512-50 Online Practice Questions and Answers

Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?

A. Poses a strong technical background

B. Understand all regulations affecting the organization

C. Understand the business goals of the organization

D. Poses a strong auditing background

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not

enforced consistently.

Which of the following is the MOST likely reason for the policy shortcomings?

A. Lack of a formal security awareness program

B. Lack of a formal security policy governance process

C. Lack of formal definition of roles and responsibilities

D. Lack of a formal risk management policy

What two methods are used to assess risk impact?

A. Cost and annual rate of expectance

B. Subjective and Objective

C. Qualitative and percent of loss realized

D. Quantitative and qualitative

Quantitative Risk Assessments have the following advantages over qualitative risk assessments:

A. They are objective and can express risk / cost in real numbers

B. They are subjective and can be completed more quickly

C. They are objective and express risk / cost in approximates

D. They are subjective and can express risk /cost in real numbers

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

A. Transfer financial resources from other critical programs

B. Take the system off line until the budget is available

C. Deploy countermeasures and compensating controls until the budget is available

D. Schedule an emergency meeting and request the funding to fix the issue

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?

A. Alignment with the business

B. Effective use of existing technologies

C. Leveraging existing implementations

D. Proper budget management

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?

A. Alignment with the business

B. Effective use of existing technologies

C. Leveraging existing implementations

D. Proper budget management

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.

This global retail company is expected to accept credit card payments. Which of the following is of MOST concern when defining a security program for this organization?

A. International encryption restrictions

B. Compliance to Payment Card Industry (PCI) data security standards

C. Compliance with local government privacy laws

D. Adherence to local data breach notification laws

At what level of governance are individual projects monitored and managed?

A. Program

B. Milestone

C. Enterprise

D. Portfolio

Involvement of senior management is MOST important in the development of:

A. IT security implementation plans.

B. Standards and guidelines.

C. IT security policies.

D. IT security procedures.