Risk Management and NIST RMF

Question 1

What is the 5th step of the NIST RMF

Answer 1

Assess:
to determine if established controls are implemented correctly

Question 2

What is the 6th Step of the NIST RMF?

Answer 2

Authorize:
being accountable for the security and privacy risks that may exist in an organization

Question 3

What is Business continuity?

Answer 3

An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans

Question 4

What is the 2nd Step of the NIST RMF?

Answer 4

Categorize:
used to develop risk management processes and tasks

Question 5

What is an External threat?

Answer 5

Anything outside the organization that has the potential to harm organizational assets

Question 6

What is the 4th step of the NIST RMF?

Answer 6

Implement:
to implement security and privacy plans for an organization

Question 7

What is an Internal threat?

Answer 7

A current or former employee, external vendor, or trusted partner who poses a security risk

Question 8

What is the 7th step of the NIST RMF?

Answer 8

Monitor: that means be aware of how systems are operating

Question 9

What is the 1st step of the NIST RMF?

Answer 9

Prepare: related to activities that are necessary to manage security and privacy risks before a breach occurs

Question 10

What is Ransomware?

Answer 10

A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access

Question 11

What is Risk?

Answer 11

Anything that can impact the confidentiality, integrity, or availability of an asset

Question 12

What is Risk mitigation?

Answer 12

The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

Question 13

What is Security posture?

Answer 13

An organization’s ability to manage its defence of critical assets and data and react to change

Question 14

What is the 3rd step of NIST RMF?

Answer 14

Select: means to choose, customize, and capture documentation of the controls that protect an organization

Question 15

What is meant by Shared responsibility?

Answer 15

The idea that all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security

Question 16

What is Social engineering?

Answer 16

A manipulation technique that exploits human error to gain private information, access, or valuables

Question 17

What is a Vulnerability?

Answer 17

A weakness that can be exploited by a threat

Question 18

What are the 7 steps in the NIST RMF?

Answer 18

1.Prepare
2. Categorise
3. Select
4. Implement
5. Assess
6. Authorise
7. Monitor

Question 19

What does NIST RMF mean?

Answer 19

National Institute of Standards and Technology- Risk Management Framework

Question 20

Which of the following is the first step in the NIST Risk Management Framework (RMF)?
(a) Prepare
(b) Categorize
(c) Select
(d) Implement

Answer 20

a- Prepare

Question 21

What is the purpose of the “select” step in the RMF?
(a) To develop risk management processes and tasks
(b) To choose, customize, and capture documentation of controls
(c) To implement security and privacy plans
(d) To determine if established controls are implemented correctly

Answer 21

(b) To choose, customize, and capture documentation of controls

Question 22

Which of the following is NOT a task that an entry-level security analyst may perform as part of the RMF?
(a) Monitoring for risks
(b) Developing plans of action
(c) Generating reports
(d) Establishing project milestones

Answer 22

(b) Developing plans of action

Question 23

The RMF is only used by security professionals with advanced experience. (True/False)

Answer 23

False

Question 24

The “monitor” step in the RMF involves assessing and maintaining technical operations. (True/False)

Answer 24

True

Question 25

Entry-level security analysts are not responsible for understanding how to mitigate and manage risks. (True/False)

Answer 25

False

Question 26

Digital assets include the personal information of employees, clients, or vendors, such as:

Answer 26

Social Security Numbers (SSNs), or unique national identification numbers assigned to individuals

Dates of birth

Bank account numbers

Mailing addresses

Question 27

Examples of physical assets include:

Answer 27

Payment kiosks

Servers

Desktop computers

Office spaces

Question 28

List some common strategies used to manage risks include:

Answer 28

Acceptance: Accepting a risk to avoid disrupting business continuity

Avoidance: Creating a plan to avoid the risk altogether

Transference: Transferring risk to a third party to manage

Mitigation: Lessening the impact of a known risk

Question 29

What are the different factors that can affect the likelihood of a risk to an organization’s assets?

