




































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
MISY 5325 Exam 2 Guide.pdf MISY 5325 Exam 2 Guide.pdf
Typology: Exams
1 / 44
This page cannot be seen from the preview
Don't miss anything!





































Inz9thez9NISTz9sz9Cybersecurityz9Frameworkz9Coordinationz9model,z9thez9im plementation/operationsz9levelz9isz9wherez9thez9stakeholdersz9arez9inz9chargez 9 ofz9implementingz9thez9frameworkz9andz9communicatingz9thez9implementat ionz9progressz9toz9thez9__________z9level.
audit/accounting
implementation/operations
business/process
Executivez9-z9correctz9answer✔ ✔ business/process
NIST'sz9Cybersecurityz9Frameworkz9providesz9az9commonz9languagez9toz9co mmunicatez9requirementsz9withz9allz9thez9stakeholdersz9withinz9orz9outsidez9y ourz9organizationz9thatz9arez9responsiblez9forz9thez9deliveryz9ofz9essentialz9crit icalz9infrastructurez9services.
True
Falsez9-z9correctz9answer✔ ✔ True
NISTz9Cybersecurityz9Frameworkz9isz9builtz9fromz9standards,z9guidelines,z9a ndz9practicesz9toz9providez9az9commonz9__________z9forz9organizations.
standard
guidance
framework
practicez9-z9correctz9answer✔ ✔ guidance
__________z9arez9az9listz9ofz9specificz9outcomesz9ofz9technicalz9and/orz9mana gementz9activities.
Categories
Subcategories
Informativez9references
Guidelinesz9-z9correctz9answer✔ ✔ Subcategories
Inz9thez9NIST'sz9Cybersecurityz9Frameworkz9Coordinationz9model,z9thez9bus iness/processz9levelz9obtainsz9thez9executivez9levelz9inputsz9intoz9thez9riskz9ma nagementz9processz9andz9thenz9collaboratesz9withz9thez9__________z9level.
business/process
implementation/operations
audit/accounting
Categories
Subcategories
Informativez9references
Guidelinesz9-z9correctz9answer✔ ✔ Guidelines
NISTz9sz9Cybersecurityz9Frameworkz9isz9dividedz9intoz9threez9partsz9includin gz9allz9EXCEPT:
core
profiles
standards
implementationz9tiersz9-z9correctz9answer✔ ✔ standards
Thez9NISTz9Cybersecurityz9Frameworkz9consistsz9ofz9standards,z9guidelines ,z9andz9practicesz9toz9protectz9thez9promotionz9ofz9criticalz9infrastructure.
True
Falsez9-z9correctz9answer✔ ✔ False
Thez9NISTz9Cybersecurityz9Frameworkz9__________z9is/z9arez9designedz9toz helpz9organizationsz9toz9viewz9andz9understandz9thez9characteristicsz9ofz9theirz 9 approachz9toz9managingz9cybersecurityz9risk.z9-z9correctz9answer✔ ✔
Tiers
Thez9NISTz9Cybersecurityz9Frameworkz9Tiersz9includez9allz9ofz9thesez9catego
riesz9EXCEPT:z9-z9correctz9answer✔ ✔ a.z9Internalz9Participation
Inz9thez9NISTz9sz9Cybersecurityz9Frameworkz9Coordinationz9model,z9thez9exe cutivez9levelz9communicatesz9thez9missionz9priorities,z9availablez9resources,z 9 andz9overallz9riskz9tolerancez9toz9thez9__________z9level.z9-z9correctz9answer ✔ ✔ business/processz9level
__________z9pointz9toz9industryz9standards,z9guidelines,z9andz9practicesz9tha tz9arez9beneficialz9forz9anz9organizationz9tryingz9toz9achievez9outcomes.z9-
z9correctz9answer✔ ✔ Informativez9references
