512-50 Online Practice Questions and Answers

Which of the following best describes the purpose of the International Organization for Standardization (ISO) 27002 standard?

A. To give information security management recommendations to those who are responsible for initiating, implementing, or maintaining security in their organization.

B. To provide a common basis for developing organizational security standards

C. To provide effective security management practice and to provide confidence in inter- organizational dealings

D. To established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization

Assigning the role and responsibility of Information Assurance to a dedicated and independent security group is an example of:

A. Detective Controls

B. Proactive Controls

C. Preemptive Controls

D. Organizational Controls

Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?

A. All vulnerabilities found on servers and desktops

B. Only critical and high vulnerabilities on servers and desktops

C. Only critical and high vulnerabilities that impact important production servers

D. All vulnerabilities that impact important production servers

You work as a project manager for TYU project. You are planning for risk mitigation. You need to quickly identify high-level risks that will need a more in-depth analysis. Which of the following activities will help you in this?

A. Qualitative analysis

B. Quantitative analysis

C. Risk mitigation

D. Estimate activity duration

When entering into a third party vendor agreement for security services, at what point in the process is it BEST to understand and validate the security posture and compliance level of the vendor?

A. At the time the security services are being performed and the vendor needs access to the network

B. Once the agreement has been signed and the security vendor states that they will need access to the network

C. Once the vendor is on premise and before they perform security services

D. Prior to signing the agreement and before any security services are being performed

When is an application security development project complete?

A. When the application is retired.

B. When the application turned over to production.

C. When the application reaches the maintenance phase.

D. After one year.

A newly appointed security officer finds data leakage software licenses that had never been used. The officer decides to implement a project to ensure it gets installed, but the project gets a great deal of resistance across the organization. Which of the following represents the MOST likely reason for this situation?

A. The software license expiration is probably out of synchronization with other software licenses

B. The project was initiated without an effort to get support from impacted business units in the organization

C. The software is out of date and does not provide for a scalable solution across the enterprise

D. The security officer should allow time for the organization to get accustomed to her presence before initiating security projects

Involvement of senior management is MOST important in the development of:

A. IT security implementation plans.

B. Standards and guidelines.

C. IT security policies.

D. IT security procedures.

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the "real workers."

What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?

A. Cite compliance with laws, statutes, and regulations ?explaining the financial implications for the company for non-compliance

B. Understand the business and focus your efforts on enabling operations securely

C. Draw from your experience and recount stories of how other companies have been compromised

D. Cite corporate policy and insist on compliance with audit findings

When updating the security strategic planning document what two items must be included?

A. Alignment with the business goals and the vision of the CIO

B. The risk tolerance of the company and the company mission statement

C. The executive summary and vision of the board of directors

D. The alignment with the business goals and the risk tolerance