712-50 Online Practice Questions and Answers

A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units.

Which of the following standards and guidelines can BEST address this organization's need?

A. International Organization for Standardizations ?22301 (ISO-22301)

B. Information Technology Infrastructure Library (ITIL)

C. Payment Card Industry Data Security Standards (PCI-DSS)

D. International Organization for Standardizations ?27005 (ISO-27005)

The patching and monitoring of systems on a consistent schedule is required by?

A. Industry best practices

B. Audit best practices

C. Risk Management framework

D. Local privacy laws

When updating the security strategic planning document what two items must be included?

A. Alignment with the business goals and the vision of the CIO

B. The risk tolerance of the company and the company mission statement

C. The alignment with the business goals and the risk tolerance

D. The executive summary and vision of the board of directors

What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?

A. Conduct a Disaster Recovery (DR) exercise every year to test the plan

B. Conduct periodic tabletop exercises to refine the BC plan

C. Test every three years to ensure that the BC plan is valid

D. Define the Recovery Point Objective (RPO)

The BEST organization to provide a comprehensive, independent and certifiable perspective on established security controls in an environment is _______________.

A. External Audit

B. Forensic experts

C. Internal Audit

D. Penetration testers

Which of the following is considered to be an IT governance framework and a supporting toolset that allows for managers to bridge the gap between control requirements, technical issues, and business risks?

A. Information technology Infrastructure Library (ITIL)

B. Committee of Sponsoring Organizations (COSO)

C. Control Objective for Information Technology (COBIT)

D. Payment Card Industry (PCI)

A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state.

Which of the following security issues is the MOST likely reason leading to the audit findings?

A. Lack of asset management processes

B. Lack of hardening standards

C. Lack of proper access controls

D. Lack of change management processes

To get an Information Security project back on schedule, which of the following will provide the MOST help?

A. Upper management support

B. More frequent project milestone meetings

C. Stakeholder support

D. None

E. Extend work hours

Scenario: You are the CISO and are required to brief the C-level executive team on your information security audit for the year. During your review of the audit findings, you discover that many of the controls that were put in place the previous year to correct some of the findings are not performing as needed. You have thirty days until the briefing.

To formulate a remediation plan for the non-performing controls what other document do you need to review before adjusting the controls?

A. Business continuity plan

B. Security roadmap

C. Business impact analysis

D. Annual report to shareholders

Which of the following best describes an access control process that confirms the identity of the entity seeking access to a logical or physical area?

A. Identification

B. Authorization

C. Authentication

D. Accountability