Best Quality 712-50 Free Practice Questions 2021

NEW QUESTION 1
SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.
During initial investigation, the team suspects criminal activity but cannot initially prove or disprove illegal actions. What is the MOST critical aspect of the team’s activities?

• A. Regular communication of incident status to executives
• B. Eradication of malware and system restoration
• C. Determination of the attack source
• D. Preservation of information

Answer: D

NEW QUESTION 2
Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?

• A. National Institute of Standards and Technology (NIST) Special Publication 800-53
• B. Payment Card Industry Digital Security Standard (PCI DSS)
• C. International Organization for Standardization – ISO 27001/2
• D. British Standard 7799 (BS7799)

Answer: C

NEW QUESTION 3
Which of the following is the MAIN security concern for public cloud computing?

• A. Unable to control physical access to the servers
• B. Unable to track log on activity
• C. Unable to run anti-virus scans
• D. Unable to patch systems as needed

Answer: A

NEW QUESTION 4
The ultimate goal of an IT security projects is:

• A. Increase stock value
• B. Complete security
• C. Support business requirements
• D. Implement information security policies

Answer: C

NEW QUESTION 5
What role should the CISO play in properly scoping a PCI environment?

• A. Validate the business units’ suggestions as to what should be included in the scoping process
• B. Work with a Qualified Security Assessor (QSA) to determine the scope of the PCI environment
• C. Ensure internal scope validation is completed and that an assessment has been done to discover all credit card data
• D. Complete the self-assessment questionnaire and work with an Approved Scanning Vendor (ASV) to determine scope

Answer: C

NEW QUESTION 6
Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?

• A. Security officer
• B. Data owner
• C. Vulnerability engineer
• D. System administrator

Answer: D

NEW QUESTION 7
When creating contractual agreements and procurement processes why should security requirements be included?

• A. To make sure they are added on after the process is completed
• B. To make sure the costs of security is included and understood
• C. To make sure the security process aligns with the vendor’s security process
• D. To make sure the patching process is included with the costs

Answer: B

NEW QUESTION 8
Regulatory requirements typically force organizations to implement

• A. Mandatory controls
• B. Discretionary controls
• C. Optional controls
• D. Financial controls

Answer: A

NEW QUESTION 9
The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):

• A. Failed to identify all stakeholders and their needs
• B. Deployed the encryption solution in an inadequate manner
• C. Used 1024 bit encryption when 256 bit would have sufficed
• D. Used hardware encryption instead of software encryption

Answer: A

NEW QUESTION 10
As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.
1.Covering tracks 2.Scanning and enumeration 3.Maintaining Access 4.Reconnaissance
5.Gaining Access

• A. 4, 2, 5, 3, 1
• B. 2, 5, 3, 1, 4
• C. 4, 5, 2, 3, 1
• D. 4, 3, 5, 2, 1

Answer: A

NEW QUESTION 11
Which of the following information may be found in table top exercises for incident response?

• A. Security budget augmentation
• B. Process improvements
• C. Real-time to remediate
• D. Security control selection

Answer: B

NEW QUESTION 12
Which of the following is a benefit of a risk-based approach to audit planning?

• A. Resources are allocated to the areas of the highest concern
• B. Scheduling may be performed months in advance
• C. Budgets are more likely to be met by the IT audit staff
• D. Staff will be exposed to a variety of technologies

Answer: A

NEW QUESTION 13
Which of the following is a countermeasure to prevent unauthorized database access from web applications?

• A. Session encryption
• B. Removing all stored procedures
• C. Input sanitization
• D. Library control

Answer: C

NEW QUESTION 14
Creating a secondary authentication process for network access would be an example of?

• A. Nonlinearities in physical security performance metrics
• B. Defense in depth cost enumerated costs
• C. System hardening and patching requirements
• D. Anti-virus for mobile devices

Answer: A

NEW QUESTION 15
SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.
The CISO discovers the scalability issue will only impact a small number of network segments. What is the next logical step to ensure the proper application of risk management methodology within the two-facto implementation project?

• A. Create new use cases for operational use of the solution
• B. Determine if sufficient mitigating controls can be applied
• C. Decide to accept the risk on behalf of the impacted business units
• D. Report the deficiency to the audit team and create process exceptions

Answer: B

NEW QUESTION 16
You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don’t know what to do. What is the BEST approach to handle this situation?

• A. Tell the team to do their best and respond to each alert
• B. Tune the sensors to help reduce false positives so the team can react better
• C. Request additional resources to handle the workload
• D. Tell the team to only respond to the critical and high alerts

Answer: B

NEW QUESTION 17
A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected. Who must be informed of this incident?

• A. Internal audit
• B. The data owner
• C. All executive staff
• D. Government regulators

Answer: B

Explanation: Topic 2, IS Management Controls and Auditing Management