The Leading Guide To 712-50 Braindumps

NEW QUESTION 1

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?

• A. Alignment with the business
• B. Effective use of existing technologies
• C. Leveraging existing implementations
• D. Proper budget management

Answer: A

NEW QUESTION 2

Which of the following is the MOST important for a CISO to understand when identifying threats?

• A. How vulnerabilities can potentially be exploited in systems that impact the organization
• B. How the security operations team will behave to reported incidents
• C. How the firewall and other security devices are configured to prevent attacks
• D. How the incident management team prepares to handle an attack

Answer: A

NEW QUESTION 3

Which of the following best summarizes the primary goal of a security program?

• A. Provide security reporting to all levels of an organization
• B. Create effective security awareness to employees
• C. Manage risk within the organization
• D. Assure regulatory compliance

Answer: C

NEW QUESTION 4

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

• A. Containment
• B. Recovery
• C. Identification
• D. Eradication

Answer: D

NEW QUESTION 5

Which wireless encryption technology makes use of temporal keys?

• A. Wireless Application Protocol (WAP)
• B. Wifi Protected Access version 2 (WPA2)
• C. Wireless Equivalence Protocol (WEP)
• D. Extensible Authentication Protocol (EAP)

Answer: B

NEW QUESTION 6

What is the BEST reason for having a formal request for proposal process?

• A. Creates a timeline for purchasing and budgeting
• B. Allows small companies to compete with larger companies
• C. Clearly identifies risks and benefits before funding is spent
• D. Informs suppliers a company is going to make a purchase

Answer: C

NEW QUESTION 7

An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?

• A. Management Control
• B. Technical Control
• C. Training Control
• D. Operational Control

Answer: D

NEW QUESTION 8

SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.
What phase of the response provides measures to reduce the likelihood of an incident from recurring?

• A. Response
• B. Investigation
• C. Recovery
• D. Follow-up

Answer: D

NEW QUESTION 9

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

• A. At the time the security services are being performed and the vendor needs access to the network
• B. Once the agreement has been signed and the security vendor states that they will need access to the network
• C. Once the vendor is on premise and before they perform security services
• D. Prior to signing the agreement and before any security services are being performed

Answer: D

NEW QUESTION 10

In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?

• A. Internal Audit
• B. Database Administration
• C. Information Security
• D. Compliance

Answer: C

NEW QUESTION 11

The risk found after a control has been fully implemented is called:

• A. Residual Risk
• B. Total Risk
• C. Post implementation risk
• D. Transferred risk

Answer: A

NEW QUESTION 12

Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?

• A. Servers, routers, switches, modem
• B. Firewall, exchange, web server, intrusion detection system (IDS)
• C. Firewall, anti-virus console, IDS, syslog
• D. IDS, syslog, router, switches

Answer: C

NEW QUESTION 13

Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed. What can be done to ensure that security is addressed cost effectively?

• A. User awareness training for all employees
• B. Installation of new firewalls and intrusion detection systems
• C. Launch an internal awareness campaign
• D. Integrate security requirements into project inception

Answer: D

NEW QUESTION 14

A stakeholder is a person or group:

• A. Vested in the success and/or failure of a project or initiative regardless of budget implications.
• B. Vested in the success and/or failure of a project or initiative and is tied to the project budget.
• C. That has budget authority.
• D. That will ultimately use the system.

Answer: A

NEW QUESTION 15

Acceptable levels of information security risk tolerance in an organization should be determined by?

• A. Corporate legal counsel
• B. CISO with reference to the company goals
• C. CEO and board of director
• D. Corporate compliance committee

Answer: C

NEW QUESTION 16

In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?

• A. High risk environments 6 months, low risk environments 12 months
• B. Every 12 months
• C. Every 18 months
• D. Every six months

Answer: B

NEW QUESTION 17

An organization has a stated requirement to block certain traffic on networks. The
implementation of controls will disrupt a manufacturing process and cause unacceptable delays, resulting in sever revenue disruptions. Which of the following is MOST likely to be responsible for accepting the risk until mitigating controls can be implemented?

• A. The CISO
• B. Audit and Compliance
• C. The CFO
• D. The business owner

Answer: D

NEW QUESTION 18

You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation throughout the entire organization?

• A. Chief Information Security Officer
• B. Chief Executive Officer
• C. Chief Information Officer
• D. Chief Legal Counsel

Answer: B

NEW QUESTION 19

Which represents PROPER separation of duties in the corporate environment?

• A. Information Security and Identity Access Management teams perform two distinct functions
• B. Developers and Network teams both have admin rights on servers
• C. Finance has access to Human Resources data
• D. Information Security and Network teams perform two distinct functions

Answer: D

NEW QUESTION 20

An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security

• A. Procedural control
• B. Management control
• C. Technical control
• D. Administrative control

Answer: B

NEW QUESTION 21

A CISO implements smart cards for credential management, and as a result has reduced costs associated with help desk operations supporting password resets. This demonstrates which of the following principles?

• A. Security alignment to business goals
• B. Regulatory compliance effectiveness
• C. Increased security program presence
• D. Proper organizational policy enforcement

Answer: A

NEW QUESTION 22

When creating contractual agreements and procurement processes why should security requirements be included?

• A. To make sure they are added on after the process is completed
• B. To make sure the costs of security is included and understood
• C. To make sure the security process aligns with the vendor’s security process
• D. To make sure the patching process is included with the costs

Answer: B

NEW QUESTION 23

Which of the following statements about Encapsulating Security Payload (ESP) is true?

• A. It is an IPSec protocol.
• B. It is a text-based communication protocol.
• C. It uses TCP port 22 as the default port and operates at the application layer.
• D. It uses UDP port 22

Answer: A

NEW QUESTION 24

A recent audit has identified a few control exceptions and is recommending the implementation of technology and processes to address the finding. Which of the following is the MOST likely reason for the organization to reject the implementation of the recommended technology and processes?

• A. The auditors have not followed proper auditing processes
• B. The CIO of the organization disagrees with the finding
• C. The risk tolerance of the organization permits this risk
• D. The organization has purchased cyber insurance

Answer: C

NEW QUESTION 25

Creating a secondary authentication process for network access would be an example of?

• A. An administrator with too much time on their hands.
• B. Putting undue time commitment on the system administrator.
• C. Supporting the concept of layered security
• D. Network segmentation.

Answer: C

NEW QUESTION 26

Risk is defined as:

• A. Threat times vulnerability divided by control
• B. Advisory plus capability plus vulnerability
• C. Asset loss times likelihood of event
• D. Quantitative plus qualitative impact

Answer: A

NEW QUESTION 27

Which of the following is considered to be an IT governance framework and a supporting
toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?

• A. Control Objective for Information Technology (COBIT)
• B. Committee of Sponsoring Organizations (COSO)
• C. Payment Card Industry (PCI)
• D. Information Technology Infrastructure Library (ITIL)

Answer: A

NEW QUESTION 28

A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims. Which of the following vendor provided documents is BEST to make your decision:

• A. Vendor’s client list of reputable organizations currently using their solution
• B. Vendor provided attestation of the detailed security controls from a reputable accounting firm
• C. Vendor provided reference from an existing reputable client detailing their implementation
• D. Vendor provided internal risk assessment and security control documentation

Answer: B

NEW QUESTION 29

The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees. Which of the following can be used as a KPI?

• A. Number of callers who report security issues.
• B. Number of callers who report a lack of customer service from the call center
• C. Number of successful social engineering attempts on the call center
• D. Number of callers who abandon the call before speaking with a representative

Answer: C

NEW QUESTION 30
......