DELL EMC D-CSF-SC-23 시험

Question No : 1

What should an organization use to effectively mitigate against password sharing to prevent unauthorized access to systems?

• A.Access through a ticketing system
• B.Frequent password resets
• C.Strong password requirements
• D.Two factor authentication

답을 확인하기

정답:

Question No : 2

The information security manager for a major web based retailer has determined that the product catalog database is corrupt. The business can still accept orders online but the products cannot be updated. Expected downtime to rebuild is roughly four hours.
What type of asset should the product catalog database be categorized as?

• A.Mission critical
• B.Safety critical
• C.Non-critical
• D.Business critical

답을 확인하기

정답:

Question No : 3

Your organization was breached. You informed the CSIRT and they contained the breach and eradicated the threat.
What is the next step required to ensure that you have an effective CSRL and a more robust cybersecurity posture in the future?

• A.Determine change agent
• B.Update the BIA
• C.Conduct a gap analysis
• D.Update the BCP

답을 확인하기

정답:

Question No : 4

During what activity does an organization identify and prioritize technical, organizational, procedural, administrative, and physical security weaknesses?

• A.Table top exercise
• B.Penetration testing
• C.Vulnerability assessment
• D.White box testing

답을 확인하기

정답:

Question No : 5

At what cyber kill chain stage do attackers use malware to exploit specific software or hardware vulnerabilities on the target, based on the information retrieved at the reconnaissance stage?

• A.Installation
• B.Reconnaissance
• C.Weaponization
• D.Delivery

답을 확인하기

정답:

Question No : 6

Refer to the exhibit.



What type of item appears in the second column of the table?

• A.Subcategory
• B.Informative Reference
• C.Function
• D.Tier

답을 확인하기

정답:

Question No : 7

Concerning a risk management strategy, what should the executive level be responsible for communicating?

• A.Risk mitigation
• B.Risk profile
• C.Risk tolerance
• D.Asset risk

답을 확인하기

정답:

Question No : 8

What is concerned with availability, reliability, and recoverability of business processes and functions?

• A.Business Impact Analysis
• B.Business Continuity Plan
• C.Recovery Strategy
• D.Disaster Recovery Plan

답을 확인하기

정답:

Question No : 9

What is the main goal of a gap analysis in the Identify function?

• A.Determine security controls to improve security measures
• B.Determine actions required to get from the current profile state to the target profile state
• C.Identify gaps between Cybersecurity Framework and Cyber Resilient Lifecycle pertaining to that function
• D.Identify business process gaps to improve business efficiency

답을 확인하기

정답:

Question No : 10

What is the purpose of a baseline assessment?

• A.Enhance data integrity
• B.Determine costs
• C.Reduce deployment time
• D.Determine risk

답을 확인하기

정답:

Question No : 11

The CSIRT team is following the existing recovery plans on non-production systems in a PRE-BREACH scenario. This action is being executed in which function?

• A.Protect
• B.Recover
• C.Identify
• D.Respond

답을 확인하기

정답:

Question No : 12

What helps an organization compare an "as-is, to-be" document and identify opportunities for improving cybersecurity posture useful for capturing organizational baselines of today and their desired state of tomorrow so that a gap analysis can be conducted?

• A.Framework
• B.Core
• C.Assessment
• D.Profile

답을 확인하기

정답:

Question No : 13

What determines the technical controls used to restrict access to USB devices and help prevent their use within a company?

• A.Block use of the USB devices for all employees
• B.Written security policy prohibiting the use of the USB devices
• C.Acceptable use policy in the employee HR on-boarding training
• D.Detect use of the USB devices and report users

답을 확인하기

정답:

Question No : 14

An organization has a policy to respond “ASAP” to security incidents. The security team is having a difficult time prioritizing events because they are responding to all of them, in order of receipt.
Which part of the IRP does the team need to implement or update?

• A.Scheduling of incident responses
• B.‘Post mortem’ documentation
• C.Classification of incidents
• D.Containment of incidents

답을 확인하기

정답:

Question No : 15

A bank has been alerted to a breach of its reconciliation systems. The notification came from the cybercriminals claiming responsibility in an email to the CEO. The CEO has alerted the company CSIRT.
What does the Communication Plan for the IRP specifically guide against?

• A.Transfer of chain of custody
• B.Accelerated turn over
• C.Rushed disclosure
• D.Initiating kill chain

답을 확인하기

정답: