A regional bank is adopting the NIST Cybersecurity Framework and is currently in the process of developing its Framework Profile. The CISO wants to create a 'Target Profile' that aligns with a new digital transformation initiative. Which statement most accurately describes the primary purpose of this Target Profile?
A manufacturing company with extensive Industrial Control Systems (ICS) is performing an asset inventory as part of the NIST CSF Identify (ID.AM) function. Beyond standard IT assets, which of the following asset types are crucial to include for a comprehensive inventory in this specific environment? (Select TWO)
A cybersecurity consultant is advising a company on implementing the Protect function (PR.AC) of the NIST CSF. The company has a flat network architecture and uses shared administrator accounts. To align with the principle of least privilege, the consultant recommends implementing a specific access control model. Which model assigns permissions to users based on their job titles and responsibilities within the organization?
During a security assessment, a SOC analyst discovers that a critical server is communicating with a known command-and-control (C2) IP address. This discovery was made by correlating firewall logs with a third-party threat intelligence feed. Which subcategory of the Detect (DE) function is most directly demonstrated by this activity?
A hospital's CSIRT has confirmed a data breach involving protected health information (PHI). The Incident Response Plan (IRP) calls for immediate containment. The lead incident responder is deciding between two containment strategies: isolating the affected subnet from the rest of the network versus shutting down the individual compromised systems. What is the most critical factor to consider when choosing the appropriate containment strategy in this scenario?
A cloud-native startup relies entirely on a single public cloud provider for all its operations. After a major regional outage caused by the provider, the startup's leadership decides to formalize its recovery strategy. They need a plan that specifically details the technical procedures to restore their services, either in the same region or a different one. Which document is most appropriate for this purpose?
True or False: The NIST Cybersecurity Framework Implementation Tiers are maturity levels that an organization must progress through sequentially from Tier 1 to Tier 4 to be considered compliant.
A government agency is conducting a Business Impact Analysis (BIA) as part of the Identify function (ID.BE). The goal is to determine the criticality of various IT systems. The BIA team needs to define the maximum acceptable amount of data loss from a system following a disruptive event. Which metric should they establish for this purpose?
A financial institution is implementing controls for the Protect function. To comply with subcategory PR.DS-5: Protections against data leaks are implemented, the security team is evaluating several technologies. Which technology is specifically designed to identify, monitor, and prevent the unauthorized exfiltration of sensitive data from the network?
A security operations team is struggling with a high volume of alerts from various security tools, leading to analyst fatigue and missed incidents. To improve their detection capabilities (DE.AE), they decide to implement a system that will aggregate logs, normalize data, and use correlation rules to identify high-fidelity threats. Which type of system are they implementing?