Midterm

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

The United States Department of Homeland Security defines how many critical infrastructure sectors?

16

Operationally Critical Threat, Asset, and Vulnerability Evaluation

Maintain the assessment.

Which of the following is not one of the three levels NIST defines within an organization that should coordinate the framework implementation and a common flow of information?

Management

The NIST Cybersecurity Framework (CSF) Reference Tool can run in which of the following operating systems?

Microsoft Windows and Apple Mac OS-X

Which of the following is the leading membership organization for Boards and Directors in the U.S.?

NACD

Which of the following refers to those responsible for implementing, maintaining, and monitoring safeguards and systems?

Network engineers System administrators Webmasters

Which of the following federal legislations, also known as the Financial Modernization Act of 1999, was created to reform and modernize the banking industry by eliminating existing barriers between banking and commerce?

GLBA

Which of the following refers to the process of managing, directing, controlling, and influencing organizational decisions, actions, and behaviors?

Governance

The ISO 27002 standard has its origins in which of the following countries?

Great Britain

Which of the following is the topmost object in the policy hierarchy?

Guiding Principles

In the NIST Cybersecurity Framework, which governance subcategory references legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations?

ID.GV-3

Which of the following is a network of the national standards institutes of more than 160 countries?

ISO

Which function defined in the NIST Cybersecurity Framework Core includes the categories and subcategories that define what processes and assets need protection?

Identify

Which of the following is the objective of risk assessment?

Identify the inherent risk Determine the impact of a threat Calculate the likelihood of a threat occurrence

Which of the following is the magnitude of harm?

Impact

Which of the following is the last step in NIST's recommended steps to establish or improve a cybersecurity program?

Implement the action plan

Which key task in the policy adoption phase is the busiest and most challenging task of all?

Implementation

Which of the following refers to the level of risk before security measures are applied?

Inherent Risk

Which of the following best describes a procedure?

Instructions on how a policy is carried out

Which of the following statements about the NIST Cybersecurity Framework is not true?

It is aimed to replace an existing risk management process and cybersecurity program in an organization.

Which of the following statements best describes risk transfer?

It shifts a portion of the risk responsibility or liability to other organizations.

Which of the following statements about the NIST Cybersecurity Framework is true?

It was created in the U.S. and is also used outside of the U.S.

Which of the following is another term for statutory law?

Legislation

Which of the following is one of the ten plain language techniques for policy writing?

Limit a paragraph to one subject.

Which of the following risk assessment methodologies was originally developed by CERT?

OCTAVE

Which of the following is not an example of a standard?

Pass phrases make good passwords.

Which layer in the defense-in-depth strategy includes firewalls, IDS/IPS devices, segmentation, and VLANs?

Perimeter security

Which of the following refers to directives that codify organizational requirements?

Policies

Which of the following is the seminal tool used to protect both our critical infrastructure and our individual liberties?

Policy

Which of the following identifies a policy by name and provides the reader with an overview of the policy topic or category?

Policy heading

Which of the following refers to the relationship between a policy and its supporting documents?

Policy hierarchy

Which of the following is best thought of as a high-level directive or strategic roadmap?

Policy statement

Which part of the NIST Cybersecurity Framework provide guidance to allow organizations to analyze cybersecurity risk and to enhance their processes to manage such risk?

The Framework Tiers

Which of the following best describes residual risk?

The level of risk after security measures are applied

Which of the following best describes the accounting key information security principle?

The logging of access and usage of information resources

Endorsed is one of the seven policy characteristics. Which of the following statements best describes endorsed?

The policy is supported by management.

Which of the following best describes the accountability key information security principle?

The process of tracing actions to their source

What is the purpose of the policy exceptions section of a policy document?

To acknowledge exclusions

What is the purpose of the policy definition section?

To explain terms, abbreviations, and acronyms used in the policy

What is the purpose of the administrative notations section of a policy?

To refer the reader to additional information

Which of the following can achieve authentication in information security?

Tokens

The NIST Cybersecurity Framework was developed by which of the following?

U.S. government Corporations Individuals

Which of the following is not one of the plain language techniques for policy writing?

Use "shall" instead of "must."

Which key task in the policy development phase requires the authors to consult with internal and external experts, including legal counsel, human resources, compliance, cybersecurity and technology professionals, auditors, and regulators?

Vetting

Which part of the NIST Cybersecurity Framework is designed to help organizations view and understand the characteristics of their approach to managing cybersecurity risk?

The Framework Tiers

Which of the following statements best describes NIST?

A nonregulatory federal agency that develops and promotes standards

At which of the following states of the CMM scale are there no documented policies and processes?

AD hoc

In the NIST Cybersecurity Framework Tiers, which of the following Framework Implementation Tiers is labeled Tier 4?

Adaptive

Which of the following is not a supported export file format for current viewed data in the NIST CSF Reference Tool?

