712-50 Practice Test

Which of the following most commonly falls within the scope of an information security governance steering committee?

A.

Approving access to critical financial systems

B.

Developing content for security awareness programs

C.

Interviewing candidates for information security specialist positions

D.

Vetting information security policies

A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

A.

Providing a risk program governance structure

B.

Ensuring developers include risk control comments in code

C.

Creating risk assessment templates based on specific threats

D.

Allowing for the acceptance of risk for regulatory compliance requirements

Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?

A.

Poses a strong technical background

B.

Understand all regulations affecting the organization

C.

Understand the business goals of the organization

D.

Poses a strong auditing background

Risk that remains after risk mitigation is known as

A.

Persistent risk

B.

Residual risk

C.

Accepted risk

D.

Non-tolerated risk

The success of the Chief Information Security Officer is MOST dependent upon:

A.

favorable audit findings

B.

following the recommendations of consultants and contractors

C.

development of relationships with organization executives

D.

raising awareness of security issues with end users