Answer 29

External risk: Anything outside the organization that has the potential to harm organizational assets, such as threat actors attempting to gain access to private information

Internal risk: A current or former employee, vendor, or trusted partner who poses a security risk

Legacy systems: Old systems that might not be accounted for or updated, but can still impact assets, such as workstations or old mainframe systems. For example, an organization might have an old vending machine that takes credit card payments or a workstation that is still connected to the legacy accounting system.

Multiparty risk: Outsourcing work to third-party vendors can give them access to intellectual property, such as trade secrets, software designs, and inventions.

Software compliance/licensing: Software that is not updated or in compliance, or patches that are not installed in a timely manner

Question 30

Which resource regularly updates and publishes a standard awareness document about the top 10 most critical security risks
to web applications?

Answer 30

Open Web Application Security Project (OWASP)

Question 31

Which types of vulnerabilities within their systems should organizations regularly inspect for?

Answer 31

ProxyLogon: A pre-authenticated vulnerability that affects the Microsoft Exchange server. This means a threat actor can complete a user authentication process to deploy malicious code from a remote location.

ZeroLogon: A vulnerability in Microsoft’s Netlogon authentication protocol. An authentication protocol is a way to verify a person’s identity. Netlogon is a service that ensures a user’s identity before allowing access to a website’s location.

Log4Shell: Allows attackers to run Java code on someone else’s computer or leak sensitive information. It does this by enabling a remote attacker to take control of devices connected to the internet and run malicious code.

PetitPotam: Affects Windows New Technology Local Area Network (LAN) Manager (NTLM). It is a theft technique that allows a LAN-based attacker to initiate an authentication request.

Security logging and monitoring failures: Insufficient logging and monitoring capabilities that result in attackers exploiting vulnerabilities without the organization knowing it

Server-side request forgery: Allows attackers to manipulate a server-side application into accessing and updating backend resources. It can also allow threat actors to steal data.

Question 32

What is ProxyLogon?

Answer 32

Vulnerability type:
A pre-authenticated vulnerability that affects the Microsoft Exchange server. This means a threat actor can complete a user authentication process to deploy malicious code from a remote location

Question 33

What is a ZeroLogon?

Answer 33

A vulnerability in Microsoft’s Netlogon authentication protocol. An authentication protocol is a way to verify a person’s identity. Netlogon is a service that ensures a user’s identity before allowing access to a website’s location.

Question 34

What is Log4Shell?

Answer 34

A vulnerability that allows attackers to run Java code on someone else’s computer or leak sensitive information. It does this by enabling a remote attacker to take control of devices connected to the internet and run malicious code.

Question 35

What is PetitPotam?

Answer 35

A vulnerability that affects Windows New Technology Local Area Network (LAN) Manager (NTLM). It is a theft technique that allows a LAN-based attacker to initiate an authentication request.

Question 36

Security logging and monitoring failures can result in …?

Answer 36

Insufficient logging and monitoring capabilities result in attackers exploiting vulnerabilities without the organization knowing it

Question 37

What could result in Server-side request forgery vulnerability?

Answer 37

It can allow attackers to manipulate a server-side application into accessing and updating backend resources. It can also allow threat actors to steal data.

Question 38

Which of the following is a common risk management strategy?
(a) Acceptance
(b) Avoidance
(c) Transference
(d) All of the above

Answer 38

(d) All of the above

Question 39

Which of the following is a type of threat?
(a) Insider threat
(b) Advanced persistent threat (APT)
(c) Legacy system
(d) Software compliance/licensing

Answer 39

(a) Insider threat

Question 40

Which of the following is a type of vulnerability?
(a) ProxyLogon
(b) ZeroLogon
(c) Log4Shell
(d) All of the above

Answer 40

(d) All of the above

Question 41

Risk is the likelihood of a threat (True/False)

Answer 41

True

Question 42

Vulnerabilities are weaknesses that can be exploited by threats (True/False)

Answer 42

True

Question 43

Security logging and monitoring failures are not a type of vulnerability (True/False)

Answer 43

False