Please answer ALL of the questions (multiple choices)

1-Which of the following is NOT part of Cyber Supply-Chain Risk Management?

Group of answer choices

To identify, assess, and mitigate risks

To act as the first line of defense for organizations utilizing third party products and services

To eliminate all threats and vulnerabilities relating to third parties

To track the complete lifecycle of a system

2-

What is the main objective of the enterprise when selecting third parties to provide products and services?

Group of answer choices

Familiarity with a third party

Understanding access the third party will need

Applying a sustainable cyber supply chain risk management process

Ensuring the third party is the best solution for the product and/or service needs

3-

According to the text, who should be involved in determining the appropriate level of insurance?

Group of answer choices

The Chief Financial Officer (CFO)

The cyber SME

The supply chain risk management professional

The consulting or legal firm

4-

What is the purpose of the cyber service level agreements?

Group of answer choices

To provide financial relief when a data loss occurs

To protect the third party from loss claims

To be detailed, but operational and comprehensible

To provide definitions that are clearly defined in the contract

5-

What is the purpose of having a contract in place with the third party?

Group of answer choices

To ensure the control environment remains intact

To ensure the third party is compliant with legal and regulatory guidance

To observe the services being performed

To promote relationship building

6-

Who is ultimately responsible for conducting banking and related activities in a safe and sound manner and in compliance with law?

Group of answer choices

The cyber third party

The financial services industry

The enterprise

The FDIC

7-

What is the purpose of defense-in-depth strategy?

Group of answer choices

To ensure that no matter where assets are developed, they are held to the same standards.

To reduce the occurrence of unauthorized assets.

To identify and address security risks associated with digital transformation.

To provide a comprehensive program to defend against cyber threats.

8-

According to the text, what is the result of IT and OT assets being mingled on the same digital networks?

Group of answer choices

It increases the likelihood of compromise for OT machines.

It creates a secure model for the organization.

It enhances the adoption of Enterprise Risk Management.

It allows for the prevention of cyber-attacks.

9-

What is the primary goal of network segmentation?

Group of answer choices

To ensure proper asset management

To provide a separate set of security zones

To secure all communication

To reduce the impact of unauthorized access

10-

What should be the focus of vulnerability management?

Group of answer choices

Identifying and remediating insecure system configurations

Testing the enterprise-wide deployment of network and application environments

Monitoring and defending against known malicious IPs/address ranges

Establishing a standard change process

11-

What is the primary goal of employee training?

Group of answer choices

To promote a security culture

To monitor privileged access to systems

To ensure only approved applications can be installed

To prevent the writing out to external media

12-

What is the main benefit of application whitelisting?

Group of answer choices

To reduce the impact of unauthorized access

To ensure only approved applications can be installed

To protect internet-facing infrastructures from attack

To promote a security culture

13-

What is the purpose of egress monitoring?

Group of answer choices

To identify and prioritize vulnerabilities for remediation

To provide guidance for implementing DevSecOps

To enable the integration of security into the application development life cycle

To detect and analyze attempts to exfiltrate data and command and control attempts

14-

What is the first step in creating an effective cybersecurity program?

Group of answer choices

Establishing a Continuity Program Office

Performing a Business Impact Assessment

Conducting a threat assessment

Developing and writing a recovery plan

15-

What is the primary goal of defense-in-depth?

Group of answer choices

To create a comprehensive security policy

To develop tailored training for employees

To provide multiple layers of protection

To prioritize perimeter security

16-

Which of the following is an example of detection, when it comes to incident response?

Group of answer choices

Monitoring and analyzing the organization's security ecosystem

Developing a plan to restore any capabilities or services impaired due to a cyber security event

Specifying an accountability framework

Updating crisis plans regularly

17-

What is the purpose of governance in a cybersecurity plan?

Group of answer choices

To describe the policies and processes for managing cyber incidents

To ensure that all systems are updated, configured correctly and security patches are applied

To detect, prevent and respond to cyber incidents

To combat impulsive reactions when a breach occurs

18-

What is the goal of threat detection in a cybersecurity plan?

Group of answer choices

To assess the impact of a breach

To analyze third-party risks and responsibilities

To identify malicious activity that could compromise the network

To reduce financial, legal and reputational damages

19-

What is organizational resilience?

Group of answer choices

The ability of an organization to identify cyber threats

A process to follow for making initial decisions in a crisis

The ability of an organization to respond and adapt to sudden disruptions

A relationship between the board and senior management

20-

What is the purpose of tabletop exercises?

Group of answer choices

To validate processes and pressure-test a variety of use cases

To have a log or audit trail of all key decisions made

To help define how decisions will be achieved in real-time

To provide a step-by-step walk-through for possible cyber threats

21-

What is the difference between time-to-detect and time-to-respond?

Group of answer choices

Time-to-detect is how quickly the incident is discovered, while time-to-respond is how quickly the organization can contain the situation.

