21. Which of the following are components of the NIST Cybersecurity Framework? Select three answers.

  • Profiles
  • Core
  • Controls
  • Tiers

22. Fill in the blank: To measure performance across the functions of the _____, security teams use NIST tiers.

  • profiles
  • core
  • framework
  • business

23. An employee who has access to company assets abuses their privileges by stealing information and selling it for personal gain. What does this scenario describe?

  • Vulnerability
  • Procedure
  • Threat
  • Regulation

24. Which of the following are examples of security vulnerabilities? Select three answers.

  • Unattended laptop
  • Suspended access card
  • Weak password
  • Unlocked doors at a business

25. Which of the following statements correctly describe security asset management? Select two answers.

  • It helps identify risks.
  • It decreases vulnerabilities.
  • It is a one-time process.
  • It uncovers gaps in security.

26. What is an example of restricted information? Select all that apply.

  • Cardholder data
  • Intellectual property
  • Employee email addresses
  • Health information

27. What are some key benefits of a security plan? Select three answers.

  • Define consistent policies that address what’s being protected and why.
  • Establish a shared set of standards for protecting assets.
  • Outline clear procedures that describe how to protect assets and react to threats.
  • Enhance business advantage by collaborating with key partners.

28. Fill in the blank: CSF profiles provide insights into the _____ state of a security plan.

  • historical
  • current
  • future
  • recent

Shuffle Q/A 3

29. An employee is asked to email customers and request that they complete a satisfaction survey. The employee must be given access to confidential information in the company database to conduct the survey. What types of confidential customer information should the employee be able to access from the company's database to do their job? Select two answers.

  • E-mail addresses
  • Credit card data
  • Customer names
  • Home addresses

30. A mobile game displays ads to users. The game is free to users so long as they occasionally view ads from other companies. Should these other companies be able contact the users of the gaming app?

  • Maybe, because users have control over sharing their information.
  • No, because this user information is restricted.
  • Yes, because user information is public.

Leave a Reply