D-CSF-SC-23試験無料問題集（112題）「EMC NIST Cybersecurity Framework 2023 認定」

出題：1

What common process conducted by organizations when protecting digital assets is outside the scope of the NIST Cybersecurity Framework?

A. Recover

B. Protect

C. Identify

D. Investigate

正解：D 解答を投票する

出題：2

A company implemented an intrusion detection system. They notice the system generates a very large number of false alarms.
What steps should the company take to rectify this situation?

A. Consider evaluating a system from another vendor

B. Replace the intrusion detection system with an intrusion protection system

C. Define how to identify and disregard the false alarms

D. Re-evaluate the Baseline and make necessary adjustments to the detection rules

正解：D 解答を投票する

出題：3

You have completed a review of your current security baseline policy. In order to minimize financial, legal, and reputational damage, the baseline configuration requires that infrastructure be categorized for the BIA.
Which categorizations are necessary for the BIA?

A. Security critical, safety critical, and business critical

B. Mission critical and safety critical only

C. Mission critical and business critical only

D. Mission critical, safety critical, and business critical

正解：D 解答を投票する

出題：4

What is the effect of changing the Baseline defined in the NIST Cybersecurity Framework?

A. Negative impact on recovery

B. Does not result in changes to the BIA

C. Review of previously generated alerts

D. Positive impact on detection

正解：C 解答を投票する

出題：5

What categories are specifically contained within the Identify function?

A. Communications
Supply Chain Management
Business Environment

B. Business Environment
Asset Management
Anomalies and Events

C. Supply Chain Risk
Data Security
Response Planning

D. Asset Management
Governance
Risk Assessment

正解：D 解答を投票する

出題：6

What process is used to identify an organization's physical, digital, and human resource, as required in their Business Impact Analysis?

A. Asset Inventory

B. Risk Treatment

C. Risk Management Strategy

D. Risk Assessment

正解：A 解答を投票する

出題：7

What constitutes the main objectives of the Recovery function?

A. Restore assets, workloads, and services

B. Restore backups, analyze threats, and monitor backup integrity

C. Restore workloads, assets, and audit logs

D. Restore services, mitigate risks, and improve

正解：A 解答を投票する

出題：8

What specifically addresses cyber-attacks against an organization's IT systems?

A. Incident Response Plan

B. Continuity of Operations Plan

C. Business Continuity Plan

D. Continuity of Support Plan

正解：A 解答を投票する

出題：9

An administrator receives an alert that four Microsoft Windows machines have joined the network but do not have the appropriate level of patching to be authorized.
Which category addresses this issue?

A. ID.AM

B. DE.DP

C. DE.AE

D. DE.CM

正解：D 解答を投票する

出題：10

Unrecoverable assets are specifically addressed in which function?

A. Recover

B. Protect

C. Respond

D. Identify

正解：A 解答を投票する

D-CSF-SC-23試験無料問題集「EMC NIST Cybersecurity Framework 2023 認定」