DES-9131

An organization has a policy to respond “ASAP” to security incidents. The security team is having a difficult time prioritizing events because they are responding to all of them, in order of receipt. Which part of the IRP does the team need to implement or update?A . Scheduling of incident...

What supports an organization in making risk management decisions to address their security posture in real time?A . Baseline reportingB . Continuous monitoringC . User access reviewsD . Video surveillanceView AnswerAnswer: A

The CSF recommends that the Communication Plan for an IRP include audience, method of communication, frequency, and what other element?A . Incident categoryB . Message criteriaC . Incident severityD . Templates to useView AnswerAnswer: B Explanation: Reference: https://www.utc.edu/information-technology/pdfs/it-comm-plan-master-2017.pdf (p.4)

What determines the technical controls used to restrict access to USB devices and help prevent their use within a company?A . Block use of the USB devices for all employeesB . Written security policy prohibiting the use of the USB devicesC . Acceptable use policy in the employee HR on-boarding...

What are the four tiers of integration within the NIST Cybersecurity Framework?A . Selective, Repeatable, Partial, and AdaptiveB . Partial, Risk Informed, Repeatable, and AdaptiveC . Corrective, Risk Informed, Repeatable. and AdaptiveD . Risk Informed, Selective, Repeatable, and PartialView AnswerAnswer: B Explanation: Reference: https://www.nist.gov/cyberframework/online-learning/components-framework