Tag - 712-50 exam

Which of the following is a benefit of information security governance?A . Questioning the trust in vendor relationships.B . Increasing the risk of decisions based on incomplete management information.C . Direct involvement of senior management in developing control processesD . Reduction of the potential for civil and legal liabilityView AnswerAnswer:...

Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?A . Poses a strong technical backgroundB . Understand all regulations affecting the organizationC . Understand the business goals of the organizationD . Poses a...

An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?A . International Organization for Standardizations C 27004 (ISO-27004)B . Payment Card Industry Data Security Standards (PCI-DSS)C . Control Objectives for...

Payment Card Industry (PCI) compliance requirements are based on what criteria?A . The types of cardholder data retainedB . The duration card holder data is retainedC . The size of the organization processing credit card dataD . The number of transactions performed per year by an organizationView AnswerAnswer: D

When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?A . EscalationB . RecoveryC . EradicationD . ContainmentView AnswerAnswer: D

An organization information security policy serves toA . establish budgetary input in order to meet compliance requirementsB . establish acceptable systems and user behaviorC . define security configurations for systemsD . define relationships with external law enforcement agenciesView AnswerAnswer: B

When choosing a risk mitigation method what is the MOST important factor?A . Approval from the board of directorsB . Cost of the mitigation is less than the riskC . Metrics of mitigation method successD . Mitigation method complies with PCI regulationsView AnswerAnswer: B

What is the MAIN reason for conflicts between Information Technology and Information Security programs?A . Technology governance defines technology policies and standards while security governance does not.B . Security governance defines technology best practices and Information Technology governance does not.C . Technology Governance is focused on process risks whereas Security...

Which of the following is MOST important when dealing with an Information Security Steering committee:A . Include a mix of members from different departments and staff levels.B . Ensure that security policies and procedures have been vetted and approved.C . Review all past audit and compliance reports.D . Be briefed...

A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization’s large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?A . Scan a representative sample...