712-50 exam

An organization is looking for a framework to measure the efficiency and effectiveness of their Information Security Management System. Which of the following international standards can BEST assist this organization?A . Payment Card Industry Data Security Standards (PCI-DSS)B . International Organization for Standardizations C 27005 (ISO-27005)C . International Organization for...

When managing the security architecture for your company you must consider:A . BudgetB . Security and IT Staff sizeC . Company valuesD . All of the aboveView AnswerAnswer: D

You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than theA . Relative likelihood of eventB . Controlled mitigation effortC . Risk impact comparisonD . Comparative threat analysisView AnswerAnswer: A

What is a difference from the list below between quantitative and qualitative Risk Assessment?A . Quantitative risk assessments result in an exact number (in monetary terms)B . Quantitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green)C . Qualitative risk assessments map to business objectivesD ....

An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?A . Consumer right disclosureB . Data breach disclosureC . Special circumstance disclosureD . Security incident disclosureView AnswerAnswer:...

An organization’s firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?A . A high threat...

Which of the following is a benefit of information security governance?A . Direct involvement of senior management in developing control processesB . Reduction of the potential for civil and legal liabilityC . Questioning the trust in vendor relationshipsD . Increasing the risk of decisions based on incomplete management informationView AnswerAnswer:...

An organization's Information Security Policy is of MOST importance because_____________.A . It defines a process to meet compliance requirementsB . It establishes a framework to protect confidential informationC . It communicates management’s commitment to protecting information resourcesD . It is formally acknowledged by all employees and vendorsView AnswerAnswer: C

A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?A . Information Technology Infrastructure Library (ITIL)B . National Institute for Standards and technology (NIST) standardC . International Organization for Standardization (ISO) standardsD...

Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?A . Value of the asset multiplied by the loss expectancyB . Replacement cost multiplied by the single loss expectancyC . Single loss expectancy multiplied by the annual rate of occurrenceD . Total loss expectancy multiplied by the...