Free 712-50 Exam Braindumps

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?

  1. Lack of a formal security awareness program
  2. Lack of a formal security policy governance process
  3. Lack of formal definition of roles and responsibilities
  4. Lack of a formal risk management policy

Answer(s): B

Which of the following is MOST likely to be discretionary?

  1. Policies
  2. Procedures
  3. Guidelines
  4. Standards

Answer(s): C

Which of the following has the GREATEST impact on the implementation of an information security governance model?

  1. Organizational budget
  2. Distance between physical locations
  3. Number of employees
  4. Complexity of organizational structure

Answer(s): D

Regulatory requirements typically force organizations to implement

  1. Mandatory controls
  2. Discretionary controls
  3. Optional controls
  4. Financial controls

Answer(s): A

The FIRST step in establishing a security governance program is to?

  1. Conduct a risk assessment.
  2. Obtain senior level sponsorship.
  3. Conduct a workshop for all end users.
  4. Prepare a security budget.

Answer(s): B

A method to transfer risk is to:

  1. Implement redundancy
  2. move operations to another region
  3. purchase breach insurance
  4. Alignment with business operations

Answer(s): C

One of the MAIN goals of a Business Continuity Plan is to

  1. Ensure all infrastructure and applications are available in the event of a disaster
  2. Allow all technical first-responders to understand their roles in the event of a disaster
  3. Provide step by step plans to recover business processes in the event of a disaster
  4. Assign responsibilities to the technical teams responsible for the recovery of all data.

Answer(s): C

When dealing with a risk management process, asset classification is important because it will impact the overall:

  1. Threat identification
  2. Risk monitoring
  3. Risk treatment
  4. Risk tolerance

Answer(s): C

According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?

  1. Susceptibility to attack, mitigation response time, and cost
  2. Attack vectors, controls cost, and investigation staffing needs
  3. Vulnerability exploitation, attack recovery, and mean time to repair
  4. Susceptibility to attack, expected duration of attack, and mitigation availability

Answer(s): A

If your organization operates under a model of "assumption of breach", you should:

  1. Protect all information resource assets equally
  2. Establish active firewall monitoring protocols
  3. Purchase insurance for your compliance liability
  4. Focus your security efforts on high value assets

Answer(s): C

Get The Premium Version
 Test Questions PDF from

 Test Questions PDF from