1.Question 1What is the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)?1 pointA required business framework for ensuring security updates and repairs are successfulA collection of security principles focused on maintaining confidentiality, integrity, and availabilityA set of security controls that help analysts determine what to do if a data breach occursStandards, guidelines, and best practices that organizations follow voluntarily in order to manage cybersecurity risk

Question 6Which of the following statements accurately describe the NIST CSF? Select all that apply.1 pointIt consists of standards, guidelines, and best practices.It is a voluntary framework.It is only effective at managing long-term risk.Its purpose is to help manage cybersecurity risk

4.Question 4Security teams use the NIST Cybersecurity Framework (CSF) as a baseline to manage short and long-term risk.1 pointTrueFalse

3.Question 3What is a foundational model that informs how organizations consider risk when setting up systems and security policies?1 pointSensitive personally identifiable information (SPII)Cybersecurity Framework (CSF)Confidentiality, integrity, and availability (CIA) triadGeneral Data Protection Regulation law (GDPR)

Question 5Which of the following statements accurately describe the CSF? Select all that apply.1 pointInvestigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.The detect function of the CSF involves making sure proper procedures are used to contain, neutralize, and analyze security incidents.The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk. 6.Question 6A security team establishes controls, including permission settings that will be used to create multiple security points that a threat actor must get through to breach their organization. Which OWASP principle does this scenario describe?1 pointDefense in depthSeparation of dutiesKeep security simplePrinciple of least privilege7.Question 7What are some of the primary objectives of an internal security audit? Select three answers.1 pointHelp security teams identify organizational riskAvoid fines due to a lack of complianceDevelop a guiding security statement for the businessImprove security posture8.Question 8Fill in the blank: The planning elements of an internal security audit include establishing scope and _____, then conducting a risk assessment.1 pointcontrolslimitationscompliancegoals9.Question 9A security analyst performs an internal security audit. They focus on the human component of cybersecurity, such as the policies and procedures that define how their company manages data. What are they working to establish?1 pointCompliance controlsPhysical controlsTechnical controlsAdministrative controls10.Question 10What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.1 pointA summary of the scopeQuestions about specific controlsA list of existing risksResults and recommendations

Question 1Fill in the blank: A security _____ is a set of guidelines used for building plans to help mitigate risk and threats to data and privacy.1 pointlifecycleregulationframeworkcontrol2.Question 2An organization requires its employees to complete a new data privacy training program each year to reduce the risk of a data breach. What is this training requirement an example of?1 pointPersonally identifiable information (PII)Security controlData confidentialityCybersecurity Framework (CSF)3.Question 3What is a foundational model that informs how organizations consider risk when setting up systems and security policies?1 pointCybersecurity Framework (CSF)General Data Protection Regulation law (GDPR)Sensitive personally identifiable information (SPII)Confidentiality, integrity, and availability (CIA) triad4.Question 4Security teams use the NIST Cybersecurity Framework (CSF) as a baseline to manage short and long-term risk.1 pointTrueFalse