Free 712-50 Exam Dumps

Question 16

- (Topic 2)
An information security department is required to remediate system vulnerabilities when they are discovered. Please select the three primary remediation methods that can be used on an affected system.

A. Install software patch, Operate system, Maintain system
B. Discover software, Remove affected software, Apply software patch
C. Install software patch, configuration adjustment, Software Removal
D. Software removal, install software patch, maintain system

Correct Answer:C

Question 17

- (Topic 3)
Which of the following is critical in creating a security program aligned with an organization’s goals?

A. Ensure security budgets enable technical acquisition and resource allocation based on internal compliance requirements
B. Develop a culture in which users, managers and IT professionals all make good decisions about information risk
C. Provide clear communication of security program support requirements and audit schedules
D. Create security awareness programs that include clear definition of security program goals and charters

Correct Answer:B

Question 18

- (Topic 2)
An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the senior computer operator. The most appropriate course of action for the IT auditor is to:

A. Inform senior management of the risk involved.
B. Agree to work with the security officer on these shifts as a form of preventative control.
C. Develop a computer assisted audit technique to detect instances of abuses of the arrangement.
D. Review the system log for each of the late night shifts to determine whether any irregular actions occurred.

Correct Answer::A

Question 19

- (Topic 2)
Which represents PROPER separation of duties in the corporate environment?

A. Information Security and Identity Access Management teams perform two distinct functions
B. Developers and Network teams both have admin rights on servers
C. Finance has access to Human Resources data
D. Information Security and Network teams perform two distinct functions

Correct Answer:D

Question 20

- (Topic 1)
Risk that remains after risk mitigation is known as

A. Persistent risk
B. Residual risk
C. Accepted risk
D. Non-tolerated risk

Correct Answer:B