712-50 Online Practice Questions and Answers

When managing an Information Security Program, which of the following is of MOST importance in order to influence the culture of an organization?

A. Compliance with local privacy regulations

B. An independent Governance, Risk and Compliance organization

C. Support Legal and HR teams

D. Alignment of security goals with business goals

A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

A. Ensuring developers include risk control comments in code

B. Creating risk assessment templates based on specific threats

C. Providing a risk program governance structure

D. Allowing for the acceptance of risk for regulatory compliance requirements

Which of the following tests is performed by an Information Systems (IS) auditor when a sample of programs is selected to determine if the source and object versions are the same?

A. Substantive test of program library controls

B. A compliance test of the program compiler controls

C. A compliance test of program library controls

D. A substantive test of the program compiler controls

Which of the following is a strong post designed to stop a car?

A. Fence

B. Bollard

C. Reinforced rebar

D. Gate

Which of the following can the company implement in order to avoid this type of security issue in the future?

A. Network based intrusion detection systems

B. An audit management process

C. A security training program for developers

D. A risk management process

During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

A. Identify and assess the risk assessment process used by management.

B. Identify and evaluate existing controls.

C. Identify information assets and the underlying systems.

D. Disclose the threats and impacts to management.

How often should an environment be monitored for cyber threats, risks, and exposures?

A. Weekly

B. Daily

C. Monthly

D. Quarterly

Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates. When multiple regulations or standards apply to your industry you should set controls to meet the___________________________.

A. Most complex standard

B. Recommendations of your Legal Staff

C. Easiest regulation or standard to implement

D. Stricter regulation or standard

A newly-hired CISO needs to understand the organization's financial management standards for business units and operations. Which of the following would be the best source of this information?

A. The internal accounting department

B. The Chief Financial Officer (CFO)

C. The external financial audit service

D. The managers of the accounts payables and accounts receivables teams

What is one key difference between Capital expenditures and Operating expenditures?

A. Operating expense cannot be written off while Capital expense can

B. Operating expenses can be depreciated over time and Capital expenses cannot

C. Capital expenses cannot include salaries and Operating expenses can

D. Capital expenditures allow for the cost to be depreciated over time and Operating does not

Which regulation or policy governs protection of personally identifiable user data gathered during a cyber investigation?

A. ITIL

B. Privacy Act

C. Sarbanes Oxley

D. PCI-DSS

An organization recently acquired a Data Loss Prevention (DLP) solution, and two months after the implementation, it was found that sensitive data was posted to numerous Dark Web sites. The DLP application was checked, and there are no apparent malfunctions and no errors.

What is the MOST likely reason why the sensitive data was posted?

A. The DLP Solution was not integrated with mobile device anti-malware

B. Data classification was not properly performed on the assets

C. The sensitive data was not encrypted while at rest

D. A risk assessment was not performed after purchasing the DLP solution

A cloud computing environment that is bound together by technology that allows data and applications to be shared between public and private clouds is BEST referred to as a?

A. Public cloud

B. Private cloud

C. Community cloud

D. Hybrid cloud

You are the CISO for an investment banking firm. The firm is using artificial intelligence (AI) to assist in approving clients for loans. Which control is MOST important to protect AI products?

A. Hash datasets

B. Sanitize datasets

C. Delete datasets

D. Encrypt datasets

You have been promoted to the CISO of a big-box retail store chain reporting to the Chief Information Officer (CIO). The CIO's first mandate to you is to develop a cybersecurity compliance framework that will meet all the store's compliance requirements.

Which of the following compliance standard is the MOST important to the organization?

A. The Federal Risk and Authorization Management Program (FedRAMP)

B. ISO 27002

C. NIST Cybersecurity Framework

D. Payment Card Industry (PCI) Data Security Standard (DSS)