NIST Cybersecurity Framework 2023 Exam (D-CSF-SC-23) Free Practice Test

Question 1

A company implemented an intrusion detection system. They notice the system generates a very large number of false alarms.
What steps should the company take to rectify this situation?

A. Define how to identify and disregard the false alarms

B. Consider evaluating a system from another vendor

C. Replace the intrusion detection system with an intrusion protection system

D. Re-evaluate the Baseline and make necessary adjustments to the detection rules

Correct Answer: D

Question 2

What process is used to identify an organization's physical, digital, and human resource, as required in their Business Impact Analysis?

A. Risk Management Strategy

B. Asset Inventory

C. Risk Treatment

D. Risk Assessment

Correct Answer: B

Question 3

Concerning a risk management strategy, what should the executive level be responsible for communicating?

A. Risk tolerance

B. Asset risk

C. Risk mitigation

D. Risk profile

Correct Answer: A

Question 4

Which NIST Cybersecurity Framework component defines activities and references for a specific cybersecurity approach?

A. Core

B. Profile

C. Tiers

D. Category

Correct Answer: B

Question 5

What should an organization use to effectively mitigate against password sharing to prevent unauthorized access to systems?

A. Frequent password resets

B. Strong password requirements

C. Two factor authentication

D. Access through a ticketing system

Correct Answer: C

Question 6

What corporate strategy is used to guide efforts after a catastrophic event and is implemented to ensure the return to normal business activity?

A. Contingency Plan

B. Continuity of Operations Plan

C. Business Continuity Plan

D. Disaster Recovery Plan

Correct Answer: C

Question 7

Which category addresses the detection of unauthorized code in software?

A. PR.DS

B. DE.CM

C. PR.AT

D. DE.DP

Correct Answer: B

Welcome to TestSimulate

EMC NIST Cybersecurity Framework 2023 (D-CSF-SC-23) Free Practice Test