Manage Security Risks

Question 1

What is the purpose of security frameworks in organizations?

Answer 1

To reduce risk and protect data and privacy.

Question 2

What does the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) consist of?

Answer 2

Standards, guidelines, and best practices to manage cybersecurity risk.

Question 3

Fill in the blank: The five core functions of the CSF are identify, protect, detect, respond, and _____.

Answer 3

recover.

Question 4

What is the role of the “identify” function in the CSF?

Answer 4

Management of cybersecurity risk and its effect on an organization’s people and assets.

Question 5

Which CSF function involves implementing policies, procedures, training, and tools to mitigate cybersecurity threats?

Answer 5

Protect.

Question 6

What does the “respond” function in the CSF entail?

Answer 6

Ensuring that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process.

Question 7

Fill in the blank: The CSF “recover” function relates to _____ systems back to normal operation.

Answer 7

returning.

Question 8

What principle suggests that users should have the least amount of access required to perform their tasks?

Answer 8

Principle of least privilege.

Question 9

What is the purpose of an internal security audit?

Answer 9

To review an organization’s security controls, policies, and procedures against a set of expectations.

Question 10

Fill in the blank: A security _____ is a review of an organization’s security controls, policies, and procedures.

Answer 10

audit

Question 11

Which principle involves designing applications so their optimal security state is their default state?

Answer 11

Establish secure defaults

Question 12

What does the principle “fail securely” mean?

Answer 12

When a control fails, it should default to its most secure option.

Question 13

Why shouldn’t organizations trust third-party services implicitly?

Answer 13

Because these services often have different security policies

Question 14

Which OWASP principle emphasizes avoiding unnecessarily complicated solutions?

Answer 14

Keep security simple.

Question 15

What is the significance of the principle “avoid security by obscurity”?

Answer 15

Security should not rely solely on keeping details hidden.

Question 16

Fill in the blank: Security controls are safeguards designed to reduce _____ security risks.

Answer 16

specific.

Question 17

What is the role of encryption in maintaining data integrity?

Answer 17

It converts data from a readable format to an encoded format to prevent unauthorized access.

Question 18

What does the term “biometrics” refer to in cybersecurity?

Answer 18

Unique physical characteristics used to verify a person’s identity.

Question 19

Which element of the CIA triad ensures data is accessible to authorized users?

Answer 19

Availability.

Question 20

What is the primary goal of business continuity in cybersecurity?

Answer 20

To maintain everyday productivity by establishing risk disaster recovery plans.

Question 21

Fill in the blank: The principle of _____ involves multiple people following the principle of least privilege to perform critical actions.

Answer 21

separation of duties.

Question 22

How does the principle “fix security issues correctly” help in maintaining security?

Answer 22

By identifying the root cause, containing the impact, and ensuring remediation is successful.

Question 23

What does the “scope” of an internal security audit refer to?

Answer 23

Identifying people, assets, policies, procedures, and technologies that might impact an organization’s security posture.

Question 24

What are some primary objectives of an internal security audit?

Answer 24

Determine improvements for achieving the desired security posture, avoid fines, and identify organizational risk.