712-50 Practice Test

The FIRST step in establishing a security governance program is to?

A.

Conduct a risk assessment

B.

Obtain senior level sponsorship

C.

Conduct a workshop for all end users

D.

Prepare a security budget

Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?

A.

Security officer

B.

Data owner

C.

Vulnerability engineer

D.

System administrator

The establishment of a formal risk management framework and system authorization program is essential. The LAST step of the system authorization process is:

A.

Contacting the Internet Service Provider for an IP scope

B.

Getting authority to operate the system from executive management

C.

Changing the default passwords

D.

Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities

Information security policies should be reviewed:

A.

by stakeholders at least annually

B.

by the CISO when new systems are brought online

C.

by the Incident Response team after an audit

D.

by internal audit semiannually

What is the relationship between information protection and regulatory compliance?

A.

That all information in an organization must be protected equally

B.

The information required to be protected by regulatory mandate does not have to be identified in the organizations data classification policy.

C.

That the protection of some information such as National ID information is mandated by regulation and other information such as trade secrets are protected based on business need.

D.

There is no relationship between the two.