It is not a function of the NIST CSF Core Framework:
A . Analyze (AN).
B. Detect (DE).
C. Identify (ID).
D. None of the above
Answer: A
The activity «create a current CSF profile» indicates the following:
The activity «create a current CSF profile» indicates the following:
A . This assessment could be guided by the organization’s overall risk management process or previous risk assessment activities.
B. The organization develops a current profile indicating the category and subcategory results of the core Framework that are currently being achieved.
C. The organization creates an objective profile that focuses on evaluating the categories and
subcategories of the framework that describe the organization’s desired Cybersecurity outcomes.
Answer: B
Cyberspace assets maintain a category that is Personal Assets, which include:
Cyberspace assets maintain a category that is Personal Assets, which include:
A . Intellectual property.
B. Laptop of the entity.
C. Virtual currency.
D. None of the above.
Answer: C
It is not a NIST CSF objective:
It is not a NIST CSF objective:
A . Establish a different language for managing Cybersecurity risks.
B. Assist critical infrastructure managers and operators to identify, inventory and manage IT risks.
C. None of the above.
D. Establish criteria for the definition of metrics to control implementation performance.
Answer: A
The Identify function allows:
The Identify function allows:
A . To develop organizational understanding to manage Cybersecurity risk to systems, assets, data and capabilities.
B. None of the above.
C. To develop and implement appropriate safeguards to ensure the provision of critical infrastructure services.
D. To develop and implement appropriate activities to maintain resilience plans.
Answer: A
The statement «The Framework provides a common language for communicating requirements among interdependent stakeholders responsible for the delivery of essential critical infrastructure services,» is:
The statement «The Framework provides a common language for communicating requirements among interdependent stakeholders responsible for the delivery of essential critical infrastructure services,» is:
A . Depends on the parties concerned.
B. True.
C. None of the above.
D. False.
Answer: B
The INFORMED RISK Implementation Level must comply with the following in the risk management process:
The INFORMED RISK Implementation Level must comply with the following in the risk management process:
A . The risk management practices of the organization are formally approved and expressed as policies.
B. Risk management practices are approved by management but cannot be established as organization-wide policies.
C. None of the above.
D. The organization adapts its Cybersecurity practices based on lessons learned and predictive
indicators.
Answer: B
The purpose and scope of ISO/IEC 27032 is:
The purpose and scope of ISO/IEC 27032 is:
A . To apply as a reference framework for information security in Latin American member countries.
B. To develop and implement appropriate activities to maintain Cyber resilience plans.
C. None of the above.
D. To provide guidance to improve the state of Cybersecurity, highlighting unique aspects of such activity and its dependence on other areas of security.
Answer: D
The subcategories are:
The subcategories are:
A . None of the above.
B. Cybersecurity Controls.
C. Extension of Cybersecurity functions.
D. Specific sections of rules.
Answer: B
Among the interested parties within cyberspace, we have suppliers, which include:
Among the interested parties within cyberspace, we have suppliers, which include:
A . None of the above.
B. Server providers.
C. Application providers.
D. Remote access providers.
Answer: C