Get Full Version of the Exam
http://www.EnsurePass.com/712-50.html
Question No.221
The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):
-
Failed to identify all stakeholders and their needs
-
Deployed the encryption solution in an inadequate manner
-
Used 1024 bit encryption when 256 bit would have sufficed
-
Used hardware encryption instead of software encryption
Correct Answer: A
Question No.222
Which business stakeholder is accountable for the integrity of a new information system?
-
CISO
-
Compliance Officer
-
Project manager
-
Board of directors
Correct Answer: A
Question No.223
When should IT security project management be outsourced?
-
When organizational resources are limited
-
When the benefits of outsourcing outweigh the inherent risks of outsourcing
-
On new, enterprise-wide security initiatives
-
On projects not forecasted in the yearly budget
Correct Answer: B
Question No.224
Which of the following represents the best method of ensuring business unit alignment with security program requirements?
-
Provide clear communication of security requirements throughout the organization
-
Demonstrate executive support with written mandates for security policy adherence
-
Create collaborative risk management approaches within the organization
-
Perform increased audits of security processes and procedures
Correct Answer: C
Question No.225
The ultimate goal of an IT security projects is:
-
Increase stock value
-
Complete security
-
Support business requirements
-
Implement information security policies
Correct Answer: C
Question No.226
When is an application security development project complete?
-
When the application is retired.
-
When the application turned over to production.
-
When the application reaches the maintenance phase.
-
After one year.
Correct Answer: A
Question No.227
Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):
-
low risk-tolerance
-
high risk-tolerance
-
moderate risk-tolerance
-
medium-high risk-tolerance
Correct Answer: A
Question No.228
A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?
-
Poor audit support for the security program
-
A lack of executive presence within the security program
-
Poor alignment of the security program to business needs
-
This is normal since business units typically resist security requirements
Correct Answer: C
Question No.229
An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?
-
Ineffective configuration management controls
-
Lack of change management controls
-
Lack of version/source controls
-
High turnover in the application development department
Correct Answer: C
Question No.230
How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?
-
Quarterly
-
Semi-annually
-
Bi-annually
-
Annually
Correct Answer: D
Get Full Version of the Exam
712-50 Dumps
712-50 VCE and PDF