Manage Security Risk

Question 1

What does the term “security posture” refer to in an organization?

Answer 1

An organization’s ability to manage its defense of critical assets and data and react to change.

Question 2

Name three key focus areas of the security and risk management domain.

Answer 2

Mitigate risk, be in compliance, define security goals and objectives

Question 3

What is the primary goal of business continuity?

Answer 3

To maintain everyday productivity by establishing risk disaster recovery plans.

Question 4

According to the concept of shared responsibility, how can employees help lower risk?

Answer 4

By taking an active role and recognizing and reporting security concerns.

Question 5

Which security domain focuses on ensuring user identities are trusted and authenticated?

Answer 5

Identity and access management.

Question 6

Name three activities that may be part of establishing security controls.

Answer 6

Collect and analyze security data regularly, implement multi-factor authentication, evaluate whether current controls help achieve business goals.

Question 7

In which domain do security team members use each phase of the software development lifecycle to conduct security reviews?

Answer 7

Software development security.

Question 8

Describe a high-risk asset.

Answer 8

An asset with SPII, PII, or intellectual property that, if compromised, can have severe negative impacts.

Question 9

What type of consequence does a business face if critical operations are interrupted and it faces regulatory fines due to an attack?

Answer 9

Financial consequence.

Question 10

What step in the Risk Management Framework (RMF) involves being accountable for potential risks?

Answer 10

Authorize.

Question 11

What is a vulnerability in the context of cybersecurity?

Answer 11

A weakness that can be exploited by a threat.

Question 12

How is risk defined in cybersecurity?

Answer 12

Anything that can impact the confidentiality, integrity, or availability of an asset.

Question 13

What does the “categorize” step in the NIST RMF involve?

Answer 13

Developing risk management processes and tasks.

Question 14

Give an example of an external threat.

Answer 14

Threat actors attempting to gain access to private information from outside the organization.

Question 15

What does the “implement” step in the NIST RMF mean?

Answer 15

Implementing security and privacy plans for an organization.

Question 16

Who poses an internal threat?

Answer 16

A current or former employee, external vendor, or trusted partner.

Question 17

What does the “monitor” step in the NIST RMF involve?

Answer 17

Being aware of how systems are operating.

Question 18

What is ransomware?

Answer 18

A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access.

Question 19

What is risk mitigation?

Answer 19

The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach.

Question 20

Define shared responsibility in cybersecurity.

Answer 20

Define shared responsibility in cybersecurity.

Question 21

What is social engineering?

Answer 21

A manipulation technique that exploits human error to gain private information, access, or valuables.

Question 22

What does the “prepare” step in the NIST RMF involve?

Answer 22

Activities necessary to manage security and privacy risks before a breach occurs.

Question 23

Describe the process of authorizing in the RMF.

Answer 23

Being accountable for the security and privacy risks that may exist in an organization.

Question 24

What is the focus of asset security?

Answer 24

Managing the cybersecurity processes of organizational assets, including storage, maintenance, retention, and destruction of data.

Question 25

Why is the security assessment and testing domain important?

Answer 25

It focuses on identifying and mitigating risks, threats, and vulnerabilities through security control testing, data analysis, and audits.