Tested 712-50 Braindumps 2021

NEW QUESTION 1
A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state. Which of the following security issues is the MOST likely reason leading to the audit findings?

• A. Lack of asset management processes
• B. Lack of change management processes
• C. Lack of hardening standards
• D. Lack of proper access controls

Answer: B

NEW QUESTION 2
An organization's Information Security Policy is of MOST importance because

• A. it communicates management’s commitment to protecting information resources
• B. it is formally acknowledged by all employees and vendors
• C. it defines a process to meet compliance requirements
• D. it establishes a framework to protect confidential information

Answer: A

NEW QUESTION 3
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When formulating the remediation plan, what is a required input?

• A. Board of directors
• B. Risk assessment
• C. Patching history
• D. Latest virus definitions file

Answer: B

NEW QUESTION 4
Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

• A. Senior Executives
• B. Office of the Auditor
• C. Office of the General Counsel
• D. All employees and users

Answer: A

NEW QUESTION 5
When should IT security project management be outsourced?

• A. When organizational resources are limited
• B. When the benefits of outsourcing outweigh the inherent risks of outsourcing
• C. On new, enterprise-wide security initiatives
• D. On projects not forecasted in the yearly budget

Answer: B

NEW QUESTION 6
You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.
Using the best business practices for project management you determine that the project correct aligns with the company goals. What needs to be verified FIRST?

• A. Scope of the project
• B. Training of the personnel on the project
• C. Timeline of the project milestones
• D. Vendor for the project

Answer: A

NEW QUESTION 7
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?

• A. Annually
• B. Semi-annually
• C. Quarterly
• D. Never

Answer: D

NEW QUESTION 8
You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.
Using the best business practices for project management you determine that the project correctly aligns with the company goals and the scope of the project is correct. What is the NEXT step?

• A. Review time schedules
• B. Verify budget
• C. Verify resources
• D. Verify constraints

Answer: C

NEW QUESTION 9
What is the BEST way to achieve on-going compliance monitoring in an organization?

• A. Only check compliance right before the auditors are scheduled to arrive onsite.
• B. Outsource compliance to a 3rd party vendor and let them manage the program.
• C. Have Compliance and Information Security partner to correct issues as they arise.
• D. Have Compliance direct Information Security to fix issues after the auditors report.

Answer: C

NEW QUESTION 10
Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”
What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?

• A. Cite compliance with laws, statutes, and regulations – explaining the financial implications for the company for non-compliance
• B. Understand the business and focus your efforts on enabling operations securely
• C. Draw from your experience and recount stories of how other companies have been compromised
• D. Cite corporate policy and insist on compliance with audit findings

Answer: B

NEW QUESTION 11
What is the first thing that needs to be completed in order to create a security program for your organization?

• A. Risk assessment
• B. Security program budget
• C. Business continuity plan
• D. Compliance and regulatory analysis

Answer: A

NEW QUESTION 12
The amount of risk an organization is willing to accept in pursuit of its mission is known as

• A. Risk mitigation
• B. Risk transfer
• C. Risk tolerance
• D. Risk acceptance

Answer: C

NEW QUESTION 13
A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims. Which of the following vendor provided documents is BEST to make your decision:

• A. Vendor’s client list of reputable organizations currently using their solution
• B. Vendor provided attestation of the detailed security controls from a reputable accounting firm
• C. Vendor provided reference from an existing reputable client detailing their implementation
• D. Vendor provided internal risk assessment and security control documentation

Answer: B

NEW QUESTION 14
The process to evaluate the technical and non-technical security controls of an IT system to validate that a given design and implementation meet a specific set of security requirements is called

• A. Security certification
• B. Security system analysis
• C. Security accreditation
• D. Alignment with business practices and goals.

Answer: A

NEW QUESTION 15
After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of

• A. Risk Tolerance
• B. Qualitative risk analysis
• C. Risk Appetite
• D. Quantitative risk analysis

Answer: D

NEW QUESTION 16
Knowing the potential financial loss an organization is willing to suffer if a system fails is a determination of which of the following?

• A. Cost benefit
• B. Risk appetite
• C. Business continuity
• D. Likelihood of impact

Answer: B

NEW QUESTION 17
Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?

• A. Upper management support
• B. More frequent project milestone meetings
• C. More training of staff members
• D. Involve internal audit

Answer: A