- All Exams Instant Download
Concerning a risk management strategy, what should the executive level be responsible for communicating?
Concerning a risk management strategy, what should the executive level be responsible for communicating?A . Risk mitigationB . Risk profileC . Risk toleranceD . Asset riskView AnswerAnswer: C
Which actions should you take to stop data leakage and comply with requirements of the company security policy?
The network security team in your company has discovered a threat that leaked partial data on a compromised file server that handles sensitive information. Containment must be initiated and addresses by the CSIRT. Service disruption is not a concern because this server is used only to store files and does...
What specifically addresses cyber-attacks against an organization's IT systems?
What specifically addresses cyber-attacks against an organization's IT systems?A . Continuity of Support PlanB . Business Continuity PlanC . Continuity of Operations PlanD . Incident Response PlanView AnswerAnswer: C
Which part of the process failed?
A company failed to detect a breach of their production system. The breach originated from a legacy system that was originally thought to be decommissioned. It turned out that system was still operating and occasionally connected to the production system for reporting purposes. Which part of the process failed?A ....
What is the effect of changing the Baseline defined in the NIST Cybersecurity Framework?
What is the effect of changing the Baseline defined in the NIST Cybersecurity Framework?A . Negative impact on recoveryB . Does not result in changes to the BIAC . Positive impact on detectionD . Review of previously generated alertsView AnswerAnswer: C
To generate an accurate risk assessment, organizations need to gather information in what areas?
To generate an accurate risk assessment, organizations need to gather information in what areas?A . Assets, Threats, Vulnerabilities, and ImpactB . Assets, Vulnerabilities, Security, and ResponseC . Inventory, Security, Response, and ImpactD . Inventory, Threats, Security, and ImpactView AnswerAnswer: A
What common process conducted by organizations when protecting digital assets is outside the scope of the NIST Cybersecurity Framework?
What common process conducted by organizations when protecting digital assets is outside the scope of the NIST Cybersecurity Framework?A . RecoverB . IdentifyC . ProtectD . InvestigateView AnswerAnswer: D
What activity informs situational awareness of the security status of an organization's systems?
What activity informs situational awareness of the security status of an organization's systems?A . IDPB . RMFC . ISCMD . DPIView AnswerAnswer: C
Which categorizations are necessary for the BIA?
You have completed a review of your current security baseline policy. In order to minimize financial, legal, and reputational damage, the baseline configuration requires that infrastructure be categorized for the BIA. Which categorizations are necessary for the BIA? A. Mission critical and business critical only B. Mission critical, safety critical,...
What is the main goal of a gap analysis in the Identify function?
What is the main goal of a gap analysis in the Identify function?A . Determine security controls to improve security measuresB . Determine actions required to get from the current profile state to the target profile stateC . Identify gaps between Cybersecurity Framework and Cyber Resilient Lifecycle pertaining to that...
