Tag - 512-50 exam

A security manager regualrly checks work areas after buisness hours for security violations; such as unsecured files or unattended computers with active sessions. This activity BEST demonstrates what part of a security program?A . Audit validation B. Physical control testing C. Compliance management D. Security awareness trainingView AnswerAnswer: C

In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?A . High risk environments 6 months, low risk environments 12 months B. Every 12 months C. Every 18 months D. Every six monthsView AnswerAnswer: B

When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?A . Escalation B. Recovery C. Eradication D. ContainmentView AnswerAnswer: D

When choosing a risk mitigation method what is the MOST important factor?A . Approval from the board of directors B. Cost of the mitigation is less than the risk C. Metrics of mitigation method success D. Mitigation method complies with PCI regulationsView AnswerAnswer: B

Quantitative Risk Assessments have the following advantages over qualitative risk assessments:A . They are objective and can express risk / cost in real numbers B. They are subjective and can be completed more quickly C. They are objective and express risk / cost in approximates D. They are subjective and...

An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?A . International Organization for Standardizations C 27004 (ISO-27004) B. Payment Card Industry Data Security Standards (PCI-DSS) C. Control Objectives for...

Which of the following is a critical operational component of an Incident Response Program (IRP)?A . Weekly program budget reviews to ensure the percentage of program funding remains constant. B. Annual review of program charters, policies, procedures and organizational agreements. C. Daily monitoring of vulnerability advisories relating to your organization’s...

The PRIMARY objective for information security program development should be:A . Reducing the impact of the risk to the business. B. Establishing strategic alignment with business continuity requirements C. Establishing incident response programs. D. Identifying and implementing the best security solutions.View AnswerAnswer: A

The PRIMARY objective of security awareness is to:A . Ensure that security policies are read. B. Encourage security-conscious employee behavior. C. Meet legal and regulatory requirements. D. Put employees on notice in case follow-up action for noncompliance is necessaryView AnswerAnswer: B

When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?A . When there is a need to develop a more unified incident response capability. B. When the enterprise is made up of many business units with diverse business activities, risks...