Free 712-50 Practice Test Questions 2026

The exposure factor of a threat to your organization is defined by?

A.

Asset value times exposure factor

B.

Annual rate of occurrence

C.

Annual loss expectancy minus current cost of controls

D.

Percentage of loss experienced due to a realized threat event

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?

A.

Lack of a formal security awareness program

B.

Lack of a formal security policy governance process

C.

Lack of formal definition of roles and responsibilities

D.

Lack of a formal risk management policy

Credit card information, medical data, and government records are all examples of:

A.

Confidential/Protected Information

B.

Bodily Information

C.

Territorial Information

D.

Communications Information

Which of the following is considered the MOST effective tool against social engineering?

A.

Anti-phishing tools

B.

Anti-malware tools

C.

Effective Security Vulnerability Management Program

D.

Effective Security awareness program

An organization's Information Security Policy is of MOST importance because

A.

it communicates management’s commitment to protecting information resources

B.

it is formally acknowledged by all employees and vendors

C.

it defines a process to meet compliance requirements

D.

it establishes a framework to protect confidential information

Which of the following should be determined while defining risk management strategies?

A.

Organizational objectives and risk tolerance

B.

Risk assessment criteria

C.

IT architecture complexity

D.

Enterprise disaster recovery plans

A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected. Who must be informed of this incident?

A.

Internal audit

B.

The data owner

C.

All executive staff

D.

Government regulators

You have implemented a new security control. Which of the following risk strategy options have you engaged in?

A.

Risk Avoidance

B.

Risk Acceptance

C.

Risk Transfer

D.

Risk Mitigation

Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?

A.

Threat

B.

Vulnerability

C.

Attack vector

D.

Exploitation

Which of the following most commonly falls within the scope of an information security governance steering committee?

A.

Approving access to critical financial systems

B.

Developing content for security awareness programs

C.

Interviewing candidates for information security specialist positions

D.

Vetting information security policies

A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

A.

Providing a risk program governance structure

B.

Ensuring developers include risk control comments in code

C.

Creating risk assessment templates based on specific threats

D.

Allowing for the acceptance of risk for regulatory compliance requirements

Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?

A.

Poses a strong technical background

B.

Understand all regulations affecting the organization

C.

Understand the business goals of the organization

D.

Poses a strong auditing background