nerdexam
Cisco

210-255 · Question #71

Which of the following are core responsibilities of a national CSIRT and CERT?

The correct answer is B. Protect their citizens by providing security vulnerability information, security awareness training,. National CSIRTs and CERTs are government-backed teams whose primary mission is to protect citizens and organizations by sharing vulnerability intelligence and promoting security awareness, not to perform commercial or regulatory functions.

Security Policies and Procedures

Question

Which of the following are core responsibilities of a national CSIRT and CERT?

Options

  • AProvide solutions for bug bounties
  • BProtect their citizens by providing security vulnerability information, security awareness training,
  • CProvide vulnerability brokering to vendors within a country
  • DCreate regulations around cybersecurity within the country

How the community answered

(38 responses)
  • A
    3% (1)
  • B
    95% (36)
  • C
    3% (1)

Why each option

National CSIRTs and CERTs are government-backed teams whose primary mission is to protect citizens and organizations by sharing vulnerability intelligence and promoting security awareness, not to perform commercial or regulatory functions.

AProvide solutions for bug bounties

Bug bounty programs are operated by private companies or third-party platforms to incentivize external researchers to find flaws in their own products, which is outside the public-service mandate of a national CSIRT or CERT.

BProtect their citizens by providing security vulnerability information, security awareness training,Correct

National CSIRTs and CERTs are specifically chartered to serve their country's citizens and critical infrastructure by disseminating timely security vulnerability information and conducting security awareness training. Their core mandate is coordination and communication during incidents, not commercial or legislative activity. This aligns with the FIRST framework and standards like RFC 2350, which define the essential services of a national-level CSIRT.

CProvide vulnerability brokering to vendors within a country

Vulnerability brokering - buying and selling vulnerability information - is a commercial activity performed by private brokers, not a core function of a national CSIRT or CERT whose role is to coordinate and share, not trade, vulnerability data.

DCreate regulations around cybersecurity within the country

Creating cybersecurity regulations is a legislative and policy-making function belonging to government bodies or parliament, not to technical incident response teams such as CSIRTs or CERTs, which advise on but do not enact law.

Concept tested: Core responsibilities of national CSIRT and CERT

Source: https://www.first.org/education/FIRST_CSIRT_Services_Framework_v2.1.pdf

Topics

#CSIRT#CERT#national cybersecurity#vulnerability disclosure

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice