D-CSF-SC-23試験無料問題集（112題）「EMC NIST Cybersecurity Framework 2023 認定」

出題：1

What activity informs situational awareness of the security status of an organization's systems?

A. IDP

B. ISCM

C. DPI

D. RMF

正解：B 解答を投票する

出題：2

Assume that a DDoS attack has been occurring for 72 minutes.
What determines who talks to external stakeholders?

A. Incident Response Plan

B. Communication Plan

C. Business Impact Analysis

D. Business Continuity Plan

正解：B 解答を投票する

出題：3

What are the four tiers of integration within the NIST Cybersecurity Framework?

A. Corrective, Risk Informed, Repeatable, and Adaptive

B. Risk Informed, Selective, Repeatable, and Partial

C. Selective, Repeatable, Partial, and Adaptive

D. Partial, Risk Informed, Repeatable, and Adaptive

正解：D 解答を投票する

出題：4

What categories are specifically contained within the Identify function?

A. Communications
Supply Chain Management
Business Environment

B. Business Environment
Asset Management
Anomalies and Events

C. Supply Chain Risk
Data Security
Response Planning

D. Asset Management
Governance
Risk Assessment

正解：D 解答を投票する

出題：5

An organization has a policy to respond "ASAP" to security incidents. The security team is having a difficult time prioritizing events because they are responding to all of them, in order of receipt.
Which part of the IRP does the team need to implement or update?

A. 'Post mortem' documentation

B. Scheduling of incident responses

C. Classification of incidents

D. Containment of incidents

正解：C 解答を投票する

出題：6

Concerning a risk management strategy, what should the executive level be responsible for communicating?

A. Risk profile

B. Risk tolerance

C. Risk mitigation

D. Asset risk

正解：B 解答を投票する

出題：7

Consider the following situation:
- A complete service outage has occurred, affecting critical services
- Users are unable to perform their tasks
- Customers are unable to conduct business
- Financial impact is beyond the highest allowed threshold
What is the correct classification level for this situation?

A. High impact

B. Business critical

C. Mission critical

D. Safety critical

正解：C 解答を投票する

出題：8

What should an organization use to effectively mitigate against password sharing to prevent unauthorized access to systems?

A. Frequent password resets

B. Access through a ticketing system

C. Two factor authentication

D. Strong password requirements

正解：C 解答を投票する

出題：9

What is considered outside the scope of a BIA?

A. Estimated probability of the identified threats actually occurring

B. Efficiency and effectiveness of existing risk mitigation controls

C. Selection of full, incremental, or differential backups

D. Determination of capacity requirements for backups

正解：C 解答を投票する

出題：10

What is the effect of changing the Baseline defined in the NIST Cybersecurity Framework?

A. Negative impact on recovery

B. Does not result in changes to the BIA

C. Review of previously generated alerts

D. Positive impact on detection

正解：C 解答を投票する

D-CSF-SC-23試験無料問題集「EMC NIST Cybersecurity Framework 2023 認定」