Question
Please answer ALL of the questions (multiple choices) 1-Which of the following is NOT part of Cyber Supply-Chain Risk Management? Group of answer choices To
Please answer ALL of the questions (multiple choices)
1-Which of the following is NOT part of Cyber Supply-Chain Risk Management?
Group of answer choices
To identify, assess, and mitigate risks
To act as the first line of defense for organizations utilizing third party products and services
To eliminate all threats and vulnerabilities relating to third parties
To track the complete lifecycle of a system
2-
What is the main objective of the enterprise when selecting third parties to provide products and services?
Group of answer choices
Familiarity with a third party
Understanding access the third party will need
Applying a sustainable cyber supply chain risk management process
Ensuring the third party is the best solution for the product and/or service needs
3-
According to the text, who should be involved in determining the appropriate level of insurance?
Group of answer choices
The Chief Financial Officer (CFO)
The cyber SME
The supply chain risk management professional
The consulting or legal firm
4-
What is the purpose of the cyber service level agreements?
Group of answer choices
To provide financial relief when a data loss occurs
To protect the third party from loss claims
To be detailed, but operational and comprehensible
To provide definitions that are clearly defined in the contract
5-
What is the purpose of having a contract in place with the third party?
Group of answer choices
To ensure the control environment remains intact
To ensure the third party is compliant with legal and regulatory guidance
To observe the services being performed
To promote relationship building
6-
Who is ultimately responsible for conducting banking and related activities in a safe and sound manner and in compliance with law?
Group of answer choices
The cyber third party
The financial services industry
The enterprise
The FDIC
7-
What is the purpose of defense-in-depth strategy?
Group of answer choices
To ensure that no matter where assets are developed, they are held to the same standards.
To reduce the occurrence of unauthorized assets.
To identify and address security risks associated with digital transformation.
To provide a comprehensive program to defend against cyber threats.
8-
According to the text, what is the result of IT and OT assets being mingled on the same digital networks?
Group of answer choices
It increases the likelihood of compromise for OT machines.
It creates a secure model for the organization.
It enhances the adoption of Enterprise Risk Management.
It allows for the prevention of cyber-attacks.
9-
What is the primary goal of network segmentation?
Group of answer choices
To ensure proper asset management
To provide a separate set of security zones
To secure all communication
To reduce the impact of unauthorized access
10-
What should be the focus of vulnerability management?
Group of answer choices
Identifying and remediating insecure system configurations
Testing the enterprise-wide deployment of network and application environments
Monitoring and defending against known malicious IPs/address ranges
Establishing a standard change process
11-
What is the primary goal of employee training?
Group of answer choices
To promote a security culture
To monitor privileged access to systems
To ensure only approved applications can be installed
To prevent the writing out to external media
12-
What is the main benefit of application whitelisting?
Group of answer choices
To reduce the impact of unauthorized access
To ensure only approved applications can be installed
To protect internet-facing infrastructures from attack
To promote a security culture
13-
What is the purpose of egress monitoring?
Group of answer choices
To identify and prioritize vulnerabilities for remediation
To provide guidance for implementing DevSecOps
To enable the integration of security into the application development life cycle
To detect and analyze attempts to exfiltrate data and command and control attempts
14-
What is the first step in creating an effective cybersecurity program?
Group of answer choices
Establishing a Continuity Program Office
Performing a Business Impact Assessment
Conducting a threat assessment
Developing and writing a recovery plan
15-
What is the primary goal of defense-in-depth?
Group of answer choices
To create a comprehensive security policy
To develop tailored training for employees
To provide multiple layers of protection
To prioritize perimeter security
16-
Which of the following is an example of detection, when it comes to incident response?
Group of answer choices
Monitoring and analyzing the organization's security ecosystem
Developing a plan to restore any capabilities or services impaired due to a cyber security event
Specifying an accountability framework
Updating crisis plans regularly
17-
What is the purpose of governance in a cybersecurity plan?
Group of answer choices
To describe the policies and processes for managing cyber incidents
To ensure that all systems are updated, configured correctly and security patches are applied
To detect, prevent and respond to cyber incidents
To combat impulsive reactions when a breach occurs
18-
What is the goal of threat detection in a cybersecurity plan?
Group of answer choices
To assess the impact of a breach
To analyze third-party risks and responsibilities
To identify malicious activity that could compromise the network
To reduce financial, legal and reputational damages
19-
What is organizational resilience?
Group of answer choices
The ability of an organization to identify cyber threats
A process to follow for making initial decisions in a crisis
The ability of an organization to respond and adapt to sudden disruptions
A relationship between the board and senior management
20-
What is the purpose of tabletop exercises?
Group of answer choices
To validate processes and pressure-test a variety of use cases
To have a log or audit trail of all key decisions made
To help define how decisions will be achieved in real-time
To provide a step-by-step walk-through for possible cyber threats
21-
What is the difference between time-to-detect and time-to-respond?
Group of answer choices
Time-to-detect is how quickly the incident is discovered, while time-to-respond is how quickly the organization can contain the situation.
