DES-9131Preview

DRAG DROP -
Rank order the relative severity of impact to an organization of each plan, where "1" signifies the most impact and "4" signifies the least impact.
Select and Place:

Concerning a risk management strategy, what should the executive level be responsible for communicating?

What process is used to identify an organization's physical, digital, and human resource, as required in their Business Impact Analysis?

Refer to the exhibit.

What type of item appears in the second column of the table?

Which document provides an implementation plan to recover business functions and processes during and after an event?

What are the four tiers of integration within the NIST Cybersecurity Framework?

What procedure is designed to enable security personnel to detect, analyze, contain, eradicate, respond, and recover from malicious computer incidents such as a denial-of-service attack?

What determines the technical controls used to restrict access to USB devices and help prevent their use within a company?

What supports an organization in making risk management decisions to address their security posture in real time?

When should event analysis be performed?

What type of system processes information, the loss of which would have a debilitating impact to an organization?

Which mechanism within the NIST Cybersecurity Framework describes a method to capture the current state and define the target state for understanding gaps, exposure, and prioritize changes to mitigate risk?

The CSF recommends that the Communication Plan for an IRP include audience, method of communication, frequency, and what other element?

What is the main goal of a gap analysis in the Identify function?

What does a security benchmark help define?

In which function is the SDLC implemented?

Which category addresses the detection of unauthorized code in software?

What database is used to record and manage assets?

The CSIRT team is following the existing recovery plans on non-production systems in a PRE-BREACH scenario. This action is being executed in which function?

What is a consideration when performing data collection in Information Security Continuous Monitoring?

An organization has a policy to respond "ASAP" to security incidents. The security team is having a difficult time prioritizing events because they are responding to all of them, in order of receipt.
Which part of the IRP does the team need to implement or update?

Your firewall blocked several machines on your network from connecting to a malicious IP address. After reviewing the logs, the CSIRT discovers all Microsoft
Windows machines on the network have been affected based on a newly published CVE.
Based on the IRP, what should be done immediately?

Which NIST Cybersecurity Framework function should be executed before any others?