712-50 Exam Dumps | What is the FIRST step in developing the vulnerability management program?

<< Prev Question Next Question >>

Question 114/219

What is the FIRST step in developing the vulnerability management program?

A. Baseline the Environment

B. Maintain and Monitor

C. Organization Vulnerability

D. Define Policy

Question List (219q): Question 1: Scenario: You are the newly hired Chief Information Security...; Question 2: A method to transfer risk is to:...; Question 3: A Security Operations Centre (SOC) manager is informed that ...; Question 4: An organization is required to implement background checks o...; Question 5: Which of the following represents the BEST reason for an org...; Question 6: The Information Security Management program MUST protect:...; Question 7: Which of the following is the MOST effective way to measure ...; Question 8: Which of the following methods are used to define contractua...; Question 9: An organization is looking for a framework to measure the ef...; Question 10: The exposure factor of a threat to your organization is defi...; Question 11: What type of attack requires the least amount of technical e...; Question 12: What is the estimate of all direct and indirect costs associ...; Question 13: You are the CISO for an investment banking firm. The firm is...; Question 14: Which wireless encryption technology makes use of temporal k...; Question 15: When briefing senior management on the creation of a governa...; Question 16: As a CISO you need to understand the steps that are used to ...; Question 17: SCENARIO: A Chief Information Security Officer (CISO) recent...; Question 18: Annual Loss Expectancy is derived from the function of which...; Question 19: Scenario: You are the CISO and have just completed your firs...; Question 20: The newly appointed CISO of an organization is reviewing the...; Question 21: An anonymity network is a series of?...; Question 22: An organization recently acquired a Data Loss Prevention (DL...; Question 23: Which of the following should be determined while defining r...; Question 24: Michael starts a new job and discovers that he has unnecessa...; Question 25: Which of the following BEST mitigates ransomware threats?...; Question 26: Your company has limited resources to spend on security init...; Question 27: A system was hardened at the Operating System level and plac...; Question 28: Which of the following is the MAIN security concern for publ...; Question 29: Ensuring that the actions of a set of people, applications a...; Question 30: You manage a newly created Security Operations Center (SOC),...; Question 31: SCENARIO: A CISO has several two-factor authentication syste...; Question 32: Many times a CISO may have to speak to the Board of Director...; Question 33: What Enterprise Architecture Framework is business-centric a...; Question 34: Where does bottom-up financial planning primarily gain infor...; Question 35: When considering using a vendor to help support your securit...; Question 36: When dealing with risk, the information security practitione...; Question 37: The ultimate goal of an IT security projects is:...; Question 38: What are the three hierarchically related aspects of strateg...; Question 39: An organization has defined a set of standard security contr...; Question 40: The company decides to release the application without remed...; Question 41: The effectiveness of an audit is measured by?...; Question 42: Which of the following set of processes is considered to be ...; Question 43: If a Virtual Machine's (VM) data is being replicated and tha...; Question 44: In which of the following cases would an organization be mor...; Question 45: Scenario: An organization has made a decision to address Inf...; Question 46: Which represents PROPER separation of duties in the corporat...; Question 47: Effective information security management programs require t...; Question 48: Which of the following BEST describes an international stand...; Question 49: What is the primary difference between regulations and stand...; Question 50: Which of the following is the MOST important for a CISO to u...; Question 51: In defining a strategic security plan for an organization, w...; Question 52: A security professional has been promoted to be the CISO of ...; Question 53: When entering into a third party vendor agreement for securi...; Question 54: When measuring the effectiveness of an Information Security ...; Question 55: The patching and monitoring of systems on a consistent sched...; Question 56: The general ledger setup function in an enterprise resource ...; Question 57: When performing a forensic investigation, what are the two M...; Question 58: What is the relationship between information protection and ...; Question 59: Scenario: Your organization employs single sign-on (user nam...; Question 60: Which of the following is used to establish and maintain a f...; Question 61: If your organization operates under a model of "assumption o...; Question 62: Your incident handling manager detects a virus attack in the...; Question 63: Which of the following is of MOST importance when security l...; Question 64: When should IT security project management be outsourced?...; Question 65: When managing the security architecture for your company you...; Question 66: What is a key policy that should be part of the information ...; Question 67: Who is responsible for verifying that audit directives are i...; Question 68: Scenario: The new CISO was informed of all the Information S...; Question 69: A key cybersecurity feature of a Personal Identification Ver...; Question 70: The framework that helps to define a minimum standard of pro...; Question 71: In which of the following cases, would