Network Protocol Study Questions with complete Solutions Rated A+
Cybersecurity Framework (CSF) - Answers Set of plain language controls for protecting critical IT
infrastructure
Framework Core - Answers Program focusing on identifying, assessing, and managing cybersecurity risks
in a cost-effective and repeatable manner
Identify - Answers Recording assets, system users, information process operations, and systems used
Protect - Answers Deploying safeguards, access controls, performing updates and backups, disposing of
files, and providing user training
Detect - Answers Using tools to identify cyber security attacks, monitoring network access points, user
devices, unauthorized personnel access, and high-risk behavior
Respond - Answers Containing cybersecurity events, reacting with planned responses, and notifying
affected parties
Recover - Answers Supporting the restoration of a company's network, backup files, and employee
rebound with proper responses
Framework Tiers - Answers Levels measuring an organization's information security sophistication
Tier 1 - Answers Partial risk management process, ad hoc and reactive, not strategically prioritized
Tier 2 - Answers Risk-informed with prioritization based on organizational risk, isolated cybersecurity,
and general awareness but no secure management
Tier 3 - Answers Repeatable cybersecurity practices, formal and documented, integrated into planning
and communicated among senior leadership
Tier 4 - Answers Adoptive risk management process, iterative improvement, organization-wide
cybersecurity management, and robust participation in external activities
Framework Profiles - Answers Measure cybersecurity risk, current profile, target profile, and gap analysis
Privacy Framework - Answers Addresses privacy risks related to data processing activities
Security and Privacy Controls (SP 800-53) - Answers Set of security and privacy controls for federal
information systems, stricter than NIST CSF or Privacy Frameworks
Control Families - Answers 20 families including Access Control, Awareness and Training, Audit and
Accountability, and others
Common (Inheritable) Control - Answers Implemented at the organizational level and adopted by
information systems
, System-specific Control - Answers Implemented at the information system level
Hybrid Control - Answers Combination of organizational and system-level implementation
Privacy Laws - Answers Regulate collection, processing, maintenance, and disclosure of private
information to protect individuals' private life
General Data Protection Regulation (GDPR) - Answers Comprehensive data privacy law in the European
Union governing how personal data should be handled
Data Breaches - Answers Exposure of confidential information to unauthorized persons
Personal Information - Answers Includes name, home address, social security number, and
payment/banking info
Unintentional Breach - Answers Breach caused by negligence or error
Intentional Breach - Answers Illegal access to data by bad actors
Consequences of Data Breaches - Answers Business disruption, reputational harm, financial loss, data
loss, and legal implications
Costs of Data Breach - Answers Detection, notification, post-breach response, loss of business/revenue
Health Insurance Portability and Accountability Act (HIPAA) - Answers Regulates privacy of protected
health information for covered entities
Electronic PHI - Answers Protected health information in electronic form
Safeguards under HIPAA - Answers Administrative, physical, and technical safeguards to protect
electronic PHI
General Data Protection Regulation (GDPR) Principles - Answers Lawfulness, fairness, transparency;
purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality
Payment Card Industry Security Standard (PCI DSS) - Answers Standard for securing payment card data
PCI DSS Goals - Answers Build and maintain secure network/systems, protect account data, maintain
vulnerability management, implement strong access control, monitor networks, maintain information
security policy
PCI DSS Requirements - Answers Network security, account data protection, vulnerability management,
access control, network monitoring, information security policy
Center for Internet Security Control (CIS) - Answers Framework recommending cybersecurity actions and
best practices
