Questions for the 512-50 were updated on : Oct 05 ,2024
Page 1 out of 27. Viewing questions 1-15 out of 404
Question 1
Credit card information, medical data, and government records are all examples of:
A. Confidential/Protected Information
B. Bodily Information
C. Territorial Information
D. Communications Information
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 2
The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:
A. Contacting the Internet Service Provider for an IP scope
B. Getting authority to operate the system from executive management
C. Changing the default passwords
D. Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 3
The single most important consideration to make when developing your security program, policies, and processes is:
A. Budgeting for unforeseen data compromises
B. Streamlining for efficiency
C. Alignment with the business
D. Establishing your authority as the Security Executive
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 4
An organization's Information Security Policy is of MOST importance because
A. it communicates management’s commitment to protecting information resources
B. it is formally acknowledged by all employees and vendors
C. it defines a process to meet compliance requirements
D. it establishes a framework to protect confidential information
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
Developing effective security controls is a balance between:
A. Risk Management and Operations
B. Corporate Culture and Job Expectations
C. Operations and Regulations
D. Technology and Vendor Management
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
The PRIMARY objective for information security program development should be:
A. Reducing the impact of the risk to the business.
B. Establishing strategic alignment with business continuity requirements
C. Establishing incident response programs.
D. Identifying and implementing the best security solutions.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 7
Which of the following should be determined while defining risk management strategies?
A. Organizational objectives and risk tolerance
B. Risk assessment criteria
C. IT architecture complexity
D. Enterprise disaster recovery plans
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
Who in the organization determines access to information?
A. Legal department
B. Compliance officer
C. Data Owner
D. Information security officer
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
Which of the following is a benefit of information security governance?
A. Questioning the trust in vendor relationships.
B. Increasing the risk of decisions based on incomplete management information.
C. Direct involvement of senior management in developing control processes
D. Reduction of the potential for civil and legal liability
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
Which of the following is the MOST important benefit of an effective security governance process?
A. Reduction of liability and overall risk to the organization
B. Better vendor management
C. Reduction of security breaches
D. Senior management participation in the incident response process
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 11
The FIRST step in establishing a security governance program is to?
A. Conduct a risk assessment.
B. Obtain senior level sponsorship.
C. Conduct a workshop for all end users.
D. Prepare a security budget.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 12
Which of the following has the GREATEST impact on the implementation of an information security governance model?
A. Organizational budget
B. Distance between physical locations
C. Number of employees
D. Complexity of organizational structure
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 13
From an information security perspective, information that no longer supports the main purpose of the business should be:
A. assessed by a business impact analysis.
B. protected under the information classification policy.
C. analyzed under the data ownership policy.
D. analyzed under the retention policy
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 14
When briefing senior management on the creation of a governance process, the MOST important aspect should be:
A. information security metrics.
B. knowledge required to analyze each issue.
C. baseline against which metrics are evaluated.
D. linkage to business area objectives.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
Which of the following most commonly falls within the scope of an information security governance steering committee?
A. Approving access to critical financial systems
B. Developing content for security awareness programs
C. Interviewing candidates for information security specialist positions