D-CSF-SC-23無料問題集「EMC NIST Cybersecurity Framework 2023」

質問 1

Refer to the exhibit.

What type of item appears in the second column of the table?

（A）Function

（B）Tier

（C）Subcategory

（D）Informative Reference

正解：C 解答を投票する

質問 2

What supports an organization in making risk management decisions to address their security posture in real time?

（A）Continuous monitoring

（B）User access reviews

（C）Baseline reporting

（D）Video surveillance

正解：C 解答を投票する

質問 3

A security engineer is responsible for monitoring company software, firmware, system OS, and applications for known vulnerabilities.
How should they stay current on exploits and information security?

（A）Implement security awareness training

（B）Update company policies and procedures

（C）Subscribe to security mailing lists

（D）Revise vulnerability management plan

正解：C 解答を投票する

質問 4

The CSIRT discovers that an attacker changed some non-encrypted values on a database, causing an e-commerce application to show incorrect prices.
Which part(s) of the CIA Triad was affected on the database?

（A）A only

（B）C, I

（C）A, I

（D）C, A

正解：C 解答を投票する

質問 5

What identifies the value of data to an organization so that confidentiality and integrity can be protected and intelligent data handling decisions can be made?

（A）Data analysis

（B）Data capital

（C）Data classification

（D）Data security

正解：C 解答を投票する

質問 6

The CSF recommends that the Communication Plan for an IRP include audience, method of communication, frequency, and what other element?

（A）Incident category

（B）Message criteria

（C）Incident severity

（D）Templates to use

正解：C 解答を投票する

質問 7

What is a consideration when developing a Disaster Recovery Plan?

（A）Method to terminate incident responses

（B）Develop termination strategies

（C）Exchange essential information between stakeholders

（D）Define scenarios by type and scope of impact

正解：D 解答を投票する

質問 8

What process is used to identify an organization's physical, digital, and human resource, as required in their Business Impact Analysis?

（A）Risk Treatment

（B）Asset Inventory

（C）Risk Assessment

（D）Risk Management Strategy

正解：B 解答を投票する

質問 9

An organization has a policy to respond "ASAP" to security incidents. The security team is having a difficult time prioritizing events because they are responding to all of them, in order of receipt.
Which part of the IRP does the team need to implement or update?

（A）Classification of incidents

（B）Containment of incidents

（C）Scheduling of incident responses

（D）'Post mortem' documentation

正解：A 解答を投票する

質問 10

What is the purpose of separation of duties?

（A）Encourage collaboration

（B）Enhance exposure to functional areas

（C）Internal control to prevent fraud

（D）Mitigate collusion and prevent theft

正解：C 解答を投票する

D-CSF-SC-23 無料問題集「EMC NIST Cybersecurity Framework 2023」

弊社を連絡する

関連リンク

トップ試験