EMC NIST Cybersecurity Framework 2023 - D-CSF-SC-23 Exam Questions [2026]

QUESTION NO: 1
What must be included in the CMDB?

A. Known vulnerabilities of installed software B. Software End User Licensing Agreements C. Inventory of uninstalled software D. Dependencies of installed components

Correct Answer: D

QUESTION NO: 2
Assume that a DDoS attack has been occurring for 72 minutes.
What determines who talks to external stakeholders?

A. Incident Response Plan B. Business Continuity Plan C. Communication Plan D. Business Impact Analysis

Correct Answer: C

QUESTION NO: 3
A new employee is starting work at your company. When should they be informed of the company's security policy?

A. After the first security infraction B. During regular security awareness sessions C. Based on human resource policy D. Annual security policy review

Correct Answer: B

QUESTION NO: 4
What should an organization use to effectively mitigate against password sharing to prevent unauthorized access to systems?

A. Frequent password resets B. Access through a ticketing system C. Strong password requirements D. Two factor authentication

Correct Answer: D

QUESTION NO: 5
What is the main goal of a gap analysis in the Identify function?

A. Identify business process gaps to improve business efficiency B. Determine actions required to get from the current profile state to the target profile state C. Determine security controls to improve security measures D. Identify gaps between Cybersecurity Framework and Cyber Resilient Lifecycle pertaining to that function

Correct Answer: B

QUESTION NO: 6
What method identifies the 'delta' in projected time for RTO and actual time to complete?

A. Recovery Planning B. Gap Analysis C. Risk Management Strategy D. Business Impact Analysis

Correct Answer: B

QUESTION NO: 7
What is a consideration when performing data collection in Information Security Continuous Monitoring?

A. The more data collected, the better chances to catch an anomaly. B. Collection is used only for compliance requirements. C. Data collection efficiency is increased through automation. D. Data is best captured as it traverses the network.

Correct Answer: C