Free 712-50 Practice Test Questions 2026

Which of the following functions MUST your Information Security Governance program include for formal organizational reporting?

A.

Audit and Legal

B.

Budget and Compliance

C.

Human Resources and Budget

D.

Legal and Human Resources

What is the first thing that needs to be completed in order to create a security program for your organization?

A.

Risk assessment

B.

Security program budget

C.

Business continuity plan

D.

Compliance and regulatory analysis

A.

The types of cardholder data retained

B.

The duration card holder data is retained

C.

The size of the organization processing credit card data

D.

The number of transactions performed per year by an organization

You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?

A.

Risk Avoidance

B.

Risk Acceptance

C.

Risk Transfer

D.

Risk Mitigation

If your organization operates under a model of "assumption of breach", you should:

A.

Protect all information resource assets equally

B.

Establish active firewall monitoring protocols

C.

Purchase insurance for your compliance liability

D.

Focus your security efforts on high value assets

What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?

A.

Test every three years to ensure that things work as planned

B.

Conduct periodic tabletop exercises to refine the BC plan

C.

Outsource the creation and execution of the BC plan to a third party vendor

D.

Conduct a Disaster Recovery (DR) exercise every year to test the plan

After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of

A.

Risk Tolerance

B.

Qualitative risk analysis

C.

Risk Appetite

D.

Quantitative risk analysis

An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied. What is the NEXT logical step in applying the controls in the organization?

A.

Determine the risk tolerance

B.

Perform an asset classification

C.

Create an architecture gap analysis

D.

Analyze existing controls on systems

A global retail company is creating a new compliance management process. Which of the following regulations is of MOST importance to be tracked and managed by this process?

A.

Information Technology Infrastructure Library (ITIL)

B.

International Organization for Standardization (ISO) standards

C.

Payment Card Industry Data Security Standards (PCI-DSS)

D.

National Institute for Standards and Technology (NIST) standard

Which of the following provides an audit framework?

A.

Control Objectives for IT (COBIT)

B.

Payment Card Industry-Data Security Standard (PCI-DSS)

C.

International Organization Standard (ISO) 27002

D.

National Institute of Standards and Technology (NIST) SP 800-30

When briefing senior management on the creation of a governance process, the MOST important aspect should be:

A.

information security metrics.

B.

knowledge required to analyze each issue.

C.

baseline against which metrics are evaluated.

D.

linkage to business area objectives.

In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?

A.

High risk environments 6 months, low risk environments 12 months

B.

Every 12 months

C.

Every 18 months

D.

Every six months