712-50 Free Practice Test

- (Exam Topic 5)
SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?

1. A. Validate the effectiveness of current controls
2. B. Create detailed remediation funding and staffing plans
3. C. Report the audit findings and remediation status to business stake holders
4. D. Review security procedures to determine if they need modified according to findings

Correct Answer: C

- (Exam Topic 5)
Which of the following information would MOST likely be reported at the board-level within an organization?

1. A. System scanning trends and results as they pertain to insider and external threat sources
2. B. The capabilities of a security program in terms of staffing support
3. C. Significant risks and security incidents that have been discovered since the last assembly of the membership
4. D. The numbers and types of cyberattacks experienced by the organization since the last assembly of the membership

Correct Answer: C

- (Exam Topic 3)
Your company has a “no right to privacy” notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee’s email account. What should you do? (choose the BEST answer):

1. A. Grant her access, the employee has been adequately warned through the AUP.
2. B. Assist her with the request, but only after her supervisor signs off on the action.
3. C. Reset the employee’s password and give it to the supervisor.
4. D. Deny the request citing national privacy laws.

Correct Answer: B

- (Exam Topic 3)
An example of professional unethical behavior is:

1. A. Gaining access to an affiliated employee’s work email account as part of an officially sanctionedinternal investigation
2. B. Sharing copyrighted material with other members of a professional organization where all members have legitimate access to the material
3. C. Copying documents from an employer’s server which you assert that you have an intellectual property claim to possess, but the company disputes
4. D. Storing client lists and other sensitive corporate internal documents on a removable thumb drive

Correct Answer: C

- (Exam Topic 5)
Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.
You have decided to deal with risk to information from people first. How can you minimize risk to your most sensitive information before granting access?

1. A. Conduct background checks on individuals before hiring them
2. B. Develop an Information Security Awareness program
3. C. Monitor employee browsing and surfing habits
4. D. Set your firewall permissions aggressively and monitor logs regularly.

Correct Answer: A