712-50 Exam Questions

Total 445 Questions

Last Updated Exam : 16-Dec-2024

Topic 1: Governance (Policy, Legal & Compliance)

Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?


A.

Awareness


B.

Compliance


C.

Governance


D.

Management





C.
  

Governance



Ensuring that the actions of a set of people, applications and systems follow the organization’s rules is BEST described as:


A.

Risk management


B.

Security management


C.

Mitigation management


D.

Compliance management





D.
  

Compliance management



A security manager regualrly checks work areas after buisness hours for security violations; such as unsecured files or unattended computers with active sessions. This activity BEST demonstrates what part of a security program?


A.

Audit validation


B.

Physical control testing


C.

Compliance management


D.

Security awareness training





C.
  

Compliance management



When choosing a risk mitigation method what is the MOST important factor?


A.

Approval from the board of directors


B.

Cost of the mitigation is less than the risk


C.

Metrics of mitigation method success


D.

Mitigation method complies with PCI regulations





B.
  

Cost of the mitigation is less than the risk



Which of the following is MOST likely to be discretionary?


A.

Policies


B.

Procedures


C.

Guidelines


D.

Standards





C.
  

Guidelines



When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?


A.

Escalation


B.

Recovery


C.

Eradication


D.

Containment





D.
  

Containment



An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?


A.

Data breach disclosure


B.

Consumer right disclosure


C.

Security incident disclosure


D.

Special circumstance disclosure





A.
  

Data breach disclosure



From an information security perspective, information that no longer supports the main purpose of the business should be:


A.

assessed by a business impact analysis.


B.

protected under the information classification policy.


C.

analyzed under the data ownership policy.


D.

analyzed under the retention policy





D.
  

analyzed under the retention policy



What is the BEST way to achieve on-going compliance monitoring in an organization?


A.

Only check compliance right before the auditors are scheduled to arrive onsite.


B.

Outsource compliance to a 3rd party vendor and let them manage the program.


C.

Have Compliance and Information Security partner to correct issues as they arise.


D.

Have Compliance direct Information Security to fix issues after the auditors report.





C.
  

Have Compliance and Information Security partner to correct issues as they arise.



The single most important consideration to make when developing your security program, policies, and processes is:


A.

Budgeting for unforeseen data compromises


B.

Streamlining for efficiency


C.

Alignment with the business


D.

Establishing your authority as the Security Executive





C.
  

Alignment with the business




Page 6 out of 45 Pages
Previous