D-CSF-SC-01 Exam Questions

What is used to identify critical systems, networks, and data based on their criticality to business operations?

How does the NIST Cybersecurity Framework complement COBIT 2019?

At what cyber kill chain stage do attackers use malware to exploit specific software or hardware vulnerabilities on the target, based on the information retrieved at the reconnaiss...

In the context of the Protect Function, what is the primary role of a Business Continuity Plan (BCP)?

A company is developing a Business Impact Analysis (BIA) to ensure essential functions are maintained in case of a cyber incident. Which element of the Identify Function would most...

What identifies the value of data to an organization so that confidentiality and integrity can be protected and intelligent data handling decisions can be made?

What must be done before returning a compromised laptop to normal operations in the environment?

An administrator receives an alert that four Microsoft Windows machines have joined the network but do not have the appropriate level of patching to be authorized. Which category a...

In COBIT 2019, which of the following is considered a key design factor for tailoring the cybersecurity framework?

Your organization has tasked you with collecting information on all the data, personnel, devices, systems, and facilities that enable the organization to achieve its business purpo...

In the context of the Detect Function, which element helps organizations identify patterns of anomalous activity?

Which element of the NIST Cybersecurity Framework aligns with COBIT 2019's governance model for managing cybersecurity risk?

The Cybersecurity Framework core consists of how many categories?

The ___ process within the NIST Cybersecurity Framework is used to develop the action plan to address gaps in the cybersecurity posture.

Which of the following are included in the Identify Function's goal to support Business Impact Analysis (BIA) efforts? (Select two)

Which of the following are included in the Framework Core structure? (Select two)

Which document provides an implementation plan to recover business functions and processes during and after an event?

A security engineer is responsible for monitoring company software, firmware, system OS, and applications for known vulnerabilities. How should they stay current on exploits and in...

What defines who is accountable for contacting operational teams, managers, and others affected by a localized, safety critical event?

COBIT 2019 complements the NIST Cybersecurity Framework by focusing on ___ governance and management objectives.

An IT security engineer grants an auditor access to a conference room and provides temporary wireless access to them to conduct an analysis for the company's annual financial repor...

Framework Tiers in the NIST Cybersecurity Framework help an organization determine:

What is the primary function of the Identify section in the NIST Cybersecurity Framework?

COBIT 2019 helps organizations implement the NIST Cybersecurity Framework by providing which key capability?

A healthcare organization implements strong access controls to restrict access to patient data only to authorized personnel. Which Protect Function subcategory is this organization...

What is considered outside the scope of a BIA?

What should an organization use to effectively mitigate against password sharing to prevent unauthorized access to systems?

What is the purpose of separation of duties?

What common process conducted by organizations when protecting digital assets is outside the scope of the NIST Cybersecurity Framework?

During what activity does an organization identify and prioritize technical, organizational, procedural, administrative, and physical security weaknesses?

What is the primary driver of a successful implementation of a security policy within a company?

What method identifies the `delta' in projected time for RTO and actual time to complete?

Which of the following NIST Cybersecurity Framework tiers represents the highest level of risk management and cybersecurity maturity?

The ___ function in the NIST Cybersecurity Framework is responsible for developing and implementing appropriate safeguards to protect services.

What does a security benchmark help define?

Which KPIs might be developed around controls within the Identify Function? (Select two)

Which activity is NOT typically part of the Protect function in the NIST Cybersecurity Framework?

Match the NIST Framework component with its primary focus: Component Framework Core Profiles Tiers Functions Focus

Which document identifies cash flow losses, cost of equipment replacement, salaries paid for backlog, and financial loss linked to failures?

Within the COBIT 2019 framework, the governance objective is to ensure that ___ is consistently addressed throughout the organization.

A bank has been alerted to a breach of its reconciliation systems. The notification came from the cybercriminals claiming responsibility in an email to the CEO. The CEO has alerted...

The NIST Cybersecurity Framework uses ___ to help organizations evaluate and improve their cybersecurity posture.

Which of the following are key components of an effective Disaster Recovery Plan (DRP)? (Select two)

What is a valid order of steps from the Incident Response Lifecycle?

What are the four tiers of integration within the NIST Cybersecurity Framework?

A continuously updated CMDB is an output of which NIST function and category?

What is the primary objective of establishing governance and risk management processes for an organization?

Which of the following would be considered a primary activity under the Recover Function?

What is the primary objective of the NIST Cybersecurity Framework?

Which NIST Framework component provides organizations with context on how much cybersecurity risk management they can undertake?