The "recover" function of the NISI cybersecurity framework is concerned with:
Correct Answer: A
Explanation The "recover" function of the NIST cybersecurity framework is concerned with planning for resilience and timely repair of compromised capacities and service. This is because the recover function helps organizations to restore normal operations as quickly as possible after a cybersecurity incident, while also learning from the incident and improving their security posture. The other options are not part of the recover function, but rather belong to the identify (B), respond C, or protect (D) functions.
Question 7
A data loss prevention (DLP) program helps protect an organization from:
Correct Answer: D
Explanation A data loss prevention (DLP) program helps protect an organization from exfiltration of sensitive data. This is because exfiltration of sensitive data is a type of cyberattack that involves stealing or leaking sensitive or confidential information from an organization's systems or networks to an external destination or party. Exfiltration of sensitive data can cause serious harm to an organization's reputation, operations, finances, legal compliance, etc. A DLP program helps to prevent exfiltration of sensitive data by detecting and blocking any unauthorized or suspicious attempts to access, copy, transfer, or share sensitive data by users or applications. The other options are not cyberattacks that a DLP program helps protect an organization from, but rather different types of cyberattacks that affect other aspects or objectives of information security, such as crypto ransomware infection (A), unauthorized access to servers and applications (B), or unauthorized data modification C.
Question 8
Which of the following is a feature of a stateful inspection firewall?
Correct Answer: B
Explanation A feature of a stateful inspection firewall is that it is capable of detecting and blocking sophisticated attacks. A stateful inspection firewall is a type of firewall that monitors and analyzes the state and context of network traffic. It keeps track of the source, destination, protocol, port, and session information of each packet and compares it with a set of predefined rules. A stateful inspection firewall can detect and block attacks that exploit the logic or behavior of network protocols or applications, such as fragmentation attacks, session hijacking, or application-layer attacks.
Question 9
Availability can be protected through the use of:
Correct Answer: D
Explanation Availability can be protected through the use of redundancy, backups, and business continuity management. This is because these measures help to ensure that systems, data, and services are accessible and functional at all times, even in the event of a disruption or disaster. The other options are not directly related to protecting availability, but rather focus on enhancing confidentiality (A), integrity C, or awareness (D).
Question 10
Which intrusion detection system component is responsible for collecting data in the form of network packets, log files, or system call traces?
Correct Answer: D
Explanation The intrusion detection system component that is responsible for collecting data in the form of network packets, log files, or system call traces is sensors. This is because sensors are components of an intrusion detection system that are deployed on various locations or points of the network or system, such as routers, switches, servers, etc., and that capture and collect data from the network traffic or system activities. Sensors then forward the collected data to another component of the intrusion detection system, such as analyzers, for further processing and analysis. The other options are not components of an intrusion detection system that are responsible for collecting data in the form of network packets, log files, or system call traces, but rather different components or techniques that are related to intrusion detection or prevention, such as packet filters (A), analyzers (B), or administration modules C.
