712-50 Online Practice Questions and Answers

One of the MAIN goals of a Business Continuity Plan is to_______________.

A. Ensure all infrastructure and applications are available in the event of a disaster

B. Assign responsibilities to the technical teams responsible for the recovery of all data

C. Provide step by step plans to recover business processes in the event of a disaster

D. Allow all technical first-responders to understand their roles in the event of a disaster.

Which of the following is a benefit of information security governance?

A. Direct involvement of senior management in developing control processes

B. Reduction of the potential for civil and legal liability

C. Questioning the trust in vendor relationships

D. Increasing the risk of decisions based on incomplete management information

After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of____________.

A. Qualitative risk analysis

B. Risk Appetite

C. Quantitative risk analysis

D. Risk Tolerance

An anonymity network is a series of?

A. Covert government networks

B. Virtual network tunnels

C. Government networks in Tora

D. War driving maps

Which of the following functions MUST your Information Security Governance program include for formal organizational reporting?

A. Human Resources and Budget

B. Audit and Legal

C. Budget and Compliance

D. Legal and Human Resources

The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees.

Which of the following can be used as a KPI?

A. Number of successful social engineering attempts on the call center

B. Number of callers who abandon the call before speaking with a representative

C. Number of callers who report a lack of customer service from the call center

D. Number of callers who report security issues.

Scenario: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization's needs. The CISO is unsure of the information provided and orders a vendor proof of concept to validate the system's scalability.

This demonstrates which of the following?

A. A methodology-based approach to ensure authentication mechanism functions

B. An approach providing minimum time impact to the implementation schedules

C. An approach that allows for minimum budget impact if the solution is unsuitable

D. A risk-based approach to determine if the solution is suitable for investment

Which of the following is used to lure attackers into false environments so they can be monitored, contained, or blocked from reaching critical systems?

A. Segmentation controls.

B. Shadow applications.

C. Deception technology.

D. Vulnerability management.

ABC Limited has recently suffered a security breach with customers' social security number available on the dark web for sale. The CISO, during the time of the incident, has been fired, and you have been hired as the replacement. The analysis of the breach found that the absence of an insider threat program, lack of least privilege policy, and weak access control was to blame. You would like to implement key performance indicators to mitigate the risk.

Which metric would meet the requirement?

A. Number of times third parties access critical information systems

B. Number of systems with known vulnerabilities

C. Number of users with elevated privileges

D. Number of websites with weak or misconfigured certificates

To make sure that the actions of all employees, applications, and systems follow the organization's rules and regulations can BEST be described as which of the following?

A. Compliance management

B. Asset management

C. Risk management

D. Security management