512-50 Online Practice Questions and Answers
A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?
A. Providing a risk program governance structure
B. Ensuring developers include risk control comments in code
C. Creating risk assessment templates based on specific threats
D. Allowing for the acceptance of risk for regulatory compliance requirements
Which of the following intellectual Property components is focused on maintaining brand recognition?
A. Trademark
B. Patent
C. Research Logs
D. Copyright
Which of the following is MOST likely to be discretionary?
A. Policies
B. Procedures
C. Guidelines
D. Standards
Information security policies should be reviewed:
A. by stakeholders at least annually
B. by the CISO when new systems are brought online
C. by the Incident Response team after an audit
D. by internal audit semiannually
Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?
A. Use within an organization to formulate security requirements and objectives
B. Implementation of business-enabling information security
C. Use within an organization to ensure compliance with laws and regulations
D. To enable organizations that adopt it to obtain certifications
Which of the following is a fundamental component of an audit record?
A. Date and time of the event
B. Failure of the event
C. Originating IP-Address
D. Authentication type
The amount of risk an organization is willing to accept in pursuit of its mission is known as
A. Risk mitigation
B. Risk transfer
C. Risk tolerance
D. Risk acceptance
A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?
A. Alignment with the business
B. Effective use of existing technologies
C. Leveraging existing implementations
D. Proper budget management
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?
A. Annually
B. Semi-annually
C. Quarterly
D. Never
What is the primary reason for performing vendor management?
A. To understand the risk coverage that are being mitigated by the vendor
B. To establish a vendor selection process
C. To document the relationship between the company and the vendor
D. To define the partnership for long-term success