Get Full Version of the Exam
http://www.EnsurePass.com/712-50.html
Question No.101
Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?
-
Single loss expectancy multiplied by the annual rate of occurrence
-
Total loss expectancy multiplied by the total loss frequency
-
Value of the asset multiplied by the loss expectancy
-
Replacement cost multiplied by the single loss expectancy
Correct Answer: A
Question No.102
Creating a secondary authentication process for network access would be an example of?
-
An administrator with too much time on their hands.
-
Putting undue time commitment on the system administrator.
-
Supporting the concept of layered security
-
Network segmentation.
Correct Answer: C
Question No.103
The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?
-
Organization control
-
Procedural control
-
Management control
-
Technical control
Correct Answer: D
Question No.104
An information security department is required to remediate system vulnerabilities when they are discovered. Please select the three primary remediation methods that can be used on an affected system.
-
Install software patch, Operate system, Maintain system
-
Discover software, Remove affected software, Apply software patch
-
Install software patch, configuration adjustment, Software Removal
-
Software removal, install software patch, maintain system
Correct Answer: C
Question No.105
A new CISO just started with a company and on the CISO#39;s desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO#39;s FIRST priority?
-
Have internal audit conduct another audit to see what has changed.
-
Contract with an external audit company to conduct an unbiased audit
-
Review the recommendations and follow up to see if audit implemented the changes
-
Meet with audit team to determine a timeline for corrections
Correct Answer: C
Question No.106
To have accurate and effective information security policies how often should the CISO review the organization policies?
-
Every 6 months
-
Quarterly
-
Before an audit
-
At least once a year
Correct Answer: D
Question No.107
Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights. Which of the following would be the MOST concerning?
-
Lack of notification to the public of disclosure of confidential information.
-
Lack of periodic examination of access rights
-
Failure to notify police of an attempted intrusion
-
Lack of reporting of a successful denial of service attack on the network.
Correct Answer: A
Question No.108
Which of the following is a benefit of a risk-based approach to audit planning?
-
Resources are allocated to the areas of the highest concern
-
Scheduling may be performed months in advance
-
Budgets are more likely to be met by the IT audit staff
-
Staff will be exposed to a variety of technologies
Correct Answer: A
Question No.109
Which of the following are primary concerns for management with regard to assessing internal control objectives?
-
Confidentiality, Availability, Integrity
-
Compliance, Effectiveness, Efficiency
-
Communication, Reliability, Cost
-
Confidentiality, Compliance, Cost
Correct Answer: B
Question No.110
Which of the following illustrates an operational control process:
-
Classifying an information system as part of a risk assessment
-
Installing an appropriate fire suppression system in the data center
-
Conducting an audit of the configuration management process
-
Establishing procurement standards for cloud vendors
Correct Answer: B
Get Full Version of the Exam
712-50 Dumps
712-50 VCE and PDF