712-50 Online Practice Questions and Answers

Which of the following intellectual Property components is focused on maintaining brand recognition?

A. Trademark

B. Research Logs

C. Copyright

D. Patent

Which of the following represents the MOST negative impact resulting from an ineffective security governance program?

A. Improper use of information resources

B. Reduction of budget

C. Decreased security awareness

D. Fines for regulatory non-compliance

An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the senior computer operator.

The most appropriate course of action for the IT auditor is to:

A. Review the system log for each of the late night shifts to determine whether any irregular actions occurred.

B. Inform senior management of the risk involved.

C. Develop a computer-assisted audit technique to detect instances of abuses of the arrangement.

D. Agree to work with the security officer on these shifts as a form of preventative control.

The newly appointed CISO of an organization is reviewing the IT security strategic plan.

Which of the following is the MOST important component of the strategic plan?

A. There is a clear definition of the IT security mission and vision.

B. The plan requires return on investment for all security projects.

C. There is integration between IT security and business staffing

D. There is an auditing methodology in place.

Your penetration testing team installs an in-line hardware key logger onto one of your network machines.

Which of the following is of major concern to the security organization?

A. In-line hardware keyloggers are undetectable by software

B. In-line hardware keyloggers are relatively inexpensive

C. In-line hardware keyloggers don't require physical access

D. In-line hardware keyloggers don't comply to industry regulations

Which of the following is a symmetric encryption algorithm?

A. 3DES

B. RSA

C. ECC

D. MD5

A consultant is hired to do physical penetration testing at a large financial company. In the first day of his assessment, the consultant goes to the company's building dressed like an electrician and waits in the lobby for an employee to pass through the main access gate, then the consultant follows the employee behind to get into the restricted area. Which type of attack did the consultant perform?

A. Shoulder surfing

B. Tailgating

C. Social engineering

D. Mantrap

What does RACI stand for?

A. Reasonable, Actionable, Controlled, and Implemented

B. Responsible, Actors, Consult, and Instigate

C. Responsible, Accountable, Consulted, and Informed

D. Review, Act, Communicate, and Inform

A Security Operations (SecOps) Manager is considering implementing threat hunting to be able to make better decisions on protecting information and assets. What is the MAIN goal of threat hunting to the SecOps Manager?

A. Improve discovery of valid detected events

B. Enhance tuning of automated tools to detect and prevent attacks

C. Replace existing threat detection strategies

D. Validate patterns of behavior related to an attack

What is the primary difference between Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)?

A. IPS identify potentially malicious traffic based on signature or behaviour and IDS does not

B. An IPS examine network traffic flows to detect and actively stop exploits and attacks

C. IDS are typically deployed behind the firewall and IPS are deployed in front of the firewall

D. Only IDS is susceptible to false positives