712-50 Online Practice Questions and Answers

In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?

A. Every 18 months

B. Every 12 months

C. High risk environments 6 months, low-risk environments 12 months

D. Every 6 months

What is the definition of Risk in Information Security?

A. Risk = Probability x Impact

B. Risk = Impact x Threat

C. Risk = Threat x Probability

D. Risk = Financial Impact x Probability

The regular review of a firewall ruleset is considered a _______________________.

A. Procedural control

B. Organization control

C. Management control

D. Technical control

When you develop your audit remediation plan what is the MOST important criteria?

A. To validate the remediation process with the auditor.

B. To validate that the cost of the remediation is less than risk of the finding.

C. To remediate half of the findings before the next audit.

D. To remediate all of the findings before the next audit.

A missing/ineffective security control is identified.

Which of the following should be the NEXT step?

A. Perform an audit to measure the control formally

B. Escalate the issue to the IT organization

C. Perform a risk assessment to measure risk

D. Establish Key Risk Indicators

Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified. The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning.

Which of the following is the MOST logical next step?

A. Create detailed remediation funding and staffing plans

B. Report the audit findings and remediation status to business stake holders

C. Validate the effectiveness of current controls

D. Review security procedures to determine if they need modified according to findings

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.

Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?

A. Payment Card Industry Digital Security Standard (PCI DSS)

B. National Institute of Standards and Technology (NIST) Special Publication 800-53

C. International Organization for Standardization ?ISO 27001/2

D. British Standard 7799 (BS7799)

What process defines the framework of rules and practices by which a board of directors ensure accountability, fairness and transparency in an organization's relationship with its shareholders?

A. Internal Audit

B. Corporate governance

C. Risk Oversight

D. Key Performance Indicators

Which of the following strategies provides the BEST response to a ransomware attack?

A. Real-time off-site replication

B. Daily incremental backup

C. Daily full backup

D. Daily differential backup

What standard provides a comprehensive framework for information security risk management within organizations?

A. Information Technology Infrastructure Library (ITIL)

B. Information Security Management System (ISMS)

C. NIST 800-218

D. International Standards Organization (ISO) 27005