712-50 Free Practice Test

- (Exam Topic 1)
When choosing a risk mitigation method what is the MOST important factor?

1. A. Approval from the board of directors
2. B. Cost of the mitigation is less than the risk
3. C. Metrics of mitigation method success
4. D. Mitigation method complies with PCI regulations

Correct Answer: B

- (Exam Topic 1)
Quantitative Risk Assessments have the following advantages over qualitative risk assessments:

1. A. They are objective and can express risk / cost in real numbers
2. B. They are subjective and can be completed more quickly
3. C. They are objective and express risk / cost in approximates
4. D. They are subjective and can express risk /cost in real numbers

Correct Answer: A

- (Exam Topic 5)
If a competitor wants to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prepare someone to pass the interview, have that person hired, and they will be in the organization. How would you prevent such type of attacks?

1. A. Conduct thorough background checks before you engage them
2. B. Hire the people through third-party job agencies who will vet them for you
3. C. Investigate their social networking profiles
4. D. It is impossible to block these attacks

Correct Answer: A

- (Exam Topic 2)
Control Objectives for Information and Related Technology (COBIT) is which of the following?

1. A. An Information Security audit standard
2. B. An audit guideline for certifying secure systems and controls
3. C. A framework for Information Technology management and governance
4. D. A set of international regulations for Information Technology governance

Correct Answer: C

- (Exam Topic 5)
Scenario: You are the CISO and are required to brief the C-level executive team on your information security audit for the year. During your review of the audit findings you discover that many of the controls that were put in place the previous year to correct some of the findings are not performing as needed. You have thirty days until the briefing.
To formulate a remediation plan for the non-performing controls what other document do you need to review before adjusting the controls?

1. A. Business Impact Analysis
2. B. Business Continuity plan
3. C. Security roadmap
4. D. Annual report to shareholders

Correct Answer: A