AKYLADE Certified Cyber Resilience Fundamentals (A/CCRF) CRF-002 Exam Questions
Question #1 (Topic: demo questions)
Which of the following informative references specifically caters to financial institutions by integrating cybersecurity and regulatory compliance guidelines into a single framework?
Correct Answer: A
Explanation:
Cyber Risk Institute (CRI) Profile provides a comprehensive framework that integrates cybersecurity and regulatory compliance guidelines specifically tailored for financial institutions, helping them address both cybersecurity threats and regulatory requirements. Information Technology Infrastructure Library (ITIL) offers best practices for IT service management, focusing on aligning IT services with business needs. It does not specifically address the unique cybersecurity and regulatory compliance integration for financial institutions. Open Web Application Security Project (OWASP) provides a comprehensive framework focused on improving the security of software and web applications, offering best practices but not specifically designed for the regulatory integration required by financial institutions. Cloud Security Alliance (CSA) Security, Trust and Assurance Registry (STAR) primarily focuses on providing security assurance in cloud services and is not tailored specifically for financial institutions or regulatory compliance integration.
Question #2 (Topic: demo questions)
Which of the following is the purpose of the Recover function in the NIST Cybersecurity Framework?
Correct Answer: B
Explanation:
The Recover function in the NIST Cybersecurity Framework helps an organization develop and implement appropriate activities to maintain resilience plans and restore any capabilities or services that were impaired due to a cybersecurity incident. The Protect function in the NIST Cybersecurity Framework is used by organizations to develop and implement safeguards to ensure the delivery of critical services and the protection of physical and digital assets against cyber threats. The Detect function in the NIST Cybersecurity Framework is used by organizations to develop and implement appropriate activities to identify the occurrence of a cybersecurity event through timely discovery and analysis of anomalies, indicators of compromise, and other potentially adverse events.
Question #3 (Topic: demo questions)
How can an organization use its NIST Cybersecurity Framework profile to develop its cybersecurity strategy?
Correct Answer: D
Explanation:
Using a profile helps an organization understand where it stands and what it needs to improve to reach its desired cybersecurity state, effectively guiding strategic development. Profiles guide the overall approach and goals rather than specifying particular technologies. Profiles are specific to organizational needs and do not directly identify applicable international regulations. While profiles help in planning responses, they do not automate responses to cybersecurity threats.
Question #4 (Topic: demo questions)
Ahealthcare provider uses an outdated version of medical record software that no longer receives security updates. What does this situation expose the organization to?
Correct Answer: B
Explanation:
Using outdated software that no longer receives updates exposes the organization to vulnerabilities, as these systems are more susceptible to known exploits and security breaches. Staff training is essential but does not directly relate to the vulnerability described, which involves outdated software. While external hackers pose a threat, the scenario specifically highlights a vulnerability in the organization's use of outdated software. The scenario describes a current vulnerability, not the implementation of a risk mitigation strategy.
Question #5 (Topic: demo questions)
Asmall retail company with limited cybersecurity resources primarily reacts to security incidents as they occur, without a formal policy or plan in place. Their cybersecurity efforts are ad hoc and not coordinated among departments. Based on this scenario, which implementation tier best describes the company's current cybersecurity posture?
Correct Answer: C
Explanation: