governance steering committee?


A.

Approving access to critical financial systems


B.

Developing content for security awareness programs


C.

Interviewing candidates for information security specialist positions


D.

Vetting information security policies





D.
  

Vetting information security policies



A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?


A.

Providing a risk program governance structure


B.

Ensuring developers include risk control comments in code


C.

Creating risk assessment templates based on specific threats


D.

Allowing for the acceptance of risk for regulatory compliance requirements





A.
  

Providing a risk program governance structure



Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?


A.

Poses a strong technical background


B.

Understand all regulations affecting the organization


C.

Understand the business goals of the organization


D.

Poses a strong auditing background





C.
  

Understand the business goals of the organization



Risk that remains after risk mitigation is known as


A.

Persistent risk


B.

Residual risk


C.

Accepted risk


D.

Non-tolerated risk





B.
  

Residual risk



The success of the Chief Information Security Officer is MOST dependent upon:


A.

favorable audit findings


B.

following the recommendations of consultants and contractors


C.

development of relationships with organization executives


D.

raising awareness of security issues with end users





C.
  

development of relationships with organization executives




Page 5 out of 45 Pages
Previous