Which of the following statements accurately describe the NIST CSF? Select all that apply.1 pointIts purpose is to help manage cybersecurity risk. It is only effective at managing short-term risk.Security teams use it as a baseline to manage risk.It is a voluntary framework.

1.Question 1What is the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)?1 pointA set of security controls that help analysts determine what to do if a data breach occursStandards, guidelines, and best practices that organizations follow voluntarily in order to manage cybersecurity riskA collection of security principles focused on maintaining confidentiality, integrity, and availabilityA required business framework for ensuring security updates and repairs are successful2.Question 2Fill in the blank: The five core functions that make up the CSF are: identify, protect, detect, _____, and recover.1 pointregulaterespondreevaluate reflect3.Question 3Fill in the blank: The CSF _____ function relates to monitoring systems and devices in an organization’s internal network to help security teams manage potential cybersecurity risks and their effects.1 pointrespondprotectidentifyrecover4.Question 4What does a security analyst’s work involve during the CSF recover function?1 point Contain, neutralize, and analyze security incidentsPinpoint threats and improve monitoring capabilities Protect an organization through the implementation of employee trainingReturn affected systems back to normal operationCoursera Honor Code  Learn more

4.Question 4Security teams use the NIST Cybersecurity Framework (CSF) as a baseline to manage short and long-term risk.1 pointTrueFalse

Which of the following statements accurately describe the CSF? Select all that apply.1 pointImplementing improvements to a security process is part of the respond function of the CSF.The CSF is a voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk. The identify function of the CSF involves managing cybersecurity risk and its effects on an organization’s people and assets.The protect function of the CSF involves returning affected systems back to normal operation.6.Question 6

.Question 1What types of risks do security plans address? Select three answers.1 pointShift of market conditionsDamage to assetsDisclosure of dataLoss of information2.Question 2What are the basic elements of a security plan? Select three answers.1 pointProceduresStandardsRegulationsPolicies3.Question 3Fill in the blank: The NIST CSF is a _____ framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.1 pointvoluntarymandatorylimitedrigid4.Question 4What are some benefits of the NIST Cybersecurity Framework (CSF)? Select three answers.1 pointIt’s adaptable to fit the needs of any business.It is required to do business online.It can be used to identify and assess risk.It helps organizations achieve regulatory standards.Coursera Honor Code  Learn more

4.Question 4You are helping your security team consider risk when setting up a new software system. Using  the CIA triad, you focus on integrity, availability, and what else?1 pointConfidentialityCommunicationConsentConformity5.Question 5Fill in the blank: A key aspect of the CIA triad is ensuring that only _____ can access specific assets.1 pointauthorized usersinternet providerssocial media sitesbusiness competitors6.Question 6Which of the following statements accurately describe the NIST CSF? Select all that apply.1 pointIt is only effective at managing short-term risk.Security teams use it as a baseline to manage risk.Its purpose is to help manage cybersecurity risk. It is a voluntary framework.7.Question 7Fill in the blank: Some of the most dangerous threat actors are _____ because they often know where to find sensitive information, can access it, and may have malicious intent. 1 pointdissatisfied customersdisgruntled employees past vendorssenior partners8.Question 8A security professional overhears two employees discussing an exciting new product that has not been announced to the public. The security professional chooses to follow company guidelines with regards to confidentiality and does not share the information about the new product with friends. Which concept does this scenario describe?1 pointSecurity ethicsPreserving evidenceSecurity controlsData encryption