.Question 1What types of risks do security plans address? Select three answers.1 pointShift of market conditionsDamage to assetsDisclosure of dataLoss of information2.Question 2What are the basic elements of a security plan? Select three answers.1 pointProceduresStandardsRegulationsPolicies3.Question 3Fill in the blank: The NIST CSF is a _____ framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.1 pointvoluntarymandatorylimitedrigid4.Question 4What are some benefits of the NIST Cybersecurity Framework (CSF)? Select three answers.1 pointIt’s adaptable to fit the needs of any business.It is required to do business online.It can be used to identify and assess risk.It helps organizations achieve regulatory standards.Coursera Honor Code  Learn more

Which of the following statements accurately describe the NIST CSF? Select all that apply.1 pointSecurity teams use it as a baseline to manage risk.It consists of standards, guidelines, and best practices.Its purpose is to help manage cybersecurity risk. It is only effective at managing long-term risk.

3.Question 3What is a foundational model that informs how organizations consider risk when setting up systems and security policies?1 pointSensitive personally identifiable information (SPII)Cybersecurity Framework (CSF)Confidentiality, integrity, and availability (CIA) triadGeneral Data Protection Regulation law (GDPR)

1.Question 1What is the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)?1 pointA set of security controls that help analysts determine what to do if a data breach occursStandards, guidelines, and best practices that organizations follow voluntarily in order to manage cybersecurity riskA collection of security principles focused on maintaining confidentiality, integrity, and availabilityA required business framework for ensuring security updates and repairs are successful2.Question 2Fill in the blank: The five core functions that make up the CSF are: identify, protect, detect, _____, and recover.1 pointregulaterespondreevaluate reflect3.Question 3Fill in the blank: The CSF _____ function relates to monitoring systems and devices in an organization’s internal network to help security teams manage potential cybersecurity risks and their effects.1 pointrespondprotectidentifyrecover4.Question 4What does a security analyst’s work involve during the CSF recover function?1 point Contain, neutralize, and analyze security incidentsPinpoint threats and improve monitoring capabilities Protect an organization through the implementation of employee trainingReturn affected systems back to normal operationCoursera Honor Code  Learn more

Question 5Which of the following statements accurately describe the CSF? Select all that apply.1 pointInvestigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.The detect function of the CSF involves making sure proper procedures are used to contain, neutralize, and analyze security incidents.The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk. 6.Question 6A security team establishes controls, including permission settings that will be used to create multiple security points that a threat actor must get through to breach their organization. Which OWASP principle does this scenario describe?1 pointDefense in depthSeparation of dutiesKeep security simplePrinciple of least privilege7.Question 7What are some of the primary objectives of an internal security audit? Select three answers.1 pointHelp security teams identify organizational riskAvoid fines due to a lack of complianceDevelop a guiding security statement for the businessImprove security posture8.Question 8Fill in the blank: The planning elements of an internal security audit include establishing scope and _____, then conducting a risk assessment.1 pointcontrolslimitationscompliancegoals9.Question 9A security analyst performs an internal security audit. They focus on the human component of cybersecurity, such as the policies and procedures that define how their company manages data. What are they working to establish?1 pointCompliance controlsPhysical controlsTechnical controlsAdministrative controls10.Question 10What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.1 pointA summary of the scopeQuestions about specific controlsA list of existing risksResults and recommendations

Which of the following statements accurately describe the NIST CSF? Select all that apply.1 pointIt is a voluntary framework.It is only effective at managing short-term risk.Its purpose is to help manage cybersecurity risk. Security teams use it as a baseline to manage risk