512-50問題集PDFは最新 [2022年最新] 究極な学習ガイド [Q133-Q154]

質問133、 SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.
The CISO discovers the scalability issue will only impact a small number of network segments. What is the next logical step to ensure the proper application of risk management methodology within the two-facto implementation project?

質問134、 Which of the following is critical in creating a security program aligned with an organization’s goals?

質問135、 What is the first thing that needs to be completed in order to create a security program for your organization?

質問136、 With a focus on the review and approval aspects of board responsibilities, the Data Governance Council recommends that the boards provide strategic oversight regarding information and information security, include these four things:

質問137、 The formal certification and accreditation process has four primary steps, what are they?

質問138、 When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?

質問139、 You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

質問140、 Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?

質問141、 The amount of risk an organization is willing to accept in pursuit of its mission is known as

質問142、 A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected.
Who must be informed of this incident?

質問143、 Which regulation or policy governs protection of personally identifiable user data gathered during a cyber investigation?

質問144、 Who in the organization determines access to information?

質問145、 A stakeholder is a person or group:

質問146、 Which of the following is an accurate statement regarding capital expenses?

質問147、 Which of the following provides an independent assessment of a vendor’s internal security controls and overall posture?

質問148、 When managing the critical path of an IT security project, which of the following is MOST important?

質問149、 As the Chief Information Security Officer, you want to ensure data shared securely, especially when shared with third parties outside the organization. What protocol provides the ability to extend the network perimeter with the use of encapsulation and encryption?

質問150、 Which of the following represents the BEST method for obtaining business unit acceptance of security controls within an organization?

質問151、 Creating a secondary authentication process for network access would be an example of?

質問152、 Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?

質問153、 During the 3rd quarter of a budget cycle, the CISO noticed she spent more than was originally planned in her annual budget. What is the condition of her current budgetary posture?

質問154、 What is meant by password aging?