712-50 Free Practice Test

- (Exam Topic 1)
When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?

1. A. How many credit card records are stored?
2. B. How many servers do you have?
3. C. What is the scope of the certification?
4. D. What is the value of the assets at risk?

Correct Answer: C

- (Exam Topic 6)
The primary responsibility for assigning entitlements to a network share lies with which role?

1. A. CISO
2. B. Data owner
3. C. Chief Information Officer (CIO)
4. D. Security system administrator

Correct Answer: B
Reference: https://resources.infosecinstitute.com/certification/data-and-system-ownership/

- (Exam Topic 1)
A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization’s large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

1. A. Scan a representative sample of systems
2. B. Perform the scans only during off-business hours
3. C. Decrease the vulnerabilities within the scan tool settings
4. D. Filter the scan output so only pertinent data is analyzed

Correct Answer: A

- (Exam Topic 6)
To make sure that the actions of all employees, applications, and systems follow the organization’s rules and regulations can BEST be described as which of the following?

1. A. Compliance management
2. B. Asset management
3. C. Risk management
4. D. Security management

Correct Answer: D
Reference: https://www.eccouncil.org/information-security-management/

- (Exam Topic 3)
A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the following is a foundational requirement in order to initiate this type of program?

1. A. A security organization that is adequately staffed to apply required mitigation strategies and regulatory compliance solutions
2. B. A clear set of security policies and procedures that are more concept-based than controls-based
3. C. A complete inventory of Information Technology assets including infrastructure, networks, applications and data
4. D. A clearly identified executive sponsor who will champion the effort to ensure organizational buy-in

Correct Answer: D