712-50 Free Practice Test

- (Topic 5)
Scenario: Your company has many encrypted telecommunications links for their world-wide operations. Physically distributing symmetric keys to all locations has proven to be administratively burdensome, but symmetric keys are preferred to other alternatives.
Symmetric encryption in general is preferable to asymmetric encryption when:

1. A. The number of unique communication links is large
2. B. The volume of data being transmitted is small
3. C. The speed of the encryption / deciphering process is essential
4. D. The distance to the end node is farthest away

Correct Answer: C

- (Topic 1)
A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization’s large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

1. A. Scan a representative sample of systems
2. B. Perform the scans only during off-business hours
3. C. Decrease the vulnerabilities within the scan tool settings
4. D. Filter the scan output so only pertinent data is analyzed

Correct Answer: A

- (Topic 4)
The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

1. A. Well established and defined digital forensics process
2. B. Establishing Enterprise-owned Botnets for preemptive attacks
3. C. Be able to retaliate under the framework of Active Defense
4. D. Collaboration with law enforcement

Correct Answer: A

- (Topic 5)
SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.
The CISO is unsure of the information provided and orders a vendor proof of concept to validate the system’s scalability. This demonstrates which of the following?

1. A. An approach that allows for minimum budget impact if the solution is unsuitable
2. B. A methodology-based approach to ensure authentication mechanism functions
3. C. An approach providing minimum time impact to the implementation schedules
4. D. A risk-based approach to determine if the solution is suitable for investment

Correct Answer: D

- (Topic 5)
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization. From an organizational perspective, which of the following is the LIKELY reason for this?

1. A. The CISO does not report directly to the CEO of the organization
2. B. The CISO reports to the IT organization
3. C. The CISO has not implemented a policy management framework
4. D. The CISO has not implemented a security awareness program

Correct Answer: B