Assessment

True/False

Indicate whether the statement is true or false.

____ 1. NIST developed the Cybersecurity Framework as a mandatory set of standards to manage risks to critical infrastructure.

____ 2. Risk tolerance is the acceptable level of risk a company is willing to take.

Multiple Choice

Identify the choice that best completes the statement or answers the question.

____ 3. Which of the following is not considered a basic security service?

• a. Confidentiality
• b. Authentication
• c. Integrity
• d. Network Security

____ 4. All of the following are standards defined in the NERC CIP standards, except:

• a. Personnel and Training
• b. Sabotage Reporting
• c. Authentication and Access Controls
• d. Recovery Plans for Critical Cyber Assets

____ 5. Continuous Monitoring activities occur under which Framework Core activity?

• a. Identify
• b. Detect
• c. Respond
• d. Protect

____ 6. An impact analysis is a part of which step in the risk management process?

• a. Risk control
• b. Risk assessment
• c. Risk identification
• d. Risk mitigation

____ 7. Which risk handling method reduces the likelihood of the risk occurring to as much as zero?

• a. Mitigation
• b. Avoidance
• c. Transference
• d. Acceptance

Multiple Response

Identify one or more choices that best complete the statement or answer the question.

____ 8. Which of the following are a part of the Framework Processes (Select all that apply)?

• a. Framework Profile
• b. Framework Drivers
• c. Framework Implementation Tiers
• d. Framework Core Functions

Completion

Complete each statement.

9. The Framework ________________  provides background on how an organization views cybersecurity risk and the processes that are in place to manage that risk.

10. ____________________  is defined as the process of identifying vulnerabilities and taking carefully reasoned steps to ensure the confidentiality, integrity, and availability of the information system.