How Many Questions Of 712-50 Training Tools

NEW QUESTION 1

What is the main purpose of the Incident Response Team?

• A. Ensure efficient recovery and reinstate repaired systems
• B. Create effective policies detailing program activities
• C. Communicate details of information security incidents
• D. Provide current employee awareness programs

Answer: A

NEW QUESTION 2

The total cost of security controls should:

• A. Be equal to the value of the information resource being protected
• B. Be greater than the value of the information resource being protected
• C. Be less than the value of the information resource being protected
• D. Should not matter, as long as the information resource is protected

Answer: C

NEW QUESTION 3

Which of the following information may be found in table top exercises for incident response?

• A. Security budget augmentation
• B. Process improvements
• C. Real-time to remediate
• D. Security control selection

Answer: B

NEW QUESTION 4

Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

• A. Meet regulatory compliance requirements
• B. Better understand the threats and vulnerabilities affecting the environment
• C. Better understand strengths and weaknesses of the program
• D. Meet legal requirements

Answer: C

NEW QUESTION 5

You are the CISO of a commercial social media organization. The leadership wants to rapidly create new methods of sharing customer data through creative linkages with mobile devices. You have voiced concern about privacy regulations but the velocity of the business is given priority. Which of the following BEST describes this organization?

• A. Risk averse
• B. Risk tolerant
• C. Risk conditional
• D. Risk minimal

Answer: B

NEW QUESTION 6

With respect to the audit management process, management response serves what function?

• A. placing underperforming units on notice for failing to meet standards
• B. determining whether or not resources will be allocated to remediate a finding
• C. adding controls to ensure that proper oversight is achieved by management
• D. revealing the “root cause” of the process failure and mitigating for all internal and external units

Answer: B

NEW QUESTION 7

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?

• A. Comprehensive Log-Files from all servers and network devices affected during the attack
• B. Fully trained network forensic experts to analyze all data right after the attack
• C. Uninterrupted Chain of Custody
• D. Expert forensics witness

Answer: C

NEW QUESTION 8

The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to help
mitigate the risks?

• A. Provide developer security training
• B. Deploy Intrusion Detection Systems
• C. Provide security testing tools
• D. Implement Compensating Controls

Answer: D

NEW QUESTION 9

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
After determining the audit findings are accurate, which of the following is the MOST logical next activity?

• A. Begin initial gap remediation analyses
• B. Review the security organization’s charter
• C. Validate gaps with the Information Technology team
• D. Create a briefing of the findings for executive management

Answer: A

NEW QUESTION 10

SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.
The CISO discovers the scalability issue will only impact a small number of network segments. What is the next logical step to ensure the proper application of risk management methodology within the two-facto implementation project?

• A. Create new use cases for operational use of the solution
• B. Determine if sufficient mitigating controls can be applied
• C. Decide to accept the risk on behalf of the impacted business units
• D. Report the deficiency to the audit team and create process exceptions

Answer: B

NEW QUESTION 11

The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems
addressing low, moderate, and high levels of concern for

• A. Confidentiality, Integrity and Availability
• B. Assurance, Compliance and Availability
• C. International Compliance
• D. Integrity and Availability

Answer: A

NEW QUESTION 12

When a CISO considers delaying or not remediating system vulnerabilities which of the following are MOST important to take into account?

• A. Threat Level, Risk of Compromise, and Consequences of Compromise
• B. Risk Avoidance, Threat Level, and Consequences of Compromise
• C. Risk Transfer, Reputational Impact, and Consequences of Compromise
• D. Reputational Impact, Financial Impact, and Risk of Compromise

Answer: A

NEW QUESTION 13

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
Which of the following would be the FIRST step when addressing Information Security formally and consistently in this organization?

• A. Contract a third party to perform a security risk assessment
• B. Define formal roles and responsibilities for Internal audit functions
• C. Define formal roles and responsibilities for Information Security
• D. Create an executive security steering committee

Answer: C

NEW QUESTION 14

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization. From an organizational perspective, which of the following is the LIKELY reason for this?

• A. The CISO does not report directly to the CEO of the organization
• B. The CISO reports to the IT organization
• C. The CISO has not implemented a policy management framework
• D. The CISO has not implemented a security awareness program

Answer: B

NEW QUESTION 15

This occurs when the quantity or quality of project deliverables is expanded from the original project plan.

• A. Scope creep
• B. Deadline extension
• C. Scope modification
• D. Deliverable expansion

Answer: A

NEW QUESTION 16

A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding. Which of the following is the MOST likely reason for the organization to reject the implementation of the recommended technology and processes?

• A. The auditors have not followed proper auditing processes
• B. The CIO of the organization disagrees with the finding
• C. The risk tolerance of the organization permits this risk
• D. The organization has purchased cyber insurance

Answer: C

NEW QUESTION 17

Which of the following conditions would be the MOST probable reason for a security project to be rejected by the executive board of an organization?

• A. The Net Present Value (NPV) of the project is positive
• B. The NPV of the project is negative
• C. The Return on Investment (ROI) is larger than 10 months
• D. The ROI is lower than 10 months

Answer: B

NEW QUESTION 18

In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

• A. The organization uses exclusively a quantitative process to measure risk
• B. The organization uses exclusively a qualitative process to measure risk
• C. The organization’s risk tolerance is high
• D. The organization’s risk tolerance is lo

Answer: C

NEW QUESTION 19

Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
How can you reduce the administrative burden of distributing symmetric keys for your
employer?

• A. Use asymmetric encryption for the automated distribution of the symmetric key
• B. Use a self-generated key on both ends to eliminate the need for distribution
• C. Use certificate authority to distribute private keys
• D. Symmetrically encrypt the key and then use asymmetric encryption to unencrypt it

Answer: A

NEW QUESTION 20

Which of the following methodologies references the recommended industry standard that Information security project managers should follow?

• A. The Security Systems Development Life Cycle
• B. The Security Project And Management Methodology
• C. Project Management System Methodology
• D. Project Management Body of Knowledge

Answer: D

NEW QUESTION 21

The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called

• A. Security certification
• B. Security system analysis
• C. Security accreditation
• D. Alignment with business practices and goals.

Answer: C

NEW QUESTION 22

You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?

• A. Execute
• B. Read
• C. Administrator
• D. Public

Answer: D

NEW QUESTION 23

When should IT security project management be outsourced?

• A. When organizational resources are limited
• B. When the benefits of outsourcing outweigh the inherent risks of outsourcing
• C. On new, enterprise-wide security initiatives
• D. On projects not forecasted in the yearly budget

Answer: B

NEW QUESTION 24

When managing the security architecture for your company you must consider:

• A. Security and IT Staff size
• B. Company Values
• C. Budget
• D. All of the above

Answer: D

NEW QUESTION 25

Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?

• A. All vulnerabilities found on servers and desktops
• B. Only critical and high vulnerabilities on servers and desktops
• C. Only critical and high vulnerabilities that impact important production servers
• D. All vulnerabilities that impact important production servers

Answer: C

NEW QUESTION 26

When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?

• A. When there is a need to develop a more unified incident response capability.
• B. When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.
• C. When there is a variety of technologies deployed in the infrastructure.
• D. When it results in an overall lower cost of operating the security program.

Answer: B

NEW QUESTION 27
......