Play it safe: Manage Security Risks

Question 1

The fifth step of the NIST RMF that means to* determine if established controls are implemented correctly*

Answer 1

Assess

Question 2

The sixth step of the NIST RMF that refers to being accountable for the security and privacy risks that may exist in an organization

Answer 2

Authorize

Question 3

An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans

Answer 3

Business continuity

Question 4

The second step of the NIST RMF that is used to develop risk management processes and tasks

Answer 4

Categorize

Question 5

Anything outside the organization that has the potential to harm organizational assets

Answer 5

External threat

Question 6

The fourth step of the NIST RMF that means to implement security and privacy plans for an organization

Answer 6

Implement

Question 7

A current or former employee, external vendor, or trusted partner who poses a security risk

Answer 7

Internal threat

Question 8

The seventh step of the NIST RMF that means be aware of how systems are operating

Answer 8

Monitor

Question 9

The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs

Answer 9

Prepare

Question 10

A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access

Answer 10

Ransomware

Question 11

Anything that can impact the confidentiality, integrity, or availability of an asset

Answer 11

Risk

Question 12

The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

Answer 12

Risk mitigation

Question 13

An organization’s ability to manage its defense of critical assets and data and react to change

Answer 13

Security posture

Question 14

The third step of the NIST RMF that means to choose, customize, and capture documentation of the controls that protect an organization

Answer 14

Select

Question 15

The idea that all individuals within an organization take an active role in lowering risk and maintaining both physical and virtual security

Answer 15

Shared responsibility

Question 16

A manipulation technique that exploits human error to gain private information, access, or valuables

Answer 16

Social engineering

Question 17

A weakness that can be exploited by a threat

Answer 17

Vulnerability

Question 18

CISSP

Answer 18

Certified information systems security professional

Question 19

CISSP 8 Domains

Answer 19

1. • Security and Risk management
2. Asset Management,
3. Security Archetecture & Engineering,
4. Communications & Network Security,
5. Idenity & Access Management,
6. Security Assessment & Testing,
7. Security Operations,
8. Software Development security.

Question 20

An item perceived as having value to an organization

Answer 20

Asset

Question 21

The pathways attackers use to penetrate security defenses

Answer 21

Attack vectors

Question 22

The process of verifying who someone is

Answer 22

Authentication

Question 23

The concept of granting access to specific resources in a system

Answer 23

Authorization

Question 24

The idea that data is accessible to those who are authorized to access it

Answer 24

Availability

Question 25

The unique physical characteristics that can be used to verify a person’s identity

Answer 25

Biometrics

Question 26

The idea that only authorized users can access specific assets or data

Answer 26

Confidentiality

Question 27

A model that helps inform how organizations consider risk when setting up systems and security policies

Answer 27

Confidentiality, integrity, availability (CIA) triad

Question 28

A NIST core function related to identifying potential security incidents and improving monitoring capabilities to increase the speed and efficiency of detections

Answer 28

Detect

Question 29

The process of converting data from a readable format to an encoded format

Answer 29

Encryption

Question 30

A NIST core function related to management of cybersecurity risk and its effect on an organization’s people and assets

Answer 30

Identify

Question 31

The idea that the data is correct, authentic, and reliable

Answer 31

Integrity

Question 32

A voluntary framework that consists of standards, guidelines, and best practices to manage cybersecurity risk

Answer 32

National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)

Question 33

A unified framework for protecting the security of information systems within the U.S. federal government

Answer 33

National Institute of Standards and Technology (NIST) Special Publication (S.P.) 800-53

Question 34

A non-profit organization focused on improving software security

Answer 34

Open Web Application Security Project/Open Worldwide Application Security Project (OWASP

Question 35

A NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats

Answer 35

Protect

Question 36

A NIST core function related to returning affected systems back to normal operation

Answer 36

Recover

Question 37

A NIST core function related to making sure that the proper procedures are used to contain, neutralize, and analyze security incidents, and implement improvements to the security process

Answer 37

Respond

Question 38

Anything that can impact the confidentiality, integrity, or availability of an asset

Answer 38

Risk

Question 39

A review of an organization’s security controls, policies, and procedures against a set of expectations

Answer 39

Security audit

Question 40

Safeguards designed to reduce specific security risks

Answer 40

Security controls

Question 41

Guidelines used for building plans to help mitigate risk and threats to data and privacy

Answer 41

Security frameworks

Question 42

An organization’s ability to manage its defense of critical assets and data and react to change

Answer 42

Security posture

Question 43

Any circumstance or event that can negatively impact assets

Answer 43

Threat

Question 44

A cloud-native tool designed to retain, analyze, and search data

Answer 44

Chronicle

Question 45

An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach

Answer 45

Incident response

Question 46

A record of events that occur within an organization’s systems

Answer 46

Log

Question 47

Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application

Answer 47

Metrics

Question 48

The interface between computer hardware and the user

Answer 48

Operating system (OS)

Question 49

A manual that provides details about any operational action

Answer 49

Playbook

Question 50

An application that collects and analyzes log data to monitor critical activities in an organization

Answer 50

Security information and event management (SIEM)

Question 51

A collection of applications, tools, and workflows that use automation to respond to security events

Answer 51

Security orchestration, automation, and response (SOAR

Question 52

A software platform that collects, analyzes, and correlates security data from various sources across your IT infrastructure that helps identify and respond to security threats in real-time, investigate security incidents, and comply with security regulations

Answer 52

SIEM tools

Question 53

A cloud-hosted tool used to collect, search, and monitor log data

Answer 53

Splunk Cloud

Question 54

A self-hosted tool used to retain, analyze, and search an organization’s log data to provide security information and alerts in real-time

Answer 54

Splunk Enterprise

Question 55

A manual that provides details about any operational action.

Answer 55

Playbook

Question 56

An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach

Answer 56

Incident response