The CSIRT team is following the existing recovery plans on non-production systems in a PRE-BREACH scenario. This action is being executed in which function?
The CSIRT team is following the existing recovery plans on non-production systems in a PRE-BREACH scenario. This action is being executed in which function?A . ProtectB . RecoverC . IdentifyD . RespondView AnswerAnswer: B
What type of asset should the product catalog database be categorized as?
The information security manager for a major web based retailer has determined that the product catalog database is corrupt. The business can still accept orders online but the products cannot be updated. Expected downtime to rebuild is roughly four hours. What type of asset should the product catalog database be...
What common process conducted by organizations when protecting digital assets is outside the scope of the NIST Cybersecurity Framework?
What common process conducted by organizations when protecting digital assets is outside the scope of the NIST Cybersecurity Framework?A . RecoverB . IdentifyC . ProtectD . InvestigateView AnswerAnswer: D
Which part of the IRP does the team need to implement or update?
An organization has a policy to respond “ASAP” to security incidents. The security team is having a difficult time prioritizing events because they are responding to all of them, in order of receipt. Which part of the IRP does the team need to implement or update?A . Scheduling of incident...
What activity informs situational awareness of the security status of an organization's systems?
What activity informs situational awareness of the security status of an organization's systems?A . IDPB . RMFC . ISCMD . DPIView AnswerAnswer: C
To generate an accurate risk assessment, organizations need to gather information in what areas?
To generate an accurate risk assessment, organizations need to gather information in what areas?A . Assets, Threats, Vulnerabilities, and ImpactB . Assets, Vulnerabilities, Security, and ResponseC . Inventory, Security, Response, and ImpactD . Inventory, Threats, Security, and ImpactView AnswerAnswer: A
What is used to ensure an organization understands the security risk to operations, assets, and individuals?
What is used to ensure an organization understands the security risk to operations, assets, and individuals?A . Risk Management StrategyB . Risk AssessmentC . Operational AssessmentD . Risk ProfileView AnswerAnswer: B
Which category addresses this need?
You need to review your current security baseline policy for your company and determine which security controls need to be applied to the baseline and what changes have occurred since the last update. Which category addresses this need?A . ID.AMB . PR.IPC . PR.MAD . ID.SCView AnswerAnswer: B
What is concerned with availability, reliability, and recoverability of business processes and functions?
What is concerned with availability, reliability, and recoverability of business processes and functions?A . Business Impact AnalysisB . Business Continuity PlanC . Recovery StrategyD . Disaster Recovery PlanView AnswerAnswer: B
What helps an organization compare an "as-is, to-be" document and identify opportunities for improving cybersecurity posture useful for capturing organizational baselines of today and their desired state of tomorrow so that a gap analysis can be conducted?
What helps an organization compare an "as-is, to-be" document and identify opportunities for improving cybersecurity posture useful for capturing organizational baselines of today and their desired state of tomorrow so that a gap analysis can be conducted?A . FrameworkB . CoreC . AssessmentD . ProfileView AnswerAnswer: D