Free 712-50 Exam Braindumps

- (Topic 3)
What oversight should the information security team have in the change management process for application security?

1. A. Information security should be informed of changes to applications only
2. B. Development team should tell the information security team about any application security flaws
3. C. Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production
4. D. Information security should be aware of all application changes and work with developers before changes are deployed in production

Correct Answer: C

- (Topic 1)
Risk that remains after risk mitigation is known as

1. A. Persistent risk
2. B. Residual risk
3. C. Accepted risk
4. D. Non-tolerated risk

Correct Answer: B

- (Topic 3)
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?

1. A. Work with the IT group and tell them to put IPS in-line and say it won’t cause any network impact
2. B. Explain to the IT group that the IPS won’t cause any network impact because it will fail open
3. C. Explain to the IT group that this is a business need and the IPS will fail open however, if there is a network failure the CISO will accept responsibility
4. D. Explain to the IT group that the IPS will fail open once in-line however it will be deployed in monitor mode for a set period of time to ensure that it doesn’t block any legitimate traffic

Correct Answer: D

- (Topic 2)
The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to

1. A. assign the responsibility to the information security team.
2. B. assign the responsibility to the team responsible for the management of the controls.
3. C. create operational reports on the effectiveness of the controls.
4. D. perform an independent audit of the security controls.

Correct Answer: D

- (Topic 4)
Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?

1. A. Containment
2. B. Recovery
3. C. Identification
4. D. Eradication

Correct Answer: D