712-50 Practice Questions

A.  

Weekly program budget reviews to ensure the percentage of program funding remains constant.

B.  

Annual review of program charters, policies, procedures and organizational agreements.

C.  

Daily monitoring of vulnerability advisories relating to your organization’s deployed technologies.

D.  

Monthly program tests to ensure resource allocation is sufficient for supporting the needs of the organization

A.  

An Information Security audit standard

B.  

An audit guideline for certifying secure systems and controls

C.  

A framework for Information Technology management and governance

D.  

A set of international regulations for Information Technology governance

A.  

Immediately notify the board of directors of the organization as to the finding

B.  

Correct the classifications immediately based on the auditor’s knowledge of the proper classification

C.  

Document the missing classifications

D.  

Identify the owner of the asset and induce the owner to apply a proper classification

A.  

4, 2, 5, 3, 1

B.  

2, 5, 3, 1, 4

C.  

4, 5, 2, 3, 1

D.  

4, 3, 5, 2, 1

A.  

In-line hardware keyloggers don’t require physical access

B.  

In-line hardware keyloggers don’t comply to industry regulations

C.  

In-line hardware keyloggers are undetectable by software

D.  

In-line hardware keyloggers are relatively inexpensive

A.  

Chief Information Officer (CIO)

B.  

Data owner

C.  

Database engineer

D.  

Chief Information Security Officer (CISO)

A.  

Federal Enterprise Architecture

B.  

The Open Group Architecture Framework (TOGAF)

C.  

Zochman

D.  

Sherwood Applied Business Security Architecture

A.  

Configure hypervisors for maximum protection

B.  

Centrally manage assets and controls

C.  

Assign clusters of administrators

D.  

Distribute management by location

A.  

The percentage of earnings that are retained by the organization for reinvestment in the business

B.  

The details of expenses and revenue over a long period of time

C.  

A summarized statement of all assets and liabilities at a specific point in time

D.  

A review of regulations and requirements impacting the business from a financial perspective

A.  

The asset is more expensive than the remediation

B.  

The audit finding is incorrect

C.  

The asset being protected is less valuable than the remediation costs

D.  

The remediation costs are irrelevant; it must be implemented regardless of cost.

A.  

Annual number of help desk tickets with the word “security” in them

B.  

Total number of employees that reported unsuccessful social engineering attacks

C.  

Month-by-month percentages of employees that failed phishing tests

D.  

Number of alerts detected by the Security Operations Center

A.  

Simple and easy task because the threats are getting easier to find and correct.

B.  

Training requirement that is met through once every year user training.

C.  

Training requirement that is on-going and always changing.

D.  

Not needed because automation and anti-virus software has eliminated the threats.

A.  

A substantive test of program library controls

B.  

A compliance test of program library controls

C.  

A compliance test of the program compiler controls

D.  

A substantive test of the program compiler controls

A.  

Negative internal audit findings regarding security controls performance

B.  

Regulatory non-compliance resulting in fines and legal proceedings

C.  

Unmanaged security awareness guidelines

D.  

Increased security budgets due to discovered threats and vulnerabilities

A.  

Approving access to critical financial systems

B.  

Developing content for security awareness programs

C.  

Interviewing candidates for information security specialist positions

D.  

Vetting information security policies