Thez9NISTz9Cybersecurityz9Frameworkz9Corez9consistz9ofz9thesez9functions:z
9 - z9correctz9answer✔ ✔ "identify,z9protect,z9detect,z9respond,z9recover"
Inz9thez9NISTz9sz9Cybersecurityz9Frameworkz9Coordinationz9model,z9thez9bus iness/processz9levelz9obtainsz9thez9executivez9levelz9inputsz9intoz9thez9riskz9ma nagementz9process,z9andz9thenz9collaboratesz9withz9thez9__________z9level.z
Inz9termsz9ofz9authorization,z9thez9threez9categoriesz9ofz9accessz9controlz9listsz (ACLs)z9includez9allz9BUT:z9-z9correctz9answer✔ ✔ Securityz9Controls
Thez9threez9primaryz9authorizationz9modelsz9includez9allz9EXCEPT:z9-
z9correctz9answer✔ ✔ Multilayerz9authorization
__________z9isz9thez9processz9ofz9thez9subjectz9supplyingz9verifiablez9credent
ialsz9toz9thez9object.z9-z9correctz9answer✔ ✔ Authentication
Thez9NISTz9Cybersecurityz9Frameworkz9wasz9createdz9throughz9collaboratio nz9betweenz9industryz9andz9government.z
True
Falsez9-z9correctz9answer✔ ✔ True
Thez9NISTz9Cybersecurityz9Frameworkz9Corez9subcategoryz9outcomesz9arez meaningfulz9forz9multiplez9requirements.z
True
Falsez9-z9correctz9answer✔ ✔ True
Thez9Implementationz9Tiersz9inz9thez9NISTz9Cybersecurityz9Frameworkz9arez 9 notz9prescriptivez9likez9youz9mayz9findz9inz9otherz9maturityz9models.z
True
Falsez9-z9correctz9answer✔ ✔ True
NISTz9Cybersecurityz9Frameworkz9isz9builtz9fromz9standards,z9guidelines,z9a ndz9practicesz9toz9providez9az9commonz9__________z9forz9organizations.z9-
z9correctz9answer✔ ✔ Guidance
Inz9thez9NISTz9Cybersecurityz9Frameworkz9Cyberz9Supplyz9Chainz9Relations hip,z9companiesz9havez9communicationz9withz9allz9EXCEPT:z9- z9correctz9answer✔ ✔ Operationalz9processz9(OP)z9partners
NISTz9sz9Cybersecurityz9Frameworkz9providesz9az9commonz9languagez9toz9c ommunicatez9requirementsz9withz9allz9thez9stakeholdersz9withinz9orz9outsidez yourz9organizationz9thatz9arez9responsiblez9forz9thez9deliveryz9ofz9essentialz9cri ticalz9infrastructurez9services.z
True
Falsez9-z9correctz9answer✔ ✔ True
Thez9NISTz9Cybersecurityz9Frameworkz9__________z9is/arez9designedz9toz helpz9thez9underlyingz9organizationz9alignz9itsz9cybersecurityz9undertakingsz withz9businessz9requirements,z9riskz9tolerances,z9andz9resources.z9-
z9correctz9answer✔ ✔ Profiles
__________z9groupz9thez9elementsz9ofz9az9functionz9intoz9collectionsz9ofz9cyb
ersecurityz9outcomes.z9-z9correctz9answer✔ ✔ Categories
NISTz9isz9veryz9clearz9thatz9theirz9frameworkz9isz9aimedz9toz9replacez9existingz riskz9managementz9processesz9andz9cybersecurityz9programsz9ofz9yourz9orga nization
True
Falsez9-z9correctz9answer✔ ✔ False
Thez9fourz9(4)z9NISTz9Cybersecurityz9Frameworkz9Tiersz9are:z9-
z9correctz9answer✔ ✔ "Partial,z9risk-informed,z9repeatable,z9adaptive"
Thez9NISTz9Cybersecurityz9Frameworkz9wasz9createdz9throughz9collaboratio nz9betweenz9industryz9andz9government.
