Free 712-50 Practice Test Questions 2026

Risk that remains after risk mitigation is known as

A.

Persistent risk

B.

Residual risk

C.

Accepted risk

D.

Non-tolerated risk

The success of the Chief Information Security Officer is MOST dependent upon:

A.

favorable audit findings

B.

following the recommendations of consultants and contractors

C.

development of relationships with organization executives

D.

raising awareness of security issues with end users

Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?

A.

Awareness

B.

Compliance

C.

Governance

D.

Management

Ensuring that the actions of a set of people, applications and systems follow the organization’s rules is BEST described as:

A.

Risk management

B.

Security management

C.

Mitigation management

D.

Compliance management

A security manager regualrly checks work areas after buisness hours for security violations; such as unsecured files or unattended computers with active sessions. This activity BEST demonstrates what part of a security program?

A.

Audit validation

B.

Physical control testing

C.

Compliance management

D.

Security awareness training

When choosing a risk mitigation method what is the MOST important factor?

A.

Approval from the board of directors

B.

Cost of the mitigation is less than the risk

C.

Metrics of mitigation method success

D.

Mitigation method complies with PCI regulations

Which of the following is MOST likely to be discretionary?

A.

Policies

B.

Procedures

C.

Guidelines

D.

Standards

When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?

A.

Escalation

B.

Recovery

C.

Eradication

D.

Containment

An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?

A.

Data breach disclosure

B.

Consumer right disclosure

C.

Security incident disclosure

D.

Special circumstance disclosure

From an information security perspective, information that no longer supports the main purpose of the business should be:

A.

assessed by a business impact analysis.

B.

protected under the information classification policy.

C.

analyzed under the data ownership policy.

D.

analyzed under the retention policy

What is the BEST way to achieve on-going compliance monitoring in an organization?

A.

Only check compliance right before the auditors are scheduled to arrive onsite.

B.

Outsource compliance to a 3rd party vendor and let them manage the program.

C.

Have Compliance and Information Security partner to correct issues as they arise.

D.

Have Compliance direct Information Security to fix issues after the auditors report.

The single most important consideration to make when developing your security program, policies, and processes is:

A.

Budgeting for unforeseen data compromises

B.

Streamlining for efficiency

C.

Alignment with the business

D.

Establishing your authority as the Security Executive