
Ultimate Guide to the 712-50 - Latest Oct 29, 2021 Edition Available Now
2021 Updated Verified Pass 712-50 Exam - Real Questions & Answers
What is the duration of the 712-50 Exam
- Number of Questions: 150
- Length of Examination: 2.5 hours
- Passing Score: 70%
- Format: Multiple choices, multiple answers
NEW QUESTION 14
Which is the BEST solution to monitor, measure, and report changes to critical data in a system?
- A. Application logs
- B. File integrity monitoring
- C. Syslog
- D. SNMP traps
Answer: B
NEW QUESTION 15
What are the primary reasons for the development of a business case for a security project?
- A. To estimate risk and negate liability to the company
- B. To understand the attack vectors and attack sources
- C. To forecast usage and cost per software licensing
- D. To communicate risk and forecast resource needs
Answer: D
NEW QUESTION 16
A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units. Which of the following standards and guidelines can BEST address this organization's need?
- A. Payment Card Industry Data Security Standards (PCI-DSS)
- B. International Organization for Standardizations - 27005 (ISO-27005)
- C. International Organization for Standardizations - 22301 (ISO-22301)
- D. Information Technology Infrastructure Library (ITIL)
Answer: C
NEW QUESTION 17
Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?
- A. Firewall, anti-virus console, IDS, syslog
- B. Servers, routers, switches, modem
- C. IDS, syslog, router, switches
- D. Firewall, exchange, web server, intrusion detection system (IDS)
Answer: A
Explanation:
Explanation
NEW QUESTION 18
As a CISO you need to understand the steps that are used to perform an attack against a network.
Put each step into the correct order.
1.Covering tracks
2.Scanning and enumeration
3.Maintaining Access
4.Reconnaissance
5.Gaining Access
- A. 4, 5, 2, 3, 1
- B. 4, 2, 5, 3, 1
- C. 4, 3, 5, 2, 1
- D. 2, 5, 3, 1, 4
Answer: B
NEW QUESTION 19
Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Your Corporate Information Security Policy should include which of the following?
- A. Roles and responsibilities
- B. Incident response contacts
- C. Desktop configuration standards
- D. Information security theory
Answer: A
NEW QUESTION 20
An anonymity network is a series of?
- A. Virtual network tunnels
- B. Covert government networks
- C. War driving maps
- D. Government networks in Tora
Answer: A
NEW QUESTION 21
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
- A. Explain to the IT group that this is a business need and the IPS will fail open however, if there is a network failure the CISO will accept responsibility
- B. Explain to the IT group that the IPS won't cause any network impact because it will fail open
- C. Explain to the IT group that the IPS will fail open once in-line however it will be deployed in monitor mode for a set period of time to ensure that it doesn't block any legitimate traffic
- D. Work with the IT group and tell them to put IPS in-line and say it won't cause any network impact
Answer: C
NEW QUESTION 22
As the Chief Information Security Officer, you are performing an assessment of security posture to understand what your Defense-in-Depth capabilities are. Which network security technology examines network traffic flows to detect and actively stop vulnerability exploits and attacks?
- A. Gigamon
- B. Port Security
- C. Anti-virus
- D. Intrusion Prevention System
Answer: D
Explanation:
Explanation/Reference: https://searchsecurity.techtarget.com/definition/intrusion-prevention
NEW QUESTION 23
An organization information security policy serves to___________________.
- A. establish budgetary input in order to meet compliance requirements
- B. establish acceptable systems and user behavior
- C. define relationship with external law enforcement agencies
- D. define security configurations for systems
Answer: B
NEW QUESTION 24
A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state.
Which of the following security issues is the MOST likely reason leading to the audit findings?
- A. lack of change management processes
- B. Lack of hardening standards
- C. Lack of proper access controls
- D. Lack of asset management processes
Answer: A
NEW QUESTION 25
Which represents PROPER separation of duties in the corporate environment?
- A. Information Security and Identity Access Management teams perform two distinct functions
- B. Finance has access to Human Resources data
- C. Developers and Network teams both have admin rights on servers
- D. Information Security and Network teams perform two distinct functions
Answer: D
Explanation:
Explanation/Reference:
NEW QUESTION 26
What are the three hierarchically related aspects of strategic planning and in which order should they be done?
