712-50 Free Practice Test

- (Topic 3)
A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims. Which of the following vendor provided documents is BEST to make your decision:

1. A. Vendor’s client list of reputable organizations currently using their solution
2. B. Vendor provided attestation of the detailed security controls from a reputable accounting firm
3. C. Vendor provided reference from an existing reputable client detailing their implementation
4. D. Vendor provided internal risk assessment and security control documentation

Correct Answer: B

- (Topic 1)
A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?

1. A. Enforce the existing security standards and do not allow the deployment of the new technology.
2. B. Amend the standard to permit the deployment.
3. C. If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.
4. D. Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.

Correct Answer: C

- (Topic 5)
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
When formulating the remediation plan, what is a required input?

1. A. Board of directors
2. B. Risk assessment
3. C. Patching history
4. D. Latest virus definitions file

Correct Answer: B

- (Topic 1)
Quantitative Risk Assessments have the following advantages over qualitative risk assessments:

1. A. They are objective and can express risk / cost in real numbers
2. B. They are subjective and can be completed more quickly
3. C. They are objective and express risk / cost in approximates
4. D. They are subjective and can express risk /cost in real numbers

Correct Answer: A

- (Topic 1)
An organization’s firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?

1. A. A high threat environment
2. B. A low risk tolerance environment
3. C. I low vulnerability environment
4. D. A high risk tolerance environment

Correct Answer: D