NIST Privacy Framework Core
Functions questions and answers
rated
Protect - correct answer ✔✔ data protection policies, processes, and procedures; identity
management, authentication, and access control; and data security, maintenance, and
protective technology
Govern - correct answer ✔✔ governance policies, process, and procedures; risk management
strategy; awareness and training; and monitoring review
identify - correct answer ✔✔ inventory and mapping, business environment, risk assessment,
data proessing ecosystem risk management
control - correct answer ✔✔ data processing policies, processes, and procedures; data
processing management; and disassociated processing
platform as a service - correct answer ✔✔ provides proprietary tools or solutions to allow
customers to build or operate their applications on the CSP's infrastructure. CSPs are
responsible for keeping the customer applications' uptime at an acceptable level by maintaining
all of the back-end infrastructure (e.g., hardware, network, operating systems, etc.) required to
build/test/run those applications.
software as a service - correct answer ✔✔ the cloud service provider (CSP) provides a business
application (e.g., a web-based application to sell any kind of product) that organizations use to
perform specific functions or processes (e.g., selling products to customers). Customers can use
the application for their specific purposes while still having some level of customization (e.g.,
adding its own logo, pictures, product descriptions, etc.) and configuration options (e.g., adding
extensions).
, infrastructure as a service - correct answer ✔✔ provides users with a virtual data center with
outsourced servers, storage, hardware, and networking resources. It does not also provide
applications to perform business functions like processing payments and performing marketing
campaigns.
business as a process - correct answer ✔✔ organizations that use SaaS to perform a specific
business function for clients, such as billing, payroll, or distribution. It provides more than just
the software and hardware needed to perform a business function. This model also performs
that function.
Evaluate, Direct, and Monitor (EDM) - correct answer ✔✔ 1. ensure governance framework
setting and maintenance2. ensured benefits delivery3. ensured risk optimization4. ensured
resource optimization5. ensured stakeholder engagement
Deliver, Service, and Support (DSS) - correct answer ✔✔ 1. managed operations2. service
requests and incidents3. managed problems4. managed continuity5. managed security
services6. managed business process controls
Framework Core - correct answer ✔✔ was a legislative imperative for NIST to develop a set of
plain language controls for the protection of critical IT infrastructure. The focus is to develop a
program to identify, assess, and manage cybersecurity risks in a cost-effective and repeatable
manner.
framework profiles - correct answer ✔✔ the mechanisms by which NIST recommends
companies measure cybersecurity risk and establish a roadmap to ensure the organization can
minimize such risk. implementation guides. 3 tiers: current, target, gap analysis.
implementation tiers - correct answer ✔✔ provide a measure of an organization's information
security infrastructure sophistication.
Functions questions and answers
rated
Protect - correct answer ✔✔ data protection policies, processes, and procedures; identity
management, authentication, and access control; and data security, maintenance, and
protective technology
Govern - correct answer ✔✔ governance policies, process, and procedures; risk management
strategy; awareness and training; and monitoring review
identify - correct answer ✔✔ inventory and mapping, business environment, risk assessment,
data proessing ecosystem risk management
control - correct answer ✔✔ data processing policies, processes, and procedures; data
processing management; and disassociated processing
platform as a service - correct answer ✔✔ provides proprietary tools or solutions to allow
customers to build or operate their applications on the CSP's infrastructure. CSPs are
responsible for keeping the customer applications' uptime at an acceptable level by maintaining
all of the back-end infrastructure (e.g., hardware, network, operating systems, etc.) required to
build/test/run those applications.
software as a service - correct answer ✔✔ the cloud service provider (CSP) provides a business
application (e.g., a web-based application to sell any kind of product) that organizations use to
perform specific functions or processes (e.g., selling products to customers). Customers can use
the application for their specific purposes while still having some level of customization (e.g.,
adding its own logo, pictures, product descriptions, etc.) and configuration options (e.g., adding
extensions).
, infrastructure as a service - correct answer ✔✔ provides users with a virtual data center with
outsourced servers, storage, hardware, and networking resources. It does not also provide
applications to perform business functions like processing payments and performing marketing
campaigns.
business as a process - correct answer ✔✔ organizations that use SaaS to perform a specific
business function for clients, such as billing, payroll, or distribution. It provides more than just
the software and hardware needed to perform a business function. This model also performs
that function.
Evaluate, Direct, and Monitor (EDM) - correct answer ✔✔ 1. ensure governance framework
setting and maintenance2. ensured benefits delivery3. ensured risk optimization4. ensured
resource optimization5. ensured stakeholder engagement
Deliver, Service, and Support (DSS) - correct answer ✔✔ 1. managed operations2. service
requests and incidents3. managed problems4. managed continuity5. managed security
services6. managed business process controls
Framework Core - correct answer ✔✔ was a legislative imperative for NIST to develop a set of
plain language controls for the protection of critical IT infrastructure. The focus is to develop a
program to identify, assess, and manage cybersecurity risks in a cost-effective and repeatable
manner.
framework profiles - correct answer ✔✔ the mechanisms by which NIST recommends
companies measure cybersecurity risk and establish a roadmap to ensure the organization can
minimize such risk. implementation guides. 3 tiers: current, target, gap analysis.
implementation tiers - correct answer ✔✔ provide a measure of an organization's information
security infrastructure sophistication.
