Online Access Free 712-50 Exam Questions

Which of the following represents the BEST method of ensuring security program alignment to business needs?

• A.Ensure security implementations include business unit testing and functional validation prior to production rollout
• B.Create security consortiums, such as strategic security planning groups, that include business unit participation
• C.Create a comprehensive security awareness program and provide success metrics to business units
• D.Ensure the organization has strong executive-level security representation through clear sponsorship or the creation of a CISO role

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

• A.Schedule an emergency meeting and request the funding to fix the issue
• B.Transfer financial resources from other critical programs
• C.Take the system off line until the budget is available
• D.Deploy countermeasures and compensating controls until the budget is available

Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?

• A.Trusted and untrusted networks
• B.Log retention
• C.Storage encryption
• D.Type of authentication

From the CISO's perspective in looking at financial statements, the statement of retained earnings of an organization:

• A.Represents the percentage of earnings that could in part be used to finance future security controls
• B.Represents, in part, the savings generated by the proper acquisition and implementation of security controls
• C.Has a direct correlation with the CISO's budget
• D.Represents the sum of all capital expenditures

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
The CISO has validated audit findings, determined if compensating controls exist, and started initial remediation planning. Which of the following is the MOST logical next step?

• A.Review security procedures to determine if they need modified according to findings
• B.Validate the effectiveness of current controls
• C.Report the audit findings and remediation status to business stake holders
• D.Create detailed remediation funding and staffing plans