Free AKYLADE CRF-002 Exam Questions

Question 1

An e-commerce company is upgrading its cybersecurity measures to include automated tools that detect and respond to unusual network traffic, which could indicate a cyber attack. They aim to quickly contain any identified threats to prevent data breaches. Which subcategory in the NIST Cybersecurity Framework could best support the implementation of these automated detection and response systems?

A : GV.SC-01

B : DE.CM-01

C : PR.DS-01

D : ID.AM-04

Answer: B

Question 2

A startup is currently managing cybersecurity issues on an incident-by-incident basis without any predefined strategy. Most decisions are made spontaneously without consulting any established guidelines or standards. What tier best describes their cybersecurity implementation?

A : Tier 3 (Repeatable)

B : Tier 4 (Adaptive)

C : Tier 1 (Partial)

D : Tier 2 (Risk Informed)

Answer: C

Question 3

A