Time-to-detect is how quickly the organization can contain the situation, while time-to-respond is how quickly the incident is discovered.
Time-to-detect is how long it takes to identify the incident, while time-to-respond is how long it takes to respond to customers.
Time-to-detect is how long it takes to mitigate the situation, while time-to-respond is how long it takes to identify the incident.
22-
What is the role of independent forensic investigators?
Group of answer choices
To provide advice on how to effectively convey messages to the public
To provide insurance coverage for financial losses
To provide an understanding of how the company uses information technology
To reconstruct and analyze digital information to aid in investigations
23-
What is the purpose of hiring an external auditor?
Group of answer choices
To provide advice on how to effectively convey messages to the public
To provide insurance coverage for financial losses
To obtain an understanding of how the company uses information technology
To reconstruct and analyze digital information to aid in investigations
24-
According to the text, how can companies best protect themselves from cyber security risks associated with M and A deals?
Group of answer choices
By outsourcing their security services
By creating more detailed policies and procedures
By negotiating terms that build in remediation costs
By proactively assessing cyber risks
25-
What does the text suggest about the importance of monitoring social media for hints of M and A deals?
Group of answer choices
It is unnecessary, as it is unlikely to be successful.
It is important, as it can provide valuable information.
It is risky, as attackers may be able to access confidential information.
It is time consuming, and therefore not worth the effort.
26-
What is the primary benefit of assessing cyber risks early in the M and A process?
Group of answer choices
It helps to identify potential breaches quickly.
It helps to reduce the costs of remediation.
It helps to protect the value of the deal.
It helps to ensure compliance with regulations.
27-
What is the purpose of assessing technical and organizational security measures?
Group of answer choices
To ensure the protection of customer and employee data.
To determine the legal and regulatory requirements.
To identify the data that needs to be classified.
To ensure the proper disposal of data after retention.
28-
What is the primary risk posed by deletion requests from data subjects?
Group of answer choices
They can be time consuming to respond to.
They can lead to large fines if not handled correctly.
They can be difficult to identify in systems and repositories.
They can propagate across systems if not properly managed.
29-
What is the first step in the due diligence process of cyber security when considering an acquisition?
Group of answer choices
Assess the target companys cyber risks
Make sure the target company has the necessary investments in cyber security infrastructure
Identify lax cultural attitudes toward cyber risk
Ensure compliance with data privacy laws
30-
What is the purpose of a gap analysis during integration?
Group of answer choices
To identify cyber risks
To determine integration costs
To identify areas where the two companies can reduce their workforce
To identify any benefits the combined organization could gain
31-
What should boards pay particular attention to during the first six months post-integration?
Group of answer choices
Establishing a contingency fund
Preventing the sharing of competitive information
Potential cost estimates being overly optimistic
Potential cyber incidents occurring before closing
32-
What is the main challenge facing many cybersecurity teams?
Group of answer choices
Low morale
High turnover
Lack of qualified personnel
Difficulty with hiring
33-
What is the goal of creating empathy in cybersecurity?
Group of answer choices
To ensure technical breakdowns are not the fault of security staff
To reduce the stress of the cybersecurity team
To enhance communication and facilitate problem-solving
To increase the number of cybersecurity personnel
34-
What is the result of low morale in cybersecurity teams?
Group of answer choices
Increased efficiency
Increased effectiveness
High turnover
Low quality of execution
35-
What is the concept of a sliding scale of the elasticity of rigor based on risk?
Group of answer choices
Risktascity
Risk management
Cybersecurity strategy
Performance recognition
36-
What is the primary focus of the relationships between departments in terms of cybersecurity?
Group of answer choices
To create a culture based on fear
To develop countermeasures to risks
To become experts in cybersecurity
To apply context to cyber threats
37-
What is the primary role of the CISO in developing relationships?
Group of answer choices
To create a culture of security
To be an advocate for security
To be a traffic cop
To become an expert in cybersecurity
38-
What is the main goal of participating in cybersecurity information-sharing initiatives?
Group of answer choices
To become experts in cybersecurity
To eliminate risk
To stay up to date on strategies
To create a culture based on fear
39-
According to the text, what does achieving compliance checklists mean?
Group of answer choices
Achieving an effective and maturing cybersecurity program
Ensuring the organization is safe from new attack vectors
Being capable of handling an incident response activity
Implementing all compliance requirements at a point in time
40-
According to the text, which activity is recommended to improve an organization's everyday cybersecurity awareness and readiness?
Group of answer choices
Implementing a risk management framework
Running tabletop exercises for significant threats
Conducting regular phishing tests
Adopting a compliance-based approach
41-
Why should assessing an organization's cybersecurity team's performance not be limited only to the team itself?
Group of answer choices
Because cybersecurity is a shared responsibility across all departments
Because the performance of the cybersecurity team does not impact the organization
Because only external assessments can accurately measure the team's performance
Because focusing on the team's performance will negatively impact employee morale
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started