Online Access Free 512-50 Practice Test

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
Which of the following would be the FIRST step when addressing Information Security formally and consistently in this organization?

• A.Define formal roles and responsibilities for Information Security
• B.Create an executive security steering committee
• C.Contract a third party to perform a security risk assessment
• D.Define formal roles and responsibilities for Internal audit functions

What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?

• A.Perform a risk assessment
• B.Mitigate risk
• C.Evaluate risk avoidance criteria
• D.Determine appetite

A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization's large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

• A.Perform the scans only during off-business hours
• B.Decrease the vulnerabilities within the scan tool settings
• C.Scan a representative sample of systems
• D.Filter the scan output so only pertinent data is analyzed

What role should the CISO play in properly scoping a PCI environment?

• A.Validate the business units' suggestions as to what should be included in the scoping process
• B.Ensure internal scope validation is completed and that an assessment has been done to discover all credit card data
• C.Work with a Qualified Security Assessor (QSA) to determine the scope of the PCI environment
• D.Complete the self-assessment questionnaire and work with an Approved Scanning Vendor (ASV) to determine scope

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.
An effective way to evaluate the effectiveness of an information security awareness program for end users, especially senior executives, is to conduct periodic:

• A.Password changes
• B.Controlled spear phishing campaigns
• C.Scanning for viruses
• D.Baselining of computer systems