True
Falsez9-z9correctz9answer✔ ✔ True
NISTz9sz9Cybersecurityz9__________z9isz9az9livingz9documentz9andz9willz9con tinuez9toz9bez9updatedz9andz9improvedz9asz9participantsz9providez9feedbackz9o nz9implementation.z9-z9correctz9answer✔ ✔ Framework
NISTz9sz9Cybersecurityz9Frameworkz9isz9dividedz9intoz9threez9partsz9includin
gz9allz9EXCEPT:z9-z9correctz9answer✔ ✔ Standards
Thez9NISTz9Cybersecurityz9Frameworkz9cannotz9bez9usedz9toz9translatez9amo ngz9az9varietyz9ofz9riskz9managementz9practices.
True
Falsez9-z9correctz9answer✔ ✔ False
Thez9NISTz9Cybersecurityz9Frameworkz9Corez9functionsz9arez9brokenz9down
z9inz9toz9allz9ofz9thesez9EXCEPTz9-z9correctz9answer✔ ✔ Guidelines
Thez9NISTz9Cybersecurityz9Frameworkz9__________z9functionz9includesz9t hez9categoriesz9andz9subcategoriesz9thatz9definez9whatz9processesz9andz9assets
z9needz9protection.z9-z9correctz9answer✔ ✔ Identify
Thez9NISTz9Cybersecurityz9Frameworkz9__________z9is/arez9designedz9toz helpz9thez9underlyingz9organizationz9alignz9itsz9cybersecurityz9undertakingsz withz9businessz9requirements,z9riskz9tolerances,z9andz9resources.z9-
z9correctz9answer✔ ✔ profiles
Thez9Implementationz9Tiersz9inz9thez9NISTz9Cybersecurityz9Frameworkz9arez 9 notz9prescriptivez9likez9youz9mayz9findz9inz9otherz9maturityz9models.
True
Falsez9-z9correctz9answer✔ ✔ True
NISTz9Cybersecurityz9Frameworkz9isz9builtz9fromz9standards,z9guidelines,z9a ndz9practicesz9toz9providez9az9commonz9__________z9forz9organizations.z9-
z9correctz9answer✔ ✔ Guidance
Chapterz9 9 z9Summaryz9-z9correctz9answer✔ ✔
Thez9processz9forz9identifying,z9authenticatingz9andz9authorizingz9usersz9orz9g roupsz9ofz9usersz9toz9havez9accessz9toz9applications,z9systemsz9orz9networksz9is z9referredz9toz9asz9__________.
accessz9management
identityz9management
systemsz9management
controlz9managementz9-z9correctz9answer✔ ✔ identityz9management
_________z9is/arez9usedz9programmaticallyz9andz9isz9basedz9onz9az9combinati onz9ofz9anz9unforgeablez9referencez9andz9anz9operationalz9message.
Multilayerz9access
Objectz9capability
Securityz9labels
Accessz9controlz9listsz9(ACLs)z9-z9correctz9answer✔ ✔
Objectz9capability
Inz9termsz9ofz9accessz9control,z9thez9activez9entityz9thatz9requestsz9accessz9toz9az 9 resourcez9orz9dataz9isz9referredz9toz9asz9thez9__________.
object
subject
active
entityz9-z9correctz9answer✔ ✔ subject
Thez9keyz9conceptsz9ofz9identificationz9includez9allz9BUT:
Accountingz9-z9correctz9answer✔ ✔ Authorization
Thez9securityz9posturez9ofz9anz9organizationz9determinesz9thez9customz9settin gsz9forz9accessz9controls.
