Real 712-50 Exam Questions 2021

NEW QUESTION 1
An anonymity network is a series of?

• A. Covert government networks
• B. War driving maps
• C. Government networks in Tora
• D. Virtual network tunnels

Answer: D

NEW QUESTION 2
The mean time to patch, number of virus outbreaks prevented, and number of vulnerabilities mitigated are examples of what type of performance metrics?

• A. Risk metrics
• B. Management metrics
• C. Operational metrics
• D. Compliance metrics

Answer: C

Explanation: Topic 3, Management – Projects and Operations (Projects, Technology & Operations)

NEW QUESTION 3
You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?

• A. Execute
• B. Read
• C. Administrator
• D. Public

Answer: D

NEW QUESTION 4
Step-by-step procedures to regain normalcy in the event of a major earthquake is PRIMARILY covered by which of the following plans?

• A. Incident response plan
• B. Business Continuity plan
• C. Disaster recovery plan
• D. Damage control plan

Answer: C

NEW QUESTION 5
Which of the following functions implements and oversees the use of controls to reduce risk when creating an information security program?

• A. Risk Assessment
• B. Incident Response
• C. Risk Management
• D. Network Security administration

Answer: C

NEW QUESTION 6
Which wireless encryption technology makes use of temporal keys?

• A. Wireless Application Protocol (WAP)
• B. Wifi Protected Access version 2 (WPA2)
• C. Wireless Equivalence Protocol (WEP)
• D. Extensible Authentication Protocol (EAP)

Answer: B

NEW QUESTION 7
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?

• A. Get approval from the board of directors
• B. Screen potential vendor solutions
• C. Verify that the cost of mitigation is less than the risk
• D. Create a risk metrics for all unmitigated risks

Answer: C

NEW QUESTION 8
Which of the following can the company implement in order to avoid this type of security issue in the future?

• A. Network based intrusion detection systems
• B. A security training program for developers
• C. A risk management process
• D. A audit management process

Answer: B

NEW QUESTION 9
An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security

• A. Procedural control
• B. Management control
• C. Technical control
• D. Administrative control

Answer: B

NEW QUESTION 10
An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?

• A. Management Control
• B. Technical Control
• C. Training Control
• D. Operational Control

Answer: D

NEW QUESTION 11
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

• A. ISO 27001
• B. PRINCE2
• C. ISO 27004
• D. ITILv3

Answer: C

NEW QUESTION 12
When analyzing and forecasting an operating expense budget what are not included?

• A. Software and hardware license fees
• B. Utilities and power costs
• C. Network connectivity costs
• D. New datacenter to operate from

Answer: D

NEW QUESTION 13
An organization has a stated requirement to block certain traffic on networks. The
implementation of controls will disrupt a manufacturing process and cause unacceptable delays, resulting in sever revenue disruptions. Which of the following is MOST likely to be responsible for accepting the risk until mitigating controls can be implemented?

• A. The CISO
• B. Audit and Compliance
• C. The CFO
• D. The business owner

Answer: D

NEW QUESTION 14
Risk appetite directly affects what part of a vulnerability management program?

• A. Staff
• B. Scope
• C. Schedule
• D. Scan tools

Answer: B

NEW QUESTION 15
A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?

• A. Poor audit support for the security program
• B. A lack of executive presence within the security program
• C. Poor alignment of the security program to business needs
• D. This is normal since business units typically resist security requirements

Answer: C

NEW QUESTION 16
Annual Loss Expectancy is derived from the function of which two factors?

• A. Annual Rate of Occurrence and Asset Value
• B. Single Loss Expectancy and Exposure Factor
• C. Safeguard Value and Annual Rate of Occurrence
• D. Annual Rate of Occurrence and Single Loss Expectancy

Answer: D

NEW QUESTION 17
Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

• A. Containment
• B. Recovery
• C. Identification
• D. Eradication

Answer: D