All About Best Quality 712-50 Braindump

NEW QUESTION 1

You have been promoted to the CISO of a big-box retail store chain reporting to the Chief Information Officer (CIO). The CIO’s first mandate to you is to develop a cybersecurity compliance framework that will meet all the store’s compliance requirements.
Which of the following compliance standard is the MOST important to the organization?

• A. The Federal Risk and Authorization Management Program (FedRAMP)
• B. ISO 27002
• C. NIST Cybersecurity Framework
• D. Payment Card Industry (PCI) Data Security Standard (DSS)

Answer: D

Explanation:
Reference:
https://searchcompliance.techtarget.com/definition/PCI-DSS-Payment-Card-Industry-Data-Security-Standard

NEW QUESTION 2

In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

• A. The organization uses exclusively a quantitative process to measure risk
• B. The organization uses exclusively a qualitative process to measure risk
• C. The organization’s risk tolerance is high
• D. The organization’s risk tolerance is lo

Answer: C

NEW QUESTION 3

Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed. What can be done to ensure that security is addressed cost effectively?

• A. User awareness training for all employees
• B. Installation of new firewalls and intrusion detection systems
• C. Launch an internal awareness campaign
• D. Integrate security requirements into project inception

Answer: D

NEW QUESTION 4

What key technology can mitigate ransomware threats?

• A. Use immutable data storage
• B. Phishing exercises
• C. Application of multiple end point anti-malware solutions
• D. Blocking use of wireless networks

Answer: A

Explanation:
Reference:
https://cloud.google.com/blog/products/identity-security/5-pillars-of-protection-to-prevent-ransomware-attacks

NEW QUESTION 5

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
Which of the following is the FIRST action the CISO will perform after receiving the audit report?

• A. Inform peer executives of the audit results
• B. Validate gaps and accept or dispute the audit findings
• C. Create remediation plans to address program gaps
• D. Determine if security policies and procedures are adequate

Answer: B

NEW QUESTION 6

You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.
Using the best business practices for project management you determine that the project correctly aligns with the company goals and the scope of the project is correct. What is the NEXT step?

• A. Review time schedules
• B. Verify budget
• C. Verify resources
• D. Verify constraints

Answer: C

NEW QUESTION 7

A large number of accounts in a hardened system were suddenly compromised to an external party. Which of the following is the MOST probable threat actor involved in this incident?

• A. Poorly configured firewalls
• B. Malware
• C. Advanced Persistent Threat (APT)
• D. An insider

Answer: D

NEW QUESTION 8

A CISO must conduct risk assessments using a method where the Chief Financial Officer (CFO) receives impact data in financial terms to use as input to select the proper level of coverage in a new cybersecurity insurance policy.
What is the MOST effective method of risk analysis to provide the CFO with the information required?

• A. Conduct a quantitative risk assessment
• B. Conduct a hybrid risk assessment
• C. Conduct a subjective risk assessment
• D. Conduct a qualitative risk assessment

Answer: D

NEW QUESTION 9

You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

• A. Controlled mitigation effort
• B. Risk impact comparison
• C. Relative likelihood of event
• D. Comparative threat analysis

Answer: C

NEW QUESTION 10

Regulatory requirements typically force organizations to implement

• A. Mandatory controls
• B. Discretionary controls
• C. Optional controls
• D. Financial controls

Answer: A

NEW QUESTION 11

An example of professional unethical behavior is:

• A. Gaining access to an affiliated employee’s work email account as part of an officially sanctionedinternal investigation
• B. Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material
• C. Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes
• D. Storing client lists and other sensitive corporate internal documents on a removable thumb drive

Answer: C

NEW QUESTION 12

When dealing with a risk management process, asset classification is important because it will impact the overall:

• A. Threat identification
• B. Risk monitoring
• C. Risk treatment
• D. Risk tolerance

Answer: C

NEW QUESTION 13

Which of the following methodologies references the recommended industry standard that Information security project managers should follow?

• A. The Security Systems Development Life Cycle
• B. The Security Project And Management Methodology
• C. Project Management System Methodology
• D. Project Management Body of Knowledge

Answer: D

NEW QUESTION 14

The BEST organization to provide a comprehensive, independent and certifiable perspective on established security controls in an environment is

• A. Penetration testers
• B. External Audit
• C. Internal Audit
• D. Forensic experts

Answer: B

NEW QUESTION 15

The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for

• A. Confidentiality, Integrity and Availability
• B. Assurance, Compliance and Availability
• C. International Compliance
• D. Integrity and Availability

Answer: A

NEW QUESTION 16

During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

• A. Identify and evaluate the existing controls.
• B. Disclose the threats and impacts to management.
• C. Identify information assets and the underlying systems.
• D. Identify and assess the risk assessment process used by management.

Answer: A

NEW QUESTION 17

The ability to demand the implementation and management of security controls on third parties providing services to an organization is

• A. Security Governance
• B. Compliance management
• C. Vendor management
• D. Disaster recovery

Answer: C

NEW QUESTION 18

With a focus on the review and approval aspects of board responsibilities, the Data Governance Council recommends that the boards provide strategic oversight regarding information and information security, include these four things:

• A. Metrics tracking security milestones, understanding criticality of information and information security, visibility into the types of information and how it is used, endorsement by the board of directors
• B. Annual security training for all employees, continual budget reviews, endorsement of the development and implementation of a security program, metrics to track the program
• C. Understanding criticality of information and information security, review investment in information security, endorse development and implementation of a security program, and require regular reports on adequacy and effectiveness
• D. Endorsement by the board of directors for security program, metrics of security program milestones, annual budget review, report on integration and acceptance of program

Answer: C

Explanation:
Reference: https://nanopdf.com/download/information-security-governance-guidance-for-boards-of_pdf (9)

NEW QUESTION 19
......