Time-to-detect is how quickly the organization can contain the situation, while time-to-respond is how quickly the incident is discovered.

Time-to-detect is how long it takes to identify the incident, while time-to-respond is how long it takes to respond to customers.

Time-to-detect is how long it takes to mitigate the situation, while time-to-respond is how long it takes to identify the incident.

22-

What is the role of independent forensic investigators?

Group of answer choices

To provide advice on how to effectively convey messages to the public

To provide insurance coverage for financial losses

To provide an understanding of how the company uses information technology

To reconstruct and analyze digital information to aid in investigations

23-

What is the purpose of hiring an external auditor?

Group of answer choices

To provide advice on how to effectively convey messages to the public

To provide insurance coverage for financial losses

To obtain an understanding of how the company uses information technology

To reconstruct and analyze digital information to aid in investigations

24-

According to the text, how can companies best protect themselves from cyber security risks associated with M and A deals?

Group of answer choices

By outsourcing their security services

By creating more detailed policies and procedures

By negotiating terms that build in remediation costs

By proactively assessing cyber risks

25-

What does the text suggest about the importance of monitoring social media for hints of M and A deals?

Group of answer choices

It is unnecessary, as it is unlikely to be successful.

It is important, as it can provide valuable information.

It is risky, as attackers may be able to access confidential information.

It is time consuming, and therefore not worth the effort.

26-

What is the primary benefit of assessing cyber risks early in the M and A process?

Group of answer choices

It helps to identify potential breaches quickly.

It helps to reduce the costs of remediation.

It helps to protect the value of the deal.

It helps to ensure compliance with regulations.

27-

What is the purpose of assessing technical and organizational security measures?

Group of answer choices

To ensure the protection of customer and employee data.

To determine the legal and regulatory requirements.

To identify the data that needs to be classified.

To ensure the proper disposal of data after retention.

28-

What is the primary risk posed by deletion requests from data subjects?

Group of answer choices

They can be time consuming to respond to.

They can lead to large fines if not handled correctly.

They can be difficult to identify in systems and repositories.

They can propagate across systems if not properly managed.

29-

What is the first step in the due diligence process of cyber security when considering an acquisition?

Group of answer choices

Assess the target companys cyber risks

Make sure the target company has the necessary investments in cyber security infrastructure

Identify lax cultural attitudes toward cyber risk

Ensure compliance with data privacy laws

30-

What is the purpose of a gap analysis during integration?

Group of answer choices

To identify cyber risks

To determine integration costs

To identify areas where the two companies can reduce their workforce

To identify any benefits the combined organization could gain

31-

What should boards pay particular attention to during the first six months post-integration?

Group of answer choices

Establishing a contingency fund

Preventing the sharing of competitive information

Potential cost estimates being overly optimistic

Potential cyber incidents occurring before closing

32-

What is the main challenge facing many cybersecurity teams?

Group of answer choices

Low morale

High turnover

Lack of qualified personnel

Difficulty with hiring

33-

What is the goal of creating empathy in cybersecurity?

Group of answer choices

To ensure technical breakdowns are not the fault of security staff

To reduce the stress of the cybersecurity team

To enhance communication and facilitate problem-solving

To increase the number of cybersecurity personnel

34-

What is the result of low morale in cybersecurity teams?

Group of answer choices

Increased efficiency

Increased effectiveness

High turnover

Low quality of execution

35-

What is the concept of a sliding scale of the elasticity of rigor based on risk?

Group of answer choices

Risktascity

Risk management

Cybersecurity strategy

Performance recognition

36-

What is the primary focus of the relationships between departments in terms of cybersecurity?

Group of answer choices

To create a culture based on fear

To develop countermeasures to risks

To become experts in cybersecurity

To apply context to cyber threats

37-

What is the primary role of the CISO in developing relationships?

Group of answer choices

To create a culture of security

To be an advocate for security

To be a traffic cop

To become an expert in cybersecurity

38-

What is the main goal of participating in cybersecurity information-sharing initiatives?

Group of answer choices

To become experts in cybersecurity

To eliminate risk

To stay up to date on strategies

To create a culture based on fear

39-

According to the text, what does achieving compliance checklists mean?

Group of answer choices

Achieving an effective and maturing cybersecurity program

Ensuring the organization is safe from new attack vectors

Being capable of handling an incident response activity

Implementing all compliance requirements at a point in time

40-

According to the text, which activity is recommended to improve an organization's everyday cybersecurity awareness and readiness?

Group of answer choices

Implementing a risk management framework

Running tabletop exercises for significant threats

Conducting regular phishing tests

Adopting a compliance-based approach

41-

Why should assessing an organization's cybersecurity team's performance not be limited only to the team itself?

Group of answer choices

Because cybersecurity is a shared responsibility across all departments

Because the performance of the cybersecurity team does not impact the organization

Because only external assessments can accurately measure the team's performance

Because focusing on the team's performance will negatively impact employee morale