an organization be mo...; Question 72: During the course of a risk analysis your IT auditor identif...; Question 73: You have implemented a new security control. Which of the fo...; Question 74: When choosing a risk mitigation method what is the MOST impo...; Question 75: Scenario: An organization has recently appointed a CISO. Thi...; Question 76: Which of the following provides an independent assessment of...; Question 77: As the Chief Information Security Officer, you want to ensur...; Question 78: Which of the following methodologies references the recommen...; Question 79: An organization has a stated requirement to block certain tr...; Question 80: As the new CISO at the company you are reviewing the audit r...; Question 81: The alerting, monitoring, and lifecycle management of securi...; Question 82: What are the common data hiding techniques used by criminals...; Question 83: A stakeholder is a person or group:...; Question 84: The single most important consideration to make when develop...; Question 85: When gathering security requirements for an automated busine...; Question 86: A severe security threat has been detected on your corporate...; Question 87: What is the BEST way to achieve on-going compliance monitori...; Question 88: Which of the following best summarizes the primary goal of a...; Question 89: Within an organization's vulnerability management program, w...; Question 90: According to the National Institute of Standards and Technol...; Question 91: Which of the following functions implements and oversees the...; Question 92: When is an application security development project complete...; Question 93: What is a difference from the list below between quantitativ...; Question 94: As the Risk Manager of an organization, you are task with ma...; Question 95: Many successful cyber-attacks currently include:...; Question 96: What is the definition of Risk in Information Security?...; Question 97: The process of identifying and classifying assets is typical...; Question 98: A global retail company is creating a new compliance managem...; Question 99: In MOST organizations which group periodically reviews netwo...; Question 100: Which publication serves as a resource of enterprise securit...; Question 101: The total cost of security controls should:...; Question 102: The effectiveness of social engineering penetration testing ...; Question 103: Which of the following is an example of risk transference?...; Question 104: Which of the following is considered to be an IT governance ...; Question 105: Scenario: Your company has many encrypted telecommunications...; Question 106: An access point (AP) is discovered using Wireless Equivalent...; Question 107: What is the main purpose of the Incident Response Team?...; Question 108: Which of the following is a countermeasure to prevent unauth...; Question 109: When an organization claims it is secure because it is PCI-D...; Question 110: The alerting, monitoring and life-cycle management of securi...; Question 111: Creating a secondary authentication process for network acce...; Question 112: In order for a CISO to have true situational awareness there...; Question 113: Which of the following is a common technology for visual mon...; Question 114: What is the FIRST step in developing the vulnerability manag...; Question 115: The network administrator wants to strengthen physical secur...; Question 116: What should an organization do to ensure that they have a so...; Question 117: The implementation of anti-malware and anti-phishing control...; Question 118: What role should the CISO play in properly scoping a PCI env...; Question 119: What is a Statement of Objectives (SOA)?...; Question 120: You work as a project manager for TYU project. You are plann...; Question 121: Which of the following is the BEST indicator of a successful...; Question 122: Which of the following is considered one of the most frequen...; Question 123: The Board of Directors of a publicly-traded company is conce...; Question 124: What is the THIRD state of the Tuckman Stages of Group Devel...; Question 125: Which security technologies are MOST critical to implementin...; Question 126: Scenario: You are the CISO and are required to brief the C-l...; Question 127: What is the difference between encryption and tokenization?...; Question 128: Which of the following are necessary to formulate responses ...; Question 129: Simon had all his systems administrators implement hardware ...; Question 130: The security team has investigated the theft/loss of several...; Question 131: As the CISO you need to write the IT security strategic plan...; Question 132: A person in your security team calls you at night and inform...; Question 133: Which of the following is the MOST logical method of deployi...; Question 134: What key technology can mitigate ransomware threats?...; Question 135: Many successful cyber-attacks currently include:...; Question 136: Which of the following best describes the sensors designed t...; Question 137: Which of the following conditions would be the MOST probable...; Question 138: A Chief Information Security Officer received a list of high...; Question 139: Your company has a "no right to privacy" notice on all logon...; Question 140: An audit was conducted and many critical applications were f...; Question 141: Optical biometric recognition such as retina scanning provid...; Question 142: A newly-hired CISO needs to understand the organization's fi...; Question 143: Providing oversight of an information security program for t...; Question 144: Which of the following is a benefit of information security ...; Question 145: When evaluating a Managed Security Services Provider (MSSP),...; Question 146: Scenario: An