512-50 Sample Questions Answers

Developing effective security controls is a balance between:

Which of the following provides an audit framework?

A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units. Which of the following standards and guidelines can BEST address this organization’s need?

After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of

You have implemented a new security control. Which of the following risk strategy options have you engaged in?

When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?

What is the main purpose of the Incident Response Team?

A method to transfer risk is to:

A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization’s large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

The success of the Chief Information Security Officer is MOST dependent upon:

Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?

The Information Security Governance program MUST:

The framework that helps to define a minimum standard of protection that business stakeholders must attempt to achieve is referred to as a standard of:

Payment Card Industry (PCI) compliance requirements are based on what criteria?

What is the first thing that needs to be completed in order to create a security program for your organization?

What is the definition of Risk in Information Security?

What role should the CISO play in properly scoping a PCI environment?

Which of the following is considered the MOST effective tool against social engineering?

What is the relationship between information protection and regulatory compliance?

When briefing senior management on the creation of a governance process, the MOST important aspect should be:

Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?

Who in the organization determines access to information?

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?

Which technology can provide a computing environment without requiring a dedicated hardware backend?

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.

Which of the following industry / sector neutral information security control frameworks should you recommend for implementation?

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the “real workers.”

Which group of people should be consulted when developing your security program?

The total cost of security controls should:

Which of the following best describes revenue?

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.

Once supervisors and data owners have approved requests, information system administrators will implement

A large number of accounts in a hardened system were suddenly compromised to an external party. Which of

the following is the MOST probable threat actor involved in this incident?

The new CISO was informed of all the Information Security projects that the organization has in progress. Two projects are over a year behind schedule and over budget. Using best business practices for project management you determine that the project correctly aligns with the company goals.

Which of the following needs to be performed NEXT?

The formal certification and accreditation process has four primary steps, what are they?

Michael starts a new job and discovers that he has unnecessary access to a variety of systems. Which of the

following best describes the problem he has encountered?

Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.

Which of the following will be most helpful for getting an Information Security project that is behind schedule back on schedule?

What are the three hierarchically related aspects of strategic planning and in which order should they be done?

John is the project manager for a large project in his organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed. The vendor is refusing to make the changes as they’ve already completed the project work they were contracted to do. What can John do in this instance?

What is the BEST reason for having a formal request for proposal process?

Using the Transport Layer Security (TLS) protocol enables a client in a network to be:

If a Virtual Machine’s (VM) data is being replicated and that data is corrupted, this corruption will automatically

be replicated to the other machine(s). What would be the BEST control to safeguard data integrity?

A digital signature addresses which of the following concerns?

When project costs continually increase throughout implementation due to large or rapid changes in customer

or user requirements, this is commonly known as:

Which of the following information would MOST likely be reported at the board-level within an organization?

Smith, the project manager for a larger multi-location firm, is leading a software project team that has 18

members, 5 of which are assigned to testing. Due to recent recommendations by an organizational quality audit

team, the project manager is convinced to add a quality professional to lead to test team at additional cost to

the project.

The project manager is aware of the importance of communication for the success of the project and takes the

step of introducing additional communication channels, making it more complex, in order to assure quality

levels of the project. What will be the first project management document that Smith should change in order to

accommodate additional communication channels?

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his

assessment, the consultant goes to the company’s building dressed like an electrician and waits in the lobby for

an employee to pass through the main access gate, then the consultant follows the employee behind to get into

the restricted area. Which type of attack did the consultant perform?

SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

In what phase of the response will the team extract information from the affected systems without altering original data?

SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.

What is the MOST logical course of action the CISO should take?

SCENARIO: Critical servers show signs of erratic behavior within your organization’s intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team.

During initial investigation, the team suspects criminal activity but cannot initially prove or disprove illegal actions. What is the MOST critical aspect of the team’s activities?

Which of the following backup sites takes the longest recovery time?

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

The process of identifying and classifying assets is typically included in the

Which of the following is a countermeasure to prevent unauthorized database access from web applications?

In terms of supporting a forensic investigation, it is now imperative that managers, first-responders, etc., accomplish the following actions to the computer under investigation:

The process for identifying, collecting, and producing digital information in support of legal proceedings is called

While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?

The process of creating a system which divides documents based on their security level to manage access to private data is known as

What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?

Physical security measures typically include which of the following components?

An anonymity network is a series of?

Which of the following is a symmetric encryption algorithm?

An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?

As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.

1.Covering tracks

2.Scanning and enumeration

3.Maintaining Access

4.Reconnaissance

5.Gaining Access

Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

Which wireless encryption technology makes use of temporal keys?

Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?

Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?

Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?

What type of attack requires the least amount of technical equipment and has the highest success rate?

One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?

SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:

Which of the following is the MAIN security concern for public cloud computing?

To have accurate and effective information security policies how often should the CISO review the organization policies?

Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?

As the new CISO at the company you are reviewing the audit reporting process and notice that it includes only detailed technical diagrams. What else should be in the reporting process?

Which of the following activities must be completed BEFORE you can calculate risk?

Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?

Creating a secondary authentication process for network access would be an example of?

You have implemented the new controls. What is the next step?

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

The effectiveness of an audit is measured by?

Which of the following is a benefit of a risk-based approach to audit planning?

Which of the following illustrates an operational control process:

Which of the following is a fundamental component of an audit record?

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?

Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?

The amount of risk an organization is willing to accept in pursuit of its mission is known as

In MOST organizations which group periodically reviews network intrusion detection system logs for all systems as part of their daily tasks?

Creating good security metrics is essential for a CISO. What would be the BEST sources for creating security metrics for baseline defenses coverage?

The CIO of an organization has decided to assign the responsibility of internal IT audit to the IT team. This is consider a bad practice MAINLY because

IT control objectives are useful to IT auditors as they provide the basis for understanding the:

Which of the following activities is the MAIN purpose of the risk assessment process?

The effectiveness of social engineering penetration testing using phishing can be used as a Key Performance Indicator (KPI) for the effectiveness of an organization’s

During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

Which of the following reports should you as an IT auditor use to check on compliance with a service level agreement’s requirement for uptime?

Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?

Which of the following functions implements and oversees the use of controls to reduce risk when creating an information security program?

How often should the SSAE16 report of your vendors be reviewed?

When is an application security development project complete?

Which of the following represents the BEST method of ensuring security program alignment to business needs?

Which of the following is the BEST indicator of a successful project?

How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?

Your company has a “no right to privacy” notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee’s email account. What should you do? (choose the BEST answer):

Knowing the potential financial loss an organization is willing to suffer if a system fails is a determination of which of the following?

An organization has a stated requirement to block certain traffic on networks. The implementation of controls will disrupt a manufacturing process and cause unacceptable delays, resulting in sever revenue disruptions. Which of the following is MOST likely to be responsible for accepting the risk until mitigating controls can be implemented?

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?

As the CISO for your company you are accountable for the protection of information resources commensurate with:

You manage a newly created Security Operations Center (SOC), your team is being inundated with security alerts and don’t know what to do. What is the BEST approach to handle this situation?

When managing the critical path of an IT security project, which of the following is MOST important?

The ultimate goal of an IT security projects is:

A CISO has recently joined an organization with a poorly implemented security program. The desire is to base the security program on a risk management approach. Which of the following is a foundational requirement in order to initiate this type of program?

When gathering security requirements for an automated business process improvement program, which of the following is MOST important?

A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state. Which of the following security issues is the MOST likely reason leading to the audit findings?

An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?

Which of the following information may be found in table top exercises for incident response?

Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed. What can be done to ensure that security is addressed cost effectively?

Which of the following best summarizes the primary goal of a security program?