712-50 Free Practice Test

- (Exam Topic 5)
File Integrity Monitoring (FIM) is considered a

1. A. Network based security preventative control
2. B. Software segmentation control
3. C. Security detective control
4. D. User segmentation control

Correct Answer: C

- (Exam Topic 1)
An organization's Information Security Policy is of MOST importance because

1. A. it communicates management’s commitment to protecting information resources
2. B. it is formally acknowledged by all employees and vendors
3. C. it defines a process to meet compliance requirements
4. D. it establishes a framework to protect confidential information

Correct Answer: A

- (Exam Topic 1)
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?

1. A. The organization uses exclusively a quantitative process to measure risk
2. B. The organization uses exclusively a qualitative process to measure risk
3. C. The organization’s risk tolerance is high
4. D. The organization’s risk tolerance is lo

Correct Answer: C

- (Exam Topic 2)
Which of the following organizations is typically in charge of validating the implementation and effectiveness of security controls?

1. A. Security Administrators
2. B. Internal/External Audit
3. C. Risk Management
4. D. Security Operations

Correct Answer: B

- (Exam Topic 3)
A person in your security team calls you at night and informs you that one of your web applications is potentially under attack from a cross-site scripting vulnerability. What do you do?

1. A. tell him to shut down the server
2. B. tell him to call the police
3. C. tell him to invoke the incident response process
4. D. tell him to analyze the problem, preserve the evidence and provide a full analysis and report

Correct Answer: C