NIST-COBIT-2019 exam

Within the CSF Core structure, which type of capability can be implemented to help practitioners recognize potential or realized risk to enterprise assets?A . Protection capabilityB . Response capabilityC . Detection capabilityView AnswerAnswer: C Explanation: The Detection capability is the type of capability within the CSF Core structure that can...

What is the MOST important reason to compare framework profiles?A . To improve security postureB . To conduct a risk assessmentC . To identify gapsView AnswerAnswer: C Explanation: The most important reason to compare framework profiles is to identify gaps between the current and target state of cybersecurity activities and...

The CSF Implementation Tiers distinguish three fundamental dimensions of risk management to help enterprises evaluate which of the following?A . Cybersecurity postureB . Cybersecurity threatsC . Cybersecurity landscapeView AnswerAnswer: A Explanation: The CSF Implementation Tiers distinguish three fundamental dimensions of risk management to help enterprises evaluate their cybersecurity posture, which...

Analysis is one of the categories within which of the following Core Functions?A . DetectB . RespondC . RecoverView AnswerAnswer: A Explanation: Analysis is one of the six categories within the Detect function of the NIST Cybersecurity Framework. The Analysis category aims to identify the occurrence of a cybersecurity event...

The goals cascade supports prioritization of management objectives based on:A . the prioritization of enterprise goals.B . the prioritization of business objectives.C . the prioritization of stakeholder needs.View AnswerAnswer: C Explanation: The goals cascade is a mechanism that translates the stakeholder needs into specific, actionable, and customized goals at different...

Which of the following is associated with the "Detect" core function of the NIST Cybersecurity Framework?A . Information Protection Processes and ProceduresB . Anomalies and EventsC . Risk AssessmentView AnswerAnswer: B Explanation: Anomalies and Events is one of the six categories within the Detect function of the NIST Cybersecurity Framework....

What does a CSF Informative Reference within the CSF Core provide?A . A high-level strategic view of the life cycle of an organization's management of cybersecurity riskB . A group of cybersecurity outcomes tied to programmatic needs and particular activitiesC . Specific sections of standards, guidelines, and practices that illustrate...

Which role will benefit MOST from a better understanding of the current cybersecurity posture by applying the CSF?A . ExecutivesB . Acquisition specialistsC . Legal expertsView AnswerAnswer: A Explanation: Executives are the role that will benefit most from a better understanding of the current cybersecurity posture by applying the CSF....

The seven high-level CSF steps generally align to which of the following in COBIT 2019?A . High-level phasesB . High-level functionsC . High-level categoriesView AnswerAnswer: A Explanation: The seven high-level CSF steps generally align to the high-level phases of the COBIT 2019 implementation guide, which are: What are the drivers?;...

Which of the following is the MOST important input for prioritizing resources during program initiation?A . Replacement costB . Risk registerC . Business impact assessmentView AnswerAnswer: C Explanation: A business impact assessment (BIA) is the most important input for prioritizing resources during program initiation, because it helps to identify and...