Question 6Which of the following statements accurately describe the NIST CSF? Select all that apply.1 pointIt consists of standards, guidelines, and best practices.It is a voluntary framework.It is only effective at managing long-term risk.Its purpose is to help manage cybersecurity risk

1.Question 1What is the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)?1 pointA set of security controls that help analysts determine what to do if a data breach occursStandards, guidelines, and best practices that organizations follow voluntarily in order to manage cybersecurity riskA collection of security principles focused on maintaining confidentiality, integrity, and availabilityA required business framework for ensuring security updates and repairs are successful2.Question 2Fill in the blank: The five core functions that make up the CSF are: identify, protect, detect, _____, and recover.1 pointregulaterespondreevaluate reflect3.Question 3Fill in the blank: The CSF _____ function relates to monitoring systems and devices in an organization’s internal network to help security teams manage potential cybersecurity risks and their effects.1 pointrespondprotectidentifyrecover4.Question 4What does a security analyst’s work involve during the CSF recover function?1 point Contain, neutralize, and analyze security incidentsPinpoint threats and improve monitoring capabilities Protect an organization through the implementation of employee trainingReturn affected systems back to normal operationCoursera Honor Code  Learn more

Question 5Which of the following statements accurately describe the CSF? Select all that apply.1 pointInvestigating an incident to determine how the threat occurred, what was affected, and where the attack originated is part of the respond function of the CSF.The detect function of the CSF involves making sure proper procedures are used to contain, neutralize, and analyze security incidents.The protect function of the CSF involves implementing policies, procedures, training, and tools to mitigate threats.The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk. 6.Question 6A security team establishes controls, including permission settings that will be used to create multiple security points that a threat actor must get through to breach their organization. Which OWASP principle does this scenario describe?1 pointDefense in depthSeparation of dutiesKeep security simplePrinciple of least privilege7.Question 7What are some of the primary objectives of an internal security audit? Select three answers.1 pointHelp security teams identify organizational riskAvoid fines due to a lack of complianceDevelop a guiding security statement for the businessImprove security posture8.Question 8Fill in the blank: The planning elements of an internal security audit include establishing scope and _____, then conducting a risk assessment.1 pointcontrolslimitationscompliancegoals9.Question 9A security analyst performs an internal security audit. They focus on the human component of cybersecurity, such as the policies and procedures that define how their company manages data. What are they working to establish?1 pointCompliance controlsPhysical controlsTechnical controlsAdministrative controls10.Question 10What information is typically communicated to stakeholders after completion of an internal security audit? Select three answers.1 pointA summary of the scopeQuestions about specific controlsA list of existing risksResults and recommendations

4.Question 4Security teams use the NIST Cybersecurity Framework (CSF) as a baseline to manage short and long-term risk.1 pointTrueFalse

4.Question 4You are helping your security team consider risk when setting up a new software system. Using  the CIA triad, you focus on integrity, availability, and what else?1 pointConfidentialityCommunicationConsentConformity5.Question 5Fill in the blank: A key aspect of the CIA triad is ensuring that only _____ can access specific assets.1 pointauthorized usersinternet providerssocial media sitesbusiness competitors6.Question 6Which of the following statements accurately describe the NIST CSF? Select all that apply.1 pointIt is only effective at managing short-term risk.Security teams use it as a baseline to manage risk.Its purpose is to help manage cybersecurity risk. It is a voluntary framework.7.Question 7Fill in the blank: Some of the most dangerous threat actors are _____ because they often know where to find sensitive information, can access it, and may have malicious intent. 1 pointdissatisfied customersdisgruntled employees past vendorssenior partners8.Question 8A security professional overhears two employees discussing an exciting new product that has not been announced to the public. The security professional chooses to follow company guidelines with regards to confidentiality and does not share the information about the new product with friends. Which concept does this scenario describe?1 pointSecurity ethicsPreserving evidenceSecurity controlsData encryption

.Question 1What types of risks do security plans address? Select three answers.1 pointShift of market conditionsDamage to assetsDisclosure of dataLoss of information2.Question 2What are the basic elements of a security plan? Select three answers.1 pointProceduresStandardsRegulationsPolicies3.Question 3Fill in the blank: The NIST CSF is a _____ framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.1 pointvoluntarymandatorylimitedrigid4.Question 4What are some benefits of the NIST Cybersecurity Framework (CSF)? Select three answers.1 pointIt’s adaptable to fit the needs of any business.It is required to do business online.It can be used to identify and assess risk.It helps organizations achieve regulatory standards.Coursera Honor Code  Learn more