D-CSF-SC-01 Exam Questions

The primary goal of the COBIT 2019 governance system is to ensure that ___ aligns with the overall business strategy.

The ___________ component of the Detect Function is responsible for identifying unusual patterns or activities that may indicate a threat.

Tiers in the NIST Cybersecurity Framework help organizations assess their level of ___.

An organization is creating a customized version of the NIST Cybersecurity Framework to align with its unique risk profile and business requirements. They are currently mapping the...

Match each Detect Function component with its primary purpose. Component Continuous Monitoring Anomalies and Events Detection Processes Threat Intelligence Purpose

Which protective technologies are typically associated with the Protect Function? (Select two)

What is the primary purpose of the COBIT 2019 governance framework in the context of cybersecurity?

COBIT 2019's focus on cybersecurity risk aligns with which NIST Cybersecurity Framework component?

The ___ function of the NIST Cybersecurity Framework ensures timely identification of cybersecurity events.

Which of the following are key components of an Incident Response Plan? (Select two)

What categories are specifically contained within the Identify function?

What is the main goal of a gap analysis in the Identify function?

How does the COBIT 2019 Framework assist organizations in managing cybersecurity risks?

The __________ process ensures that businesses can continue essential operations with minimal interruption after a cybersecurity incident.

Which COBIT 2019 component aligns most closely with the "Respond" function of the NIST Cybersecurity Framework?

How does COBIT 2019 enhance the implementation of the NIST Cybersecurity Framework?

An organization is creating a disaster recovery plan. They want to ensure all critical assets are accounted for and prioritized. Which component of the Identify Function should the...

The Identify Function helps establish a ___________ to assess and categorize organizational assets by their importance.

What does the Identify Function facilitate in the context of Disaster Recovery and Incident Response planning?

Which document is designed to limit damage, reduce recovery time, and reduce costs where possible to the organization?

The Disaster Recovery Plan must document what effort in order to address unrecoverable assets?

Which mechanism within the NIST Cybersecurity Framework describes a method to capture the current state and define the target state for understanding gaps, exposure, and prioritize...

Which of the following are benefits of implementing continuous monitoring within the Detect Function? (Select two)

In the NIST Cybersecurity Framework, which of the following components is key to ensuring continuity in critical functions after a cybersecurity event?

The NIST Cybersecurity Framework relies on which of the following to guide organizations through effective cybersecurity risk management?

Match the following components of the Identify Function with their main purpose. Component Asset Inventory Risk Assessment Classification Controls Business Impact Analysis Purpose

COBIT 2019 complements the NIST Cybersecurity Framework by focusing on what aspect of cybersecurity risk management?

Which NIST Cybersecurity Framework function should be executed before any others?

An organization has a policy to respond "ASAP" to security incidents. The security team is having a difficult time prioritizing events because they are responding to all of them, i...

One of the five core functions in the NIST Cybersecurity Framework is ___, which focuses on minimizing the impact of cybersecurity events.

Which function of the NIST Cybersecurity Framework focuses on ensuring the organization is able to identify and contain the impact of cybersecurity incidents?

A key consideration in implementing a Disaster Recovery Plan (DRP) is the __________, which defines how quickly systems need to be restored.

Within the Protect Function, ___________ involves limiting access to only those individuals who need it for their work.

What process is used to identify an organization's physical, digital, and human resource, as required in their Business Impact Analysis?

In which function is the SDLC implemented?

Which function of the NIST Cybersecurity Framework should be prioritized first in building a cybersecurity strategy?

Match each Protect Function subcategory with its main focus. Subcategory Data Security Awareness Training Protective Technology Baseline Configuration Focus

In COBIT 2019, which design factor is essential for tailoring the implementation of the NIST Cybersecurity Framework to an organization's needs?

The network security team in your company has discovered a threat that leaked partial data on a compromised file server that handles sensitive information. Containment must be init...

Your firewall blocked several machines on your network from connecting to a malicious IP address. After reviewing the logs, the CSIRT discovers all Microsoft Windows machines on th...

Which NIST Cybersecurity Framework category ensures that organizational communication and data flows are mapped?

Unrecoverable assets are specifically addressed in which function?

Consider the following situation: - A complete service outage has occurred, affecting critical services - Users are unable to perform their tasks - Customers are unable to conduct...

A business needs a high-level view to understand its current cybersecurity activities and align these with industry standards. The business also wants a roadmap for future improvem...

The ___ profile in the NIST Cybersecurity Framework represents the desired cybersecurity outcomes aligned with the organization's risk tolerance.

A company has just acquired an intrusion detection system (IDS) whose detection capabilities are based on behavior and baselines. The IDS has not been in production long enough to...

What is used to ensure an organization understands the security risk to operations, assets, and individuals?

Refer to the exhibit. What is shown?

When gaps are found during the ___ process, they are used to create the action plan for addressing cybersecurity risks.

To generate an accurate risk assessment, organizations need to gather information in what areas?