True
Falsez9-z9correctz9answer✔ ✔ True
Inz9termsz9ofz9authorization,z9examplesz9ofz9securityz9labelsz9(basedz9onz9itsz9c lassification)z9includez9allz9EXCEPT:
needz9toz9know
confidential
secret
topz9secretz9-z9correctz9answer✔ ✔ needz9toz9know
__________z9is/arez9mandatoryz9accessz9controlsz9embeddedz9inz9thez9object z9andz9subjectz9properties.
Multilayerz9access
Objectz9capability
Securityz9labels
Accessz9controlz9listsz9(ACLs)z9-z9correctz9answer✔ ✔ Securityz9labels
Networkz9Accessz9Controlz9(NAC)z9canz9providez9thez9followingz9EXCEPT:
Identityz9andz9trust
Instrumentationz9andz9management
Policyz9enforcement
Passwordz9managementz9-z9correctz9answer✔ ✔ Passwordz9management
Asz9describedz9inz9NISTz9Specialz9Publicationz9800- 87,z9examinationsz9involvez9forensicallyz9processingz9largez9amountsz9ofz9co llectedz9dataz9usingz9az9combinationz9ofz9automatedz9andz9manualz9methodsz9t oz9assessz9andz9extractz9dataz9ofz9particularz9interest,z9whilez9preservingz9thez9i ntegrityz9ofz9thez9data.
True
Falsez9-z9correctz9answer✔ ✔ True
Multifactorz9authenticationz9isz9whenz9onez9orz9morez9factorsz9arez9presented.
Authenticationz9isz9aboutz9establishingz9whoz9youz9are,z9whereasz9identificati onz9isz9aboutz9provingz9youz9arez9thez9entityz9youz9claimz9toz9be.
True
Falsez9-z9correctz9answer✔ ✔ False
Az9securityz9__________z9isz9anz9organizationz9sz9approachz9toz9accessz9contr olsz9basedz9onz9informationz9aboutz9anz9object,z9suchz9asz9az9hostz9(endz9syste m)z9orz9network.z9-z9correctz9answer✔ ✔ Posture
___________z9isz9thez9processz9ofz9thez9subjectz9supplyingz9anz9identifierz9toz
thez9object.z9-z9correctz9answer✔ ✔ Identification
Inz9termsz9ofz9authorization,z9examplesz9ofz9securityz9labelsz9(basedz9onz9itsz9c
lassification)z9includez9allz9EXCEPT:z9-z9correctz9answer✔ ✔ Needz9Toz9Know
Networkz9Accessz9Controlz9(NAC)z9canz9providez9thez9followingz9EXCEPTz
__________z9is/arez9usedz9toz9determinez9accessz9basedz9onz9somez9combinat ionz9ofz9specificz9criteria,z9suchz9asz9az9userz9ID,z9groupz9membership,z9classif
ication,z9location,z9address,z9andz9date.z9-z9correctz9answer✔ ✔ Accessz9controlz9lists
_______z9is/arez9usedz9programmaticallyz9andz9isz9basedz9onz9az9combination z9ofz9anz9unforgeablez9referencez9andz9anz9operationalz9messagez9-
z9correctz9answer✔ ✔ Objectz9Capability
Therez9arez9threez9categoriesz9ofz9identificationz9factorsz9thatz9includez9allz9B
UTz9-z9correctz9answer✔ ✔ Rolez9(somethingz9thez9userz9does)
Thez9principlez9ofz9__________z9privilegez9statesz9thatz9allz9usersz9shouldz9bez 9 grantedz9onlyz9thez9levelz9ofz9privilegez9theyz9needz9toz9doz9theirz9jobs,z9andz9n
oz9more.z9-z9correctz9answer✔ ✔ least
Thez9processz9forz9identifying,z9authenticatingz9andz9authorizingz9usersz9orz9g roupsz9ofz9usersz9toz9havez9accessz9toz9applications,z9systemsz9orz9networksz9is z9referredz9toz9asz9__________.z9-z9correctz9answer✔ ✔
identityz9management
Inz9termsz9ofz9accessz9control,z9a(n)z9__________z9schemez9isz9usedz9toz9identi
fyz9uniquez9recordsz9inz9az9set,z9suchz9asz9az9username.z9-z9correctz9answer✔
✔ Identification