What is the main goal of a gap analysis in the Identify function?
What is the main goal of a gap analysis in the Identify function?A . Determine security controls to improve security measuresB . Determine actions required to get from the current profile state to the target profile stateC . Identify gaps between Cybersecurity Framework and Cyber Resilient Lifecycle pertaining to that...
Which categorizations are necessary for the BIA?
You have completed a review of your current security baseline policy. In order to minimize financial, legal, and reputational damage, the baseline configuration requires that infrastructure be categorized for the BIA. Which categorizations are necessary for the BIA? A. Mission critical and business critical only B. Mission critical, safety critical,...
What does the Communication Plan for the IRP specifically guide against?
A bank has been alerted to a breach of its reconciliation systems. The notification came from the cybercriminals claiming responsibility in an email to the CEO. The CEO has alerted the company CSIRT. What does the Communication Plan for the IRP specifically guide against?A . Transfer of chain of custodyB...
Concerning a risk management strategy, what should the executive level be responsible for communicating?
Concerning a risk management strategy, what should the executive level be responsible for communicating?A . Risk mitigationB . Risk profileC . Risk toleranceD . Asset riskView AnswerAnswer: C
What is the purpose of the Asset Management category?
What is the purpose of the Asset Management category?A . Prevent unauthorized access, damage, and interference to business premises and informationB . Support asset management strategy and information infrastructure security policiesC . Avoid breaches of any criminal or civil law, statutory, regulatory, or contractual obligationsD . Inventory physical devices and...
Your organization’s security team has been working with various business units to understand their business requirements, risk tolerance, and resources used to create a Framework Profile. Based on the Profile provided, what entries correspond to labels A, B, and C?
Refer to the exhibit. Your organization’s security team has been working with various business units to understand their business requirements, risk tolerance, and resources used to create a Framework Profile. Based on the Profile provided, what entries correspond to labels A, B, and C? A . Option AB . Option...
What database is used to record and manage assets?
What database is used to record and manage assets?A . Configuration Management DatabaseB . Asset Inventory Management DatabaseC . High Availability Mirrored DatabaseD . Patch Management Inventory DatabaseView AnswerAnswer: A
What determines the technical controls used to restrict access to USB devices and help prevent their use within a company?
What determines the technical controls used to restrict access to USB devices and help prevent their use within a company?A . Block use of the USB devices for all employeesB . Written security policy prohibiting the use of the USB devicesC . Acceptable use policy in the employee HR on-boarding...
What should an organization use to effectively mitigate against password sharing to prevent unauthorized access to systems?
What should an organization use to effectively mitigate against password sharing to prevent unauthorized access to systems?A . Access through a ticketing systemB . Frequent password resetsC . Strong password requirementsD . Two factor authenticationView AnswerAnswer: D
What is the effect of changing the Baseline defined in the NIST Cybersecurity Framework?
What is the effect of changing the Baseline defined in the NIST Cybersecurity Framework?A . Negative impact on recoveryB . Does not result in changes to the BIAC . Positive impact on detectionD . Review of previously generated alertsView AnswerAnswer: D