712-50 Free Practice Test

- (Topic 1)
What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?

1. A. Test every three years to ensure that things work as planned
2. B. Conduct periodic tabletop exercises to refine the BC plan
3. C. Outsource the creation and execution of the BC plan to a third party vendor
4. D. Conduct a Disaster Recovery (DR) exercise every year to test the plan

Correct Answer: B

- (Topic 5)
Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?

1. A. National Institute of Standards and Technology (NIST) Special Publication 800-53
2. B. Payment Card Industry Digital Security Standard (PCI DSS)
3. C. International Organization for Standardization – ISO 27001/2
4. D. British Standard 7799 (BS7799)

Correct Answer: C

- (Topic 2)
Which of the following is a benefit of a risk-based approach to audit planning?

1. A. Resources are allocated to the areas of the highest concern
2. B. Scheduling may be performed months in advance
3. C. Budgets are more likely to be met by the IT audit staff
4. D. Staff will be exposed to a variety of technologies

Correct Answer: A

- (Topic 2)
In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?

1. A. Internal Audit
2. B. Database Administration
3. C. Information Security
4. D. Compliance

Correct Answer: C

- (Topic 5)
Your company has limited resources to spend on security initiatives. The Chief Financial Officer asks you to prioritize the protection of information resources based on their value to the company. It is essential that you be able to communicate in language that your fellow executives will understand. You should:

1. A. Create timelines for mitigation
2. B. Develop a cost-benefit analysis
3. C. Calculate annual loss expectancy
4. D. Create a detailed technical executive summary

Correct Answer: B