New 2024 712-50 exam questions Welcome to download the newest TrainingQuiz 712-50 PDF dumps (447 Q&As)
P.S. Free 2024 CCISO 712-50 dumps are available on Google Drive shared by TrainingQuiz
NEW QUESTION # 62
Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.
When multiple regulations or standards apply to your industry you should set controls to meet the:
- A. Most complex standard to implement
- B. Stricter regulation or standard
- C. Recommendations of your Legal Staff
- D. Easiest regulation or standard to implement
Answer: A
NEW QUESTION # 63
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
- A. PRINCE2
- B. ITILv3
- C. ISO 27004
- D. ISO 27001
Answer: C
NEW QUESTION # 64
The Board of Directors of a publicly-traded company is concerned about the security implications of a strategic project that will migrate 50% of the organization's information technology assets to the cloud. They have requested a briefing on the project plan and a progress report of the security stream of the project. As the CISO, you have been tasked with preparing the report for the Chief Executive Officer to present.
Using the Earned Value Management (EVM), what does a Cost Variance (CV) of -1,200 mean?
- A. The project budget has reserves
- B. The project is under budget
- C. The project cost is in alignment with the budget
- D. The project is over budget
Answer: D
NEW QUESTION # 65
Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?
- A. Better understand the threats and vulnerabilities affecting the environment
- B. Meet legal requirements
- C. Better understand strengths and weakness of the program
- D. Meet regulatory compliance requirements
Answer: C
NEW QUESTION # 66
A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization's large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?
- A. Scan a representative sample of systems
- B. Perform the scans only during off-business hours
- C. Filter the scan output so only pertinent data is analyzed
- D. Decrease the vulnerabilities within the scan tool settings
Answer: A
NEW QUESTION # 67
Scenario: You are the CISO and are required to brief the C-level executive team on your information security audit for the year. During your review of the audit findings you discover that many of the controls that were put in place the previous year to correct some of the findings are not performing as needed. You have thirty days until the briefing.
To formulate a remediation plan for the non-performing controls what other document do you need to review before adjusting the controls?
- A. Annual report to shareholders
- B. Security roadmap
- C. Business Impact Analysis
- D. Business Continuity plan
Answer: C
Explanation:
Scenario7
NEW QUESTION # 68
What is the primary difference between regulations and standards?
- A. Standards that aren't followed are punishable by fines
- B. Standards will include regulations
- C. Regulations are made enforceable by the power provided by laws
- D. Regulations must be reviewed and approved by the business
Answer: C
NEW QUESTION # 69
The exposure factor of a threat to your organization is defined by?
- A. Annual rate of occurrence
- B. Asset value times exposure factor
- C. Annual loss expectancy minus current cost of controls
- D. Percentage of loss experienced due to a realized threat event
Answer: D
NEW QUESTION # 70
Using the Transport Layer Security (TLS) protocol enables a client in a network to be:
- A. Registered by the server
- B. Identified by a network
- C. Assured of the server's identity
- D. Provided with a digital signature
Answer: C
NEW QUESTION # 71
Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the "real workers." What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?
- A. Draw from your experience and recount stories of how other companies have been compromised
- B. Cite corporate policy and insist on compliance with audit findings
- C. Understand the business and focus your efforts on enabling operations securely
- D. Cite compliance with laws, statutes, and regulations - explaining the financial implications for the company for non-compliance
Answer: C
Explanation:
Explanation/Reference:
NEW QUESTION # 72
When creating contractual agreements and procurement processes why should security requirements be included?
- A. To make sure the costs of security is included and understood
- B. To make sure the patching process is included with the costs
- C. To make sure the security process aligns with the vendor's security process
- D. To make sure they are added on after the process is completed
Answer: A
NEW QUESTION # 73
What is the BEST reason for having a formal request for proposal process?
- A. Clearly identifies risks and benefits before funding is spent
- B. Creates a timeline for purchasing and budgeting
- C. Allows small companies to compete with larger companies
- D. Informs suppliers a company is going to make a purchase
Answer: A
NEW QUESTION # 74
Which of the following is the MOST important component of any change management process?
- A. Management approval
- B. Outage planning
- C. Back-out procedures
- D. Scheduling
Answer: A
NEW QUESTION # 75
Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture.
What would be the BEST choice of security metrics to present to the BOD?
- A. All vulnerabilities that impact important production servers
- B. Only critical and high vulnerabilities that impact important production servers
- C. Only critical and high vulnerabilities on servers and desktops
- D. All vulnerabilities found on servers and desktops
Answer: B
NEW QUESTION # 76
When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?
- A. How many credit card records are stored?
- B. How many servers do you have?
- C. What is the scope of the certification?
- D. What is the value of the assets at risk?
Answer: C
NEW QUESTION # 77
Which of the following should be determined while defining risk management strategies?
- A. Enterprise disaster recovery plans
- B. IT architecture complexity
- C. Risk assessment criteria
- D. Organizational objectives and risk tolerance
Answer: D
NEW QUESTION # 78
Which of the following will be MOST helpful for getting an Information Security project that is behind schedule back on schedule?
- A. Involve internal audit
- B. Upper management support
- C. More frequent project milestone meetings
- D. More training of staff members
Answer: B
NEW QUESTION # 79
Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.
When multiple regulations or standards apply to your industry you should set controls to meet the___________________________.
- A. Stricter regulation or standard
- B. Most complex standard
- C. Recommendations of your Legal Staff
- D. Easiest regulation or standard to implement
Answer: D
Explanation:
Explanation
NEW QUESTION # 80
A newly appointed security officer finds data leakage software licenses that had never been used. The officer decides to implement a project to ensure it gets installed, but the project gets a great deal of resistance across the organization. Which of the following represents the MOST likely reason for this situation?
- A. The security officer should allow time for the organization to get accustomed to her presence before initiating security projects
- B. The software license expiration is probably out of synchronization with other software licenses
- C. The software is out of date and does not provide for a scalable solution across the enterprise
- D. The project was initiated without an effort to get support from impacted business units in the organization
Answer: D
NEW QUESTION # 81
Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?
- A. IDS, syslog, router, switches
- B. Firewall, exchange, web server, intrusion detection system (IDS)
- C. Servers, routers, switches, modem
- D. Firewall, anti-virus console, IDS, syslog
Answer: D
NEW QUESTION # 82
If a Virtual Machine's (VM) data is being replicated and that data is corrupted, this corruption will automatically be replicated to the other machine(s). What would be the BEST control to safeguard data integrity?
- A. Backup to a remote location
- B. Backup to tape
- C. Maintain separate VM backups
- D. Increase VM replication frequency
Answer: C
NEW QUESTION # 83
Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights.
Which of the following would be the MOST concerning?
- A. Lack of reporting of a successful denial of service attack on the network.
- B. Lack of notification to the public of disclosure of confidential information
- C. Failure to notify police of an attempted intrusion
- D. Lack of notification to the public of disclosure of confidential information
Answer: B
NEW QUESTION # 84
......
712-50 exam questions from TrainingQuiz dumps: https://pass4sure.trainingquiz.com/712-50-training-materials.html (447 Q&As)
