- All Exams Instant Download
When conducting a risk assessment as part of the NIST Cybersecurity Framework, which of the following elements is critical for identifying risks?
When conducting a risk assessment as part of the NIST Cybersecurity Framework, which of the following elements is critical for identifying risks?A . Industry benchmarksB . Asset inventoryC . Organizational policiesD . Network topologyView AnswerAnswer: B
A new employee is starting work at your company. When should they be informed of the company’s security policy?
A new employee is starting work at your company. When should they be informed of the company’s security policy?A . Based on human resource policyB . After the first security infractionC . Annual security policy reviewD . During regular security awareness sessionsView AnswerAnswer: D
Which component of the Identify Function should they emphasize?
An organization is creating a disaster recovery plan. They want to ensure all critical assets are accounted for and prioritized. Which component of the Identify Function should they emphasize?A . Maintenance of access control listsB . Continuously updated inventory of assetsC . Implementation of endpoint detectionD . Real-time threat intelligence...
Which mechanism within the NIST Cybersecurity Framework describes a method to capture the current state and define the target state for understanding gaps, exposure, and prioritize changes to mitigate risk?
Which mechanism within the NIST Cybersecurity Framework describes a method to capture the current state and define the target state for understanding gaps, exposure, and prioritize changes to mitigate risk?A . FunctionsB . ProfilesC . TiersD . CategoriesView AnswerAnswer: C
Which part of the IRP does the team need to implement or update?
An organization has a policy to respond “ASAP” to security incidents. The security team is having a difficult time prioritizing events because they are responding to all of them, in order of receipt. Which part of the IRP does the team need to implement or update?A . Scheduling of incident...
What is a consideration when performing data collection in Information Security Continuous Monitoring?
What is a consideration when performing data collection in Information Security Continuous Monitoring?A . Data collection efficiency is increased through automation.B . The more data collected, the better chances to catch an anomaly.C . Collection is used only for compliance requirements.D . Data is best captured as it traverses the...
What needs to be done next?
Your organization has been breached. The attacker has sent an email demanding $100,000 in cryptocurrency in exchange for not dumping all your customer information onto the dark web. Following the RACI Matrix model outlined in your IRP, you have informed all parties, contained the breach, and eradicated the threat. What...
How does COBIT 2019 enhance the implementation of the NIST Cybersecurity Framework?
How does COBIT 2019 enhance the implementation of the NIST Cybersecurity Framework?A . By providing detailed technical configurationsB . By offering a governance structure for managing risksC . By aligning with external vendor practicesD . By defining specific recovery processesView AnswerAnswer: B
The ___ function in the NIST Cybersecurity Framework is responsible for identifying vulnerabilities and threats that may affect the organization.
The ___ function in the NIST Cybersecurity Framework is responsible for identifying vulnerabilities and threats that may affect the organization.A . ProtectB . IdentifyC . DetectD . RecoverView AnswerAnswer: B
Which tools can support the Detect Function's goal of identifying cybersecurity events? (Select two)
Which tools can support the Detect Function's goal of identifying cybersecurity events? (Select two)A . Intrusion Detection Systems (IDS)B . Identity and Access Management (IAM)C . Security Information and Event Management (SIEM)D . Disaster Recovery Planning (DRP) toolsView AnswerAnswer: AC
