512-50 試験問題を無料オンラインアクセス

The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called

• A.Security accreditation
• B.Security certification
• C.Alignment with business practices and goals.
• D.Security system analysis

Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

• A.Implementation of it eases an organization's auditing and compliance burden
• B.It allows executives to more effectively monitor IT implementation costs
• C.It provides for a consistent and repeatable staffing model for technology organizations
• D.Information Security (IS) procedures often require augmentation with other standards

When dealing with a risk management process, asset classification is important because it will impact the overall:

• A.Threat identification
• B.Risk monitoring
• C.Risk tolerance
• D.Risk treatment

When project costs continually increase throughout implementation due to large or rapid changes in customer or user requirements, this is commonly known as:

• A.Expectations management
• B.Cost/benefit adjustments
• C.Scope creep
• D.Prototype issues

When a critical vulnerability has been discovered on production systems and needs to be fixed immediately, what is the BEST approach for a CISO to mitigate the vulnerability under tight budget constraints?

• A.Deploy countermeasures and compensating controls until the budget is available
• B.Take the system off line until the budget is available
• C.Schedule an emergency meeting and request the funding to fix the issue
• D.Transfer financial resources from other critical programs