Practice Free D-CSF-SC-01 Exam Online Questions
A financial institution has deployed Intrusion Detection Systems (IDS) to monitor network traffic for unusual activity.
This aligns with which Detect Function subcategory?
- A . Detection Processes
- B . Risk Assessment
- C . Continuous Monitoring
- D . Asset Management
What could be considered a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors and align to five concurrent and continuous functions?
- A . Baseline
- B . Core
- C . Profile
- D . Governance
What is a recommended usage of the Detect function?
- A . Implement following the Protect Function
- B . Remain confidential to IT management
- C . Communicate to appropriate levels
- D . Eliminate risks among systems
A ___________ provides an organization with a detailed understanding of its assets, guiding the configuration of protective technologies within the Protect Function.
- A . Baseline Configuration
- B . Threat Intelligence Plan
- C . Recovery Strategy
- D . Communication Plan
COBIT 2019’s focus on cybersecurity risk aligns with which NIST Cybersecurity Framework component?
- A . Respond
- B . Profiles
- C . Governance
- D . Tiers
A company opened eight new offices. To save money, the CFO outsourced support of the eight offices to a 3rd party IT group.
In a rushed demand that was out of process, local admin accounts and VPN access were created for the 3rd party maintainer on all infrastructure in the eight offices. In the rush, the IT department at headquarters forgot to implement logging for all remote connections from the new 3rd party IT group.
Which category was not addressed?
- A . PR.PT
- B . ID.AM
- C . RS.CO
- D . DE.AE
Which of the following NIST Cybersecurity Framework tiers represents the highest level of risk management and cybersecurity maturity?
- A . Tier 1: Partial
- B . Tier 2: Risk-Informed
- C . Tier 3: Repeatable
- D . Tier 4: Adaptive
What determines the technical controls used to restrict access to USB devices and help prevent their use within a company?
- A . Block use of the USB devices for all employees
- B . Written security policy prohibiting the use of the USB devices
- C . Acceptable use policy in the employee HR on-boarding training
- D . Detect use of the USB devices and report users
You have been asked by your organization to:
– Assist in developing an organizational understanding for managing cybersecurity risk to systems, people, assets, data, and capabilities
– Outline appropriate safeguards to ensure delivery of critical infrastructure services to limit or contain the impact of a potential cybersecurity event
– Define the appropriate activities to identify the occurrence of a cybersecurity event by enabling timely discovery
– Determine the appropriate business outcome by planning, communicating, analyzing, mitigating, and improving the process
– Identify the appropriate activities to maintain plans for resilience and restore capabilities or services impaired due to a cybersecurity incident
Based on these details, what would be the correct sequence of steps to take?
- A . Recover
Detect
Protect
Respond
Identify - B . Recover
Detect
Protect
Identify
Respond - C . Recover
Protect
Identify
Respond
Detect - D . Identify
Protect
Detect
Respond
Recover
What is used to identify critical systems, networks, and data based on their criticality to business operations?
- A . Business Impact Analysis
- B . Business Organization Analysis
- C . Incident Response Plan
- D . Business Continuity Plan