Adobe PDF files

Policy implementation and enforcement are part of which of the following phases of the cybersecurity policy life cycle?

Adopt

Which of the following statements is not true?

All guiding principles and corporate cultures are good.

How often should policies be reviewed?

Annually

Which of the following best describes a baseline?

Application of a standard to a specific category or grouping

Where is the policy introduction located in a consolidated policy document?

At the beginning of the document

Where are the policy definitions located in a consolidated policy document?

At the end of the document

Which of the following key information security principles grants users and systems a predetermined level of access to information resources?

Authorization

Which of the following is not one of the "Five A's" of information security?

Availability

Which of the following statements about policies and standards is true?

Both policies and standards are mandatory.

Which category in the Identify function of the NIST Cybersecurity Framework Core addresses the need for an organization's mission, objectives, stakeholders, and activities to be comprehended and prioritized?

Business Environment

Which of the following is an example of an information asset?

Business plans Employee records Company reputation

The NIST CSF Reference Tool provides a way for you to browse the Framework Core by which of the following?

Categories Functions Informative references

CVSS is short for which of the following?

Common Vulnerability Scoring System

Which of the following is not one of the tasks of the policy development phase?

Communicate

Which of the following elements ensures a policy is enforceable?

Compliance can be measured. Appropriate sanctions are applied when the policy is violated. Appropriate administrative, technical, and physical controls are put in place to support the policy.

Which of the following is a characteristic of the silo-based approach to cybersecurity?

Compliance is discretionary. Security is the responsibility of the IT department. Little or no organizational accountability exists.

Which of the following refers to the requirement that private or confidential information not be disclosed to unauthorized individuals?

Confidentiality

Which of the following is an example of a security mechanism designed to preserve confidentiality?

Controlled traffic routing Logical and physical access controls Database views

Which of the following can be defined as the shared attitudes, goals, and practices that characterize a company, corporation, or institution?

Corporate culture

Which of the following is a systematic, evidence-based evaluation of how well an organization conforms to such established criteria as Board-approved policies, regulatory requirements, and internationally recognized standards, such as the ISO 27000 series?

Cybersecurity audit

Which category in the Protect function of the NIST Cybersecurity Framework Core provides guidance around data management practices in order to protect the confidentiality, integrity, and availability of such data?

Data Security

Which of the following is the correct order of the policy life cycle?

Develop, publish, adopt, review

Which major regulation entity within the European Union (EU) was created to maintain a single standard for data protection among all member states in the EU?

EU General Data Protection Regulation (GDPR)

FERPA protects which of the following?

Educational records

Which of the following provides a model for understanding, analyzing, and quantifying information risk in quantitative financial and business terms?

FAIR

hich of the following is the official publication series for NIST standards and guidelines?

FIPS

Which of the following is a monitoring control that safeguards against the loss of integrity?

File integrity monitoring

Which of the following procedure formats is best suited when there is a decision-making process associated with a task?

Flowchart

Which of the following is the first step in NIST's recommended steps to establish or improve a cybersecurity program?

Prioritize and scope

Which function defined in the NIST Cybersecurity Framework Core provides guidance on how to recover normal operations after a cybersecurity incident?

Recover

Which of the following risks relates to negative public opinion?

Reputational risk

Which of the following is the outcome of policy review?

Retirement or re authorization

Which of the following statements best describes strategic risk?

Risk that relates to adverse business decisions

Which of the following refers to how much of the undesirable outcome a risk taker is willing to accept in exchange for the potential benefit?

Risk tolerance

In the NIST Cybersecurity Framework Tiers, which of the following Framework Implementation Tiers is labeled Tier 2?

Risk-Informed

File integrity monitoring

Rotation of duties

Which of the following is a collective term given to guidance on topics related to information systems security, predominantly regarding the planning, implementing, managing, and auditing of overall information security practices?

Security framework

Which of the following NIST publications focuses on cybersecurity practices and guidelines?

Special Publication 1800 series

Which of the following statements about standards and guidelines is true?

Standards are mandatory, whereas guidelines are not.

NIST's Cybersecurity Framework is divided into three parts, including all but which of the following?

The Framework Outcomes

Which part of the NIST Cybersecurity Framework is designed to help an organization align its cybersecurity undertakings with business requirements, risk tolerances, and resources?

The Framework Profiles

(n) __________ or waiver process is required for exceptions identified after a policy has been authorized.

exemption

he two approaches to cybersecurity are silo-based and __________.

operational

NIST created a(n) __________ that allows you to start reviewing and documenting each of the framework's functions, categories, subcategories, and informative references.

spreadsheet


संबंधित स्टडी सेट्स

BUS 101 Chapter 2 Study Questions

View Set

Juice WRLD: Goodbye & Good Riddance

View Set

NCSF CPT Unit 1 Lesson Two- Health and Performance Components of Fitness

View Set

Switching in networking chapter 2

View Set

AJM 10 STS REVIW EQUATION OF MOTION

View Set