- A. 1) Enterprise strategic planning, 2) Information technology strategic planning, 3) Cybersecurity or information security strategic planning
- B. 1) Enterprise strategic planning, 2) Cybersecurity or information security strategic planning, 3) Information technology strategic planning
- C. 1) Cybersecurity or information security strategic planning, 2) Enterprise strategic planning, 3) Information technology strategic planning
- D. 1) Information technology strategic planning, 2) Enterprise strategic planning, 3) Cybersecurity or information security strategic planning
Answer: B
NEW QUESTION 27
When deploying an Intrusion Prevention System (IPS), the BEST way to get maximum protection from the system is to deploy it___________
- A. In-line and turn on alert mode to stop malicious traffic.
- B. In promiscuous mode and block malicious traffic.
- C. In promiscuous mode and only detect malicious traffic.
- D. In-line and turn on blocking mode to stop malicious traffic in-line.
Answer: D
NEW QUESTION 28
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?
- A. A substantive test of program library controls
- B. A compliance test of the program compiler controls
- C. A substantive test of the program compiler controls
- D. A compliance test of program library controls
Answer: D
NEW QUESTION 29
Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?
- A. All vulnerabilities that impact important production servers
- B. All vulnerabilities found on servers and desktops
- C. Only critical and high vulnerabilities that impact important production servers
- D. Only critical and high vulnerabilities on servers and desktops
Answer: C
NEW QUESTION 30
Which of the following functions evaluates patches used to close software vulnerabilities and perform validation of new systems to assure compliance with security?
- A. System testing
- B. System security administration
- C. Risk management
- D. Incident response
Answer: A
NEW QUESTION 31
Which of the following best describes revenue?
- A. The economic benefit derived by operating a business
- B. The sum value of all assets and cash flow into the business
- C. The true profit-making potential of an organization
- D. Non-operating financial liabilities minus expenses
Answer: A
NEW QUESTION 32
An information security department is required to remediate system vulnerabilities when they are discovered. Please select the three primary remediation methods that can be used on an affected system.
- A. Discover software, Remove affected software, Apply software patch
- B. Install software patch, Operate system, Maintain system
- C. Install software patch, configuration adjustment, Software Removal
- D. Software removal, install software patch, maintain system
Answer: C
NEW QUESTION 33
Creating a secondary authentication process for network access would be an example of?
- A. Nonlinearities in physical security performance metrics
- B. System hardening and patching requirements
- C. Defense in depth cost enumerated costs
- D. Anti-virus for mobile devices
Answer: A
NEW QUESTION 34
Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.
Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?
- A. British Standard 7799 (BS7799)
- B. International Organization for Standardization - ISO 27001/2
- C. Payment Card Industry Digital Security Standard (PCI DSS)
- D. National Institute of Standards and Technology (NIST) Special Publication 800-53
Answer: B
NEW QUESTION 35
Which of the following is the BEST indicator of a successful project?
- A. the deliverables are accepted by the key stakeholders
- B. it comes in at or below the expenditures planned for in the baseline budget
- C. it meets most of the specifications as outlined in the approved project definition
- D. it is completed on time or early as compared to the baseline project plan
Answer: A
NEW QUESTION 36
What role should the CISO play in properly scoping a PCI environment?
- A. Validate the business units' suggestions as to what should be included in the scoping process
- B. Ensure internal scope validation is completed and that an assessment has been done to discover all credit card data
- C. Complete the self-assessment questionnaire and work with an Approved Scanning Vendor (ASV) to determine scope
- D. Work with a Qualified Security Assessor (QSA) to determine the scope of the PCI environment
Answer: B
NEW QUESTION 37
When you develop your audit remediation plan what is the MOST important criteria?
- A. To remediate half of the findings before the next audit.
- B. To validate that the cost of the remediation is less than the risk of the finding.
- C. To remediate all of the findings before the next audit.
- D. To validate the remediation process with the auditor.
Answer: B
NEW QUESTION 38
......
Who Can Aim at It?
Speaking of job profiles associated with this certificate, specialists working as auditors, security officers, site administrators, and security experts can aim at the CCISO for further career enhancement.
Dumps Moneyack Guarantee - 712-50 Dumps Approved Dumps: https://www.fast2test.com/712-50-premium-file.html
Verified 712-50 Exam Dumps PDF [2021] Access using Fast2test: https://drive.google.com/open?id=1JrAAY6Ma4WfWE89kETDKOdXK6cocKX96