Question 37

- (Topic 5)
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO’s approach to security?

Correct Answer:C

Question 38

- (Topic 2)
Which is the BEST solution to monitor, measure, and report changes to critical data in a system?

Correct Answer:B

Question 39

- (Topic 1)
Which of the following is a critical operational component of an Incident Response Program (IRP)?

Correct Answer:C

Question 40

- (Topic 3)
An application vulnerability assessment has identified a security flaw in an application. This is a flaw that was previously identified and remediated on a prior release of the application. Which of the following is MOST likely the reason for this recurring issue?

Correct Answer:C

Question 41

- (Topic 2)
Which of the following are necessary to formulate responses to external audit findings?

Correct Answer:C

Question 42

- (Topic 5)
SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
Which of the following is the FIRST action the CISO will perform after receiving the audit report?

Correct Answer:B

START 712-50 EXAM