NIST-COBIT-2019 exam

Which of the following COBIT 2019 governance principles corresponds to the CSF application stating that CSF profiles support flexibility in content and structure?A . A governance system should be customized to the enterprise needs, using a set of design factors as parameters.B . A governance system should focus primarily on...

Which of the following functions provides foundational activities for the effective use of the Cybersecurity Framework?A . ProtectB . IdentifyC . DetectView AnswerAnswer: B Explanation: The Identify function provides foundational activities for the effective use of the Cybersecurity Framework, because it assists in developing an organizational understanding of managing cybersecurity...

Which CSF step corresponds to the COBIT objective of knowledge and understanding of enterprise goals?A . Step 1: Prioritize and ScopeB . Step 6: Determine, Analyze, and Prioritize GapsC . Step 4: Conduct a Risk AssessmentView AnswerAnswer: A Explanation: This CSF step corresponds to the COBIT objective of knowledge and...

When coordinating framework implementation, the business/process level collaborates with the implementation/operations level to:A . develop the risk management framework.B . assess changes in current and future risks.C . create the framework profile.View AnswerAnswer: B Explanation: According to the TM Forum’s Business Process Framework (eTOM), the business/process level is responsible for...

Which of the following is a framework principle established by NIST as an initial framework consideration?A . Avoiding business risksB . Impact on global operationsC . Ensuring regulatory complianceView AnswerAnswer: C Explanation: One of the framework principles established by NIST is to ensure that the framework is consistent and aligned...

Within the CSF Core structure, which type of capability can be implemented to help practitioners recognize potential or realized risk to enterprise assets?A . Protection capabilityB . Response capabilityC . Detection capabilityView AnswerAnswer: C Explanation: The Detection capability is the type of capability within the CSF Core structure that can...

What is the MOST important reason to compare framework profiles?A . To improve security postureB . To conduct a risk assessmentC . To identify gapsView AnswerAnswer: C Explanation: The most important reason to compare framework profiles is to identify gaps between the current and target state of cybersecurity activities and...

The CSF Implementation Tiers distinguish three fundamental dimensions of risk management to help enterprises evaluate which of the following?A . Cybersecurity postureB . Cybersecurity threatsC . Cybersecurity landscapeView AnswerAnswer: A Explanation: The CSF Implementation Tiers distinguish three fundamental dimensions of risk management to help enterprises evaluate their cybersecurity posture, which...

Analysis is one of the categories within which of the following Core Functions?A . DetectB . RespondC . RecoverView AnswerAnswer: A Explanation: Analysis is one of the six categories within the Detect function of the NIST Cybersecurity Framework. The Analysis category aims to identify the occurrence of a cybersecurity event...

The goals cascade supports prioritization of management objectives based on:A . the prioritization of enterprise goals.B . the prioritization of business objectives.C . the prioritization of stakeholder needs.View AnswerAnswer: C Explanation: The goals cascade is a mechanism that translates the stakeholder needs into specific, actionable, and customized goals at different...