Mar-2024 712-50 Study Material, Preparation Guide and PDF Download
Free 712-50 Certification Sample Questions with Online Practice Test
NEW QUESTION # 63
Ensuring that the actions of a set of people, applications and systems follow the organization's rules is BEST described as:
- A. Compliance management
- B. Mitigation management
- C. Security management
- D. Risk management
Answer: A
NEW QUESTION # 64
Which of the following can the company implement in order to avoid this type of security issue in the future?
- A. A risk management process
- B. A security training program for developers
- C. Network based intrusion detection systems
- D. A audit management process
Answer: B
NEW QUESTION # 65
The Annualized Loss Expectancy (Before) minus Annualized Loss Expectancy (After) minus Annual Safeguard Cost is the formula for determining:
- A. Safeguard Value
- B. Life Cycle Loss Expectancy
- C. Single Loss Expectancy
- D. Cost Benefit Analysis
Answer: D
NEW QUESTION # 66
Which of the following is the MOST important goal of risk management?
- A. Identifying the victim of any potential exploits.
- B. Assessing the impact of potential threats
- C. Identifying the risk
- D. Finding economic balance between the impact of the risk and the cost of the control
Answer: D
NEW QUESTION # 67
What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?
- A. Packet sampling
- B. Heuristic analysis
- C. Traffic Analysis
- D. Deep-Packet inspection
Answer: D
NEW QUESTION # 68
A CISO wants to change the defense strategy to ward off attackers. To accomplish this the CISO is looking to a strategy where attackers are lured into a zone of a safe network where attackers can be monitored, controlled, quarantined, or eradicated.
- A. Dynamic deception
- B. Passive monitoring
- C. Integrated security controls
- D. Moderate investment
Answer: A
NEW QUESTION # 69
The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called___________________.
- A. Security system analysis
- B. Alignment with business practices
- C. Security certification
- D. Security accreditation
Answer: D
NEW QUESTION # 70
What is a key policy that should be part of the information security plan?
- A. Account management policy
- B. Remote Access policy
- C. Acceptable Use policy
- D. Training policy
Answer: C
NEW QUESTION # 71
Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the "real workers." What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?
- A. Cite corporate policy and insist on compliance with audit findings
- B. Cite compliance with laws, statutes, and regulations - explaining the financial implications for the company for non-compliance
- C. Understand the business and focus your efforts on enabling operations securely
- D. Draw from your experience and recount stories of how other companies have been compromised
Answer: C
NEW QUESTION # 72
The primary purpose of a risk register is to:
- A. Maintain a log of discovered risks
- B. Track individual risk assessments
- C. Coordinate the timing of scheduled risk assessments
- D. Develop plans for mitigating identified risks
Answer: A
NEW QUESTION # 73
Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.
When multiple regulations or standards apply to your industry you should set controls to meet the:
- A. Easiest regulation or standard to implement
- B. Stricter regulation or standard
- C. Most complex standard to implement
- D. Recommendations of your Legal Staff
Answer: C
NEW QUESTION # 74
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised.
What kind of law would require notifying the owner or licensee of this incident?
- A. Data breach disclosure
- B. Security incident disclosure
- C. Consumer right disclosure
- D. Special circumstance disclosure
Answer: A
NEW QUESTION # 75
This occurs when the quantity or quality of project deliverables is expanded from the original project plan.
- A. Scope modification
- B. Scope creep
- C. Deliverable expansion
- D. Deadline extension
Answer: B
NEW QUESTION # 76
The effectiveness of an audit is measured by?
- A. How the recommendations directly support the goals of the company
- B. The number of actionable items in the recommendations
- C. The number of security controls the company has in use
- D. How it exposes the risk tolerance of the company
Answer: A
NEW QUESTION # 77
Which of the following is considered one of the most frequent failures in project management?
- A. Excessive personnel on project
- B. Insufficient resources
- C. Overly restrictive management
- D. Failure to meet project deadlines
Answer: D
NEW QUESTION # 78
A missing/ineffective security control is identified. Which of the following should be the NEXT step?
- A. Perform an audit to measure the control formally
- B. Establish Key Risk Indicators
- C. Perform a risk assessment to measure risk
- D. Escalate the issue to the IT organization
Answer: C
NEW QUESTION # 79
......
712-50 Certification Study Guide Pass 712-50 Fast: https://www.exam4tests.com/712-50-valid-braindumps.html
712-50 Dumps PDF 2024 Program Your Preparation EXAM SUCCESS: https://drive.google.com/open?id=19eKISS6Vhhjdm_6Fli88WTLPs6CtyJL2