Get Full Version of the Exam
http://www.EnsurePass.com/712-50.html
Question No.211
When selecting a security solution with reoccurring maintenance costs after the first year (choose the BEST answer):
-
The CISO should cut other essential programs to ensure the new solution#39;s continued use
-
Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution#39;s continued use
-
Defer selection until the market improves and cash flow is positive
-
Implement the solution and ask for the increased operating cost budget when it is time
Correct Answer: B
Question No.212
What oversight should the information security team have in the change management process for application security?
-
Information security should be informed of changes to applications only
-
Development team should tell the information security team about any application security flaws
-
Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production
-
Information security should be aware of all application changes and work with developers before changes are deployed in production
Correct Answer: C
Question No.213
A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:
-
Change management
-
Business continuity planning
-
Security Incident Response
-
Thought leadership
Correct Answer: C
Question No.214
Which of the following are not stakeholders of IT security projects?
-
Board of directors
-
Third party vendors
-
CISO
-
Help Desk
Correct Answer: B
Question No.215
Which of the following is MOST beneficial in determining an appropriate balance between
uncontrolled innovation and excessive caution in an organization?
-
Define the risk appetite
-
Determine budget constraints
-
Review project charters
-
Collaborate security projects
Correct Answer: A
Question No.216
Which of the following methodologies references the recommended industry standard that Information security project managers should follow?
-
The Security Systems Development Life Cycle
-
The Security Project And Management Methodology
-
Project Management System Methodology
-
Project Management Body of Knowledge
Correct Answer: D
Question No.217
Which of the following is considered a project versus a managed process?
-
monitoring external and internal environment during incident response
-
ongoing risk assessments of routine operations
-
continuous vulnerability assessment and vulnerability repair
-
installation of a new firewall system
Correct Answer: D
Question No.218
Which of the following information may be found in table top exercises for incident response?
-
Security budget augmentation
-
Process improvements
-
Real-time to remediate
-
Security control selection
Correct Answer: B
Question No.219
The organization does not have the time to remediate the vulnerability; however it is critical to release the application. Which of the following needs to be further evaluated to help mitigate the risks?
-
Provide developer security training
-
Deploy Intrusion Detection Systems
-
Provide security testing tools
-
Implement Compensating Controls
Correct Answer: D
Question No.220
How often should the SSAE16 report of your vendors be reviewed?
-
Quarterly
-
Semi-annually
-
Annually
-
Bi-annually
Correct Answer: C
Get Full Version of the Exam
712-50 Dumps
712-50 VCE and PDF