Question 1

An aeronautical engineering firm works primarily with the Department of Defense and relies heavily upon semiconductors that are manufactured outside the United States. They are concerned about the risk or attack surface associated with foreign made semiconductors. Which of the following subcategories in the NIST Cybersecurity Framework covers the firm’s concern?

Options :

A : Asset Management

B : Risk Assessment

C : Data Security

D : Cybersecurity Supply Chain Risk Management

Answer: D

Question 2

What advantage does the Cyber Risk Institute (CRI) Profile offer to financial institutions implementing the NIST Cybersecurity Framework?

Options :

A : To provide a uniform cybersecurity training program for all employees within the sector

B : To replace existing financial regulations with a newer and more secure standard

C : To enforce a minimum cybersecurity budget across all financial institutions

D : To align measures with financial regulatory requirements, streamlining compliance efforts

Answer: D

Question 3

A company's IT department has identified an increase in phishing attacks targeting employees. To address this cybersecurity risk, what strategic action should be included in their comprehensive cybersecurity strategy?

Options :

A : Outsource all email management to a third-party provider without implementing additional security measures

B : Upgrade the physical security systems within company facilities

C : Decrease the frequency of network security audits to allocate more resources to training and other phishing defenses

D : Implement a continuous employee training program focused on recognizing and responding to phishing attempts

Answer: D

Question 4

In the context of cybersecurity investments, what does Total Cost of Ownership (TCO) encompass?

Options :

A : The price comparison between different cybersecurity vendors over time

B : The potential savings gained by preventing cybersecurity incidents over time

C : The calculation of all costs associated with a cybersecurity solution throughout its lifecycle

D : The initial purchase price of cybersecurity hardware and software only

Answer: C

Question 5

Which of the following best describes how the NIST Cybersecurity Framework facilitates organizational cybersecurity practices?

Options :

A : By utilizing rigid structures that limit its adaptability and evolution

B : By ensuring absolute cybersecurity by elimiating all risk of a data breaches

C : By dictating precise cybersecurity policies to be followed without deviation

D : By providing a common language to promote effective collaboration

Answer: D