712-50 Online Practice Questions and Answers

The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:

A. Getting authority to operate the system from executive management

B. Contacting the Internet Service Provider for an IP scope

C. Changing the default passwords

D. Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities

A system is designed to dynamically block offending Internet IP-addresses from requesting services from a secure website.

This type of control is considered______________________.

A. Preventive detection control

B. Corrective security control

C. Zero-day attack mitigation

D. Dynamic blocking control

The formal certification and accreditation process has four primary steps, what are they?

A. Evaluating, describing, testing and authorizing

B. Auditing, documenting, verifying, certifying

C. Evaluating, purchasing, testing, authorizing

D. Discovery, testing, authorizing, certifying

When deploying an Intrusion Prevention System (IPS), the BEST way to get maximum protection from the system is to deploy it___________

A. In-line and turn on alert mode to stop malicious traffic.

B. In promiscuous mode and block malicious traffic.

C. In promiscuous mode and only detect malicious traffic.

D. In-line and turn on blocking mode to stop malicious traffic in-line.

In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?

A. Internal Audit

B. Information Security

C. Compliance

D. Database Administration

When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?

A. Monthly

B. Hourly

C. Weekly

D. Daily

Step-by-step procedures to regain normalcy in the event of a major earthquake is PRIMARILY covered by which of the following plans?

A. Damage control plan

B. Disaster recovery plan

C. Business Continuity plan

D. Incident response plan

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.

An effective way to evaluate the effectiveness of an information security awareness program for end users, especially senior executives, is to conduct periodic:

A. Baseline of computer systems

B. Password changes

C. Controlled spear phishing campaigns

D. Scanning for viruses

During the 3rd quarter of a budget cycle, the CISO noticed she spent more than was originally planned in her annual budget. What is the condition of her current budgetary posture?

A. The budget is in a temporary state of imbalance

B. The budget is operating at a deficit

C. She can realign the budget through moderate capital expense (CAPEX) allocation

D. She has a surplus of operational expenses (OPEX)

When performing a forensic investigation, what are the two MOST common data sources for obtaining evidence from a computer and mobile devices?

A. RAM and unallocated space

B. Unallocated space and RAM

C. Slack space and browser cache

D. Persistent and volatile data