CSS 1008 Chapter 16
Which function defined in the NIST Cybersecurity Framework Core includes the categories and subcategories that define what processes and assets need protection? A: Detect B: Identify C: Protect D: Respond
Identify
Which of the following is the last step in NIST's recommended steps to establish or improve a cybersecurity program? A: Implement the action plan B: Orient your strategy C: Determine, analyze, and prioritize any gaps D: Create a target profile
Implement the action plan
Which of the following statements about the NIST Cybersecurity Framework is not true? A: One of the main goals is to address and manage cybersecurity risk in a cost-effective way to protect critical infrastructure. B: It is aimed to replace an existing risk management process and cybersecurity program in an organization. C: An organization that doesn't have an existing cybersecurity program can use the NIST Cybersecurity Framework as a reference to develop such a program. D: The NIST Cybersecurity Framework is developed with a common taxonomy.
It is aimed to replace an existing risk management process and cybersecurity program in an organization.
Which of the following statements about the NIST Cybersecurity Framework is true? A: It was created in the U.S. and is used exclusively within the U.S. B: It was created in the U.S. and is also used outside of the U.S. C: It was created outside of the U.S. and is used worldwide. D: None of the above
It was created in the U.S. and is also used outside of the U.S.
Which of the following is not one of the three levels NIST defines within an organization that should coordinate the framework implementation and a common flow of information? A: Management B: Implementation/Operations C: Executive D: Business/Process
Management
The NIST Cybersecurity Framework (CSF) Reference Tool can run in which of the following operating systems? A: Microsoft Windows and Linux B: Apple Mac OS-X and Linux C: Microsoft Windows and Apple Mac OS-X D: Microsoft Windows, Apple Mac OS-X, and Linux
Microsoft Windows and Apple Mac OS-X
Which of the following is the first step in NIST's recommended steps to establish or improve a cybersecurity program? A: Create a current profile B: Prioritize and scope C: Create a target profile D: Conduct a risk assessment
Prioritize and scope
Which function defined in the NIST Cybersecurity Framework Core provides guidance on how to recover normal operations after a cybersecurity incident? A: Respond B: Detect C: Identify D: Recover
Recover
In the NIST Cybersecurity Framework Tiers, which of the following Framework Implementation Tiers is labeled Tier 2? A: Adaptive B: Repeatable C: Risk-Informed D: Partial
Risk-Informed
In the NIST Cybersecurity Framework Tiers, which of the following Framework Implementation Tiers is labeled Tier 4? A: Risk-Informed B: Partial C: Adaptive D: Repeatable
Adaptive
Which of the following is not a supported export file format for current viewed data in the NIST CSF Reference Tool? A: XML files B: Adobe PDF files C: Tab-separated text files D: Comma-separated text files
Adobe PDF files
The NIST CSF Reference Tool provides a way for you to browse the Framework Core by which of the following? A: Categories B: Functions C: Informative references D: All of the above
All of the above
The NIST Cybersecurity Framework was developed by which of the following? A: U.S. government B: Corporations C: Individuals D: All of the above
All of the above
Which category in the Identify function of the NIST Cybersecurity Framework Core addresses the need for an organization's mission, objectives, stakeholders, and activities to be comprehended and prioritized? A: Business Environment B: Governance C: Risk Assessment D: Asset Management
Business Environment
Which category in the Protect function of the NIST Cybersecurity Framework Core provides guidance around data management practices in order to protect the confidentiality, integrity, and availability of such data? A: Awareness and Training B: Protective Technology C: Maintenance D: Data Security
Data Security
NIST's Cybersecurity Framework is divided into three parts, including all but which of the following? A: The Framework Tiers B: The Framework Core C: The Framework Outcomes D: The Framework Profiles
The Framework Outcomes
Which part of the NIST Cybersecurity Framework is designed to help an organization align its cybersecurity undertakings with business requirements, risk tolerances, and resources? A: The Framework Tiers B: The Framework Core C: The Framework Profiles D: The Framework Outcomes
The Framework Profiles
Which part of the NIST Cybersecurity Framework is designed to help organizations view and understand the characteristics of their approach to managing cybersecurity risk? A: The Framework Tiers B: The Framework Core C: The Framework Outcomes D: The Framework Profiles
The Framework Tiers
Which part of the NIST Cybersecurity Framework provide guidance to allow organizations to analyze cybersecurity risk and to enhance their processes to manage such risk? A: The Framework Tiers B: The Framework Core C: The Framework Outcomes D: The Framework Profiles
The Framework Tiers
NIST created a(n) __________ that allows you to start reviewing and documenting each of the framework's functions, categories, subcategories, and informative references. A: spreadsheet B: database C: presentation D: XML file
spreadsheet
