売れ筋トップクラスのD-CSF-SC-23最新試験問題2024年最新のEMC試験練習
Dell Security問題集でD-CSF-SC-23試験は完全版問題で試験学習ガイド
質問 # 31
A bank has been alerted to a breach of its reconciliation systems. The notification came from the cybercriminals claiming responsibility in an email to the CEO. The CEO has alerted the company CSIRT.
What does the Communication Plan for the IRP specifically guide against?
- A. Transfer of chain of custody
- B. Accelerated turn over
- C. Rushed disclosure
- D. Initiating kill chain
正解:C
質問 # 32
What are the five functions of the NIST Framework Core?
- A. Identify, Protect, Detect, Respond, and Recover
- B. Identify, Respond, Protect, Detect, and Governance
- C. Protect, Detect, Respond, Governance, and Recover
- D. Governance, Identify, Recover, Respond, and Recover
正解:A
質問 # 33
What term refers to a partially equipped, environmentally conditioned work space used to relocate operations in the event of a significant disruption?
- A. Secondary site
- B. Warm site
- C. Hot site
- D. Mirror site
正解:B
質問 # 34
What is the main goal of a gap analysis in the Identify function?
- A. Identify business process gaps to improve business efficiency
- B. Determine security controls to improve security measures
- C. Determine actions required to get from the current profile state to the target profile state
- D. Identify gaps between Cybersecurity Framework and Cyber Resilient Lifecycle pertaining to that function
正解:C
質問 # 35
What supports an organization in making risk management decisions to address their security posture in real time?
- A. User access reviews
- B. Video surveillance
- C. Continuous monitoring
- D. Baseline reporting
正解:D
質問 # 36
A new employee is starting work at your company. When should they be informed of the company's security policy?
- A. During regular security awareness sessions
- B. Annual security policy review
- C. After the first security infraction
- D. Based on human resource policy
正解:A
質問 # 37
What should an organization use to effectively mitigate against password sharing to prevent unauthorized access to systems?
- A. Two factor authentication
- B. Frequent password resets
- C. Access through a ticketing system
- D. Strong password requirements
正解:A
質問 # 38
What is part of the Pre-Recovery phase?
- A. Monitor assets
- B. Validate functionality
- C. Backup validation
- D. Restore assets
正解:B
質問 # 39
What helps an organization compare an "as-is, to-be" document and identify opportunities for improving cybersecurity posture useful for capturing organizational baselines of today and their desired state of tomorrow so that a gap analysis can be conducted?
- A. Profile
- B. Framework
- C. Assessment
- D. Core
正解:A
質問 # 40
What specifically addresses cyber-attacks against an organization's IT systems?
- A. Continuity of Operations Plan
- B. Business Continuity Plan
- C. Continuity of Support Plan
- D. Incident Response Plan
正解:D
質問 # 41
The CSIRT team is following the existing recovery plans on non-production systems in a PRE- BREACH scenario. This action is being executed in which function?
- A. Identify
- B. Respond
- C. Recover
- D. Protect
正解:C
質問 # 42
In accordance with PR.MA, an organization has just truncated all log files that are more than 12 months old. This has freed up 25 TB per logging server.
What must be updated once the transaction is verified?
- A. Baseline
- B. IRP
- C. SDLC
- D. ISCM
正解:D
質問 # 43
What are the five categories that make up the Response function?
- A. Awareness and Training, Improvements, Communications, Analysis, and Governance
- B. Mitigation, Improvements, Maintenance, Response Planning, and Governance
- C. Response Planning, Communications, Analysis, Mitigation, and Improvements
- D. Response Planning, Data Security, Communications, Analysis, and Mitigation
正解:C
質問 # 44
The project manager of a data center has a budget of $1,500,000 to install critical infrastructure systems. The project will take 24 months to complete.
The project manager is working with the project management team, security experts, and stakeholders to identify cyber risks. After reviewing the project plan, the CIO wants to know why so many risk identification meetings are requested.
What a valid reason for the repeated risk identification meetings?
- A. Update the company risk register
- B. Transfer risk to other project team members
- C. Prevent all risk
- D. Identify new risks
正解:A
質問 # 45
Your organization has tasked you with collecting information on all the data, personnel, devices, systems, and facilities that enable the organization to achieve its business purposes.
Which part of the NIST Cybersecurity Framework would you consult first?
- A. DE.DP
- B. ID.SC
- C. ID.AM
- D. PR.AC
正解:C
質問 # 46
What is the purpose of the Asset Management category?
- A. Avoid breaches of any criminal or civil law, statutory, regulatory, or contractual obligations
- B. Inventory physical devices and systems, software platform and applications, and communication flows
- C. Support asset management strategy and information infrastructure security policies
- D. Prevent unauthorized access, damage, and interference to business premises and information
正解:B
質問 # 47
Refer to the exhibit.
What is shown?
- A. CRLC
- B. SDLC
- C. CSF
- D. ILM
正解:A
質問 # 48
What is the purpose of a baseline assessment?
- A. Determine costs
- B. Reduce deployment time
- C. Enhance data integrity
- D. Determine risk
正解:D
質問 # 49
You have been tasked with documenting mission critical procedures of an organization that need to be sustained through a significant disruption.
What document would you develop?
- A. Regression Test Plan
- B. Business Impact Assessment
- C. Risk Analysis Report
- D. Business Continuity Plan
正解:D
質問 # 50
......
最善な方法で問題集を使おう!練習テストならこれEMC D-CSF-SC-23:https://jp.fast2test.com/D-CSF-SC-23-premium-file.html