Question 1

A company's IT department has identified an increase in phishing attacks targeting employees. To address this cybersecurity risk, what strategic action should be included in their comprehensive cybersecurity strategy?

Options :

A : Outsource all email management to a third-party provider without implementing additional security measures

B : Upgrade the physical security systems within company facilities

C : Decrease the frequency of network security audits to allocate more resources to training and other phishing defenses

D : Implement a continuous employee training program focused on recognizing and responding to phishing attempts

Answer: D

Question 2

An e-commerce company is upgrading its cybersecurity measures to include automated tools that detect and respond to unusual network traffic, which could indicate a cyber attack. They aim to quickly contain any identified threats to prevent data breaches. Which subcategory in the NIST Cybersecurity Framework could best support the implementation of these automated detection and response systems?

Options :

A : GV.SC-01

B : DE.CM-01

C : PR.DS-01

D : ID.AM-04

Answer: B

Question 3

In what way does the NIST Cybersecurity Framework's nature impact its adoption across various industries and sectors, including critical infrastructure and small businesses?

Options :

A : Mandates compliance which could strain resources for sectors not typically targeted by cybersecurity regulations

B : Limits its use strictly to government entities required to implement it by regulation to maintain compliance throughout organizations

C : Encourages a wider adoption by allowing organizations to tailor the guidelines to their specific needs and capabilities

D : Discourages small businesses from adopting it due to the perceived complexity and cost which ensures its elite status

Answer: C

Question 4

What is the benefit of comparing an organization's current profile against its target profile?

Options :

A : To determine the return on investment for the information technology and cybersecurity department budgets

B : To fulfill the organization-s mandatory reporting requirements to regulatory agencies and legal bodies

C : To identify discrepancies between current practices and desired outcomes, guiding focused improvements

D : To evaluate the performance of the cybersecurity tools currently in use within the organization

Answer: C

Question 5

Which of the following terms best describes the assurance that digital systems, services, and resources are accessible and usable when needed, without disruptions or services being denied?

Options :

A : Integrity

B : Non-repudiation

C : Availability

D : Confidentiality

Answer: C