organization has made a decision to address Inf...; Question 147: If the result of an NPV is positive, then the project should...; Question 148: Scenario: As you begin to develop the program for your organ...; Question 149: Scenario: Your organization employs single sign-on (user nam...; Question 150: ABC Limited has recently suffered a security breach with cus...; Question 151: Which of the following is a MAJOR consideration when an orga...; Question 152: You have purchased a new insurance policy as part of your ri...; Question 153: You have recently drafted a revised information security pol...; Question 154: What standard provides a comprehensive framework for informa...; Question 155: Which of the following best describes a portfolio?...; Question 156: To get an Information Security project back on schedule, whi...; Question 157: A missing/ineffective security control is identified. Which ...; Question 158: IT control objectives are useful to IT auditors as they prov...; Question 159: When you develop your audit remediation plan what is the MOS...; Question 160: Which of the following functions MUST your Information Secur...; Question 161: An example of professional unethical behavior is:...; Question 162: The success of the Chief Information Security Officer is MOS...; Question 163: From the CISO's perspective in looking at financial statemen...; Question 164: Which of the following is MOST important when dealing with a...; Question 165: The process of creating a system which divides documents bas...; Question 166: Which of the following is MOST important when tuning an Intr...; Question 167: Acceptable levels of information security risk tolerance in ...; Question 168: The mean time to patch, number of virus outbreaks prevented,...; Question 169: Which type of physical security control scan a person's exte...; Question 170: Which of the following is the MOST important to share with a...; Question 171: Which of the following information may be found in table top...; Question 172: Which of the following illustrates an operational control pr...; Question 173: Which International Organization for Standardization (ISO) b...; Question 174: Which of the following terms is used to describe countermeas...; Question 175: The risk found after a control has been fully implemented is...; Question 176: As the CISO for your company you are accountable for the pro...; Question 177: When creating a vulnerability scan schedule, who is the MOST...; Question 178: Which of the following is the MOST important reason for perf...; Question 179: You have implemented the new controls. What is the next step...; Question 180: Which of the following information would MOST likely be repo...; Question 181: What is an example of a key performance indicator for cybers...; Question 182: Which of the following is considered the MOST effective tool...; Question 183: Scenario: An organization has made a decision to address Inf...; Question 184: A security officer wants to implement a vulnerability scanni...; Question 185: Scenario: You are the newly hired Chief Information Security...; Question 186: While Cost Benefit Analysis (CBA) is the easiest calculation...; Question 187: An organization has decided to develop an in-house BCM capab...; Question 188: The formal certification and accreditation process has four ...; Question 189: A new CISO just started with a company and on the CISO's des...; Question 190: Assigning the role and responsibility of Information Assuran...; Question 191: Credit card information, medical data, and government record...; Question 192: When working in the Payment Card Industry (PCI), how often s...; Question 193: With a focus on the review and approval aspects of board res...; Question 194: As the CISO, you have been tasked with the execution of the ...; Question 195: Of the following types of SOCs (Security Operations Centers)...; Question 196: What are the four groups that are critical to the success of...; Question 197: Which of the following provides an audit framework?...; Question 198: SCENARIO: A Chief Information Security Officer (CISO) recent...; Question 199: What is the MAIN reason for conflicts between Information Te...; Question 200: Which of the following would negatively impact a log analysi...; Question 201: The process for identifying, collecting, and producing digit...; Question 202: Which of the following is a primary method of applying consi...; Question 203: Access Control lists (ACLs), Firewalls, and Intrusion Preven...; Question 204: You are the CISO of a commercial social media organization. ...; Question 205: Scenario: The new CISO was informed of all the Information S...; Question 206: In effort to save your company money which of the following ...; Question 207: What are the security features that control how users and sy...; Question 208: You currently cannot provide for 24/7 coverage of your secur...; Question 209: Risk is defined as:; Question 210: Information security policies should be reviewed:...; Question 211: Dataflow diagrams are used by IT auditors to:...; Question 212: Which of the following statements below regarding Key Perfor...; Question 213: Which of the following represents the best method of ensurin...; Question 214: Which of the following functions evaluates patches used to c...; Question 215: When operating under severe budget constraints a CISO will h...; Question 216: What is the primary reason for performing vendor management?...; Question 217: Which of the following represents the BEST method of ensurin...; Question 218: Creating good security metrics is essential for a CISO. What...; Question 219: Which of the following is considered the MOST effective tool...

Question 114/219

LEAVE A REPLY

Download PDF File