Manage Security Risks Flashcards

module two

1
Q

What is the purpose of security frameworks in organizations?

A

To reduce risk and protect data and privacy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) consist of?

A

Standards, guidelines, and best practices to manage cybersecurity risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Fill in the blank: The five core functions of the CSF are identify, protect, detect, respond, and _____.

A

recover.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the role of the “identify” function in the CSF?

A

Management of cybersecurity risk and its effect on an organization’s people and assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which CSF function involves implementing policies, procedures, training, and tools to mitigate cybersecurity threats?

A

Protect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does the “respond” function in the CSF entail?

A

Ensuring that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Fill in the blank: The CSF “recover” function relates to _____ systems back to normal operation.

A

returning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What principle suggests that users should have the least amount of access required to perform their tasks?

A

Principle of least privilege.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the purpose of an internal security audit?

A

To review an organization’s security controls, policies, and procedures against a set of expectations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Fill in the blank: A security _____ is a review of an organization’s security controls, policies, and procedures.

A

audit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which principle involves designing applications so their optimal security state is their default state?

A

Establish secure defaults

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does the principle “fail securely” mean?

A

When a control fails, it should default to its most secure option.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why shouldn’t organizations trust third-party services implicitly?

A

Because these services often have different security policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which OWASP principle emphasizes avoiding unnecessarily complicated solutions?

A

Keep security simple.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the significance of the principle “avoid security by obscurity”?

A

Security should not rely solely on keeping details hidden.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Fill in the blank: Security controls are safeguards designed to reduce _____ security risks.

A

specific.

17
Q

What is the role of encryption in maintaining data integrity?

A

It converts data from a readable format to an encoded format to prevent unauthorized access.

18
Q

What does the term “biometrics” refer to in cybersecurity?

A

Unique physical characteristics used to verify a person’s identity.

19
Q

Which element of the CIA triad ensures data is accessible to authorized users?

A

Availability.

20
Q

What is the primary goal of business continuity in cybersecurity?

A

To maintain everyday productivity by establishing risk disaster recovery plans.

21
Q

Fill in the blank: The principle of _____ involves multiple people following the principle of least privilege to perform critical actions.

A

separation of duties.

22
Q

How does the principle “fix security issues correctly” help in maintaining security?

A

By identifying the root cause, containing the impact, and ensuring remediation is successful.

23
Q

What does the “scope” of an internal security audit refer to?

A

Identifying people, assets, policies, procedures, and technologies that might impact an organization’s security posture.

24
Q

What are some primary objectives of an internal security audit?

A

Determine improvements for achieving the desired security posture, avoid fines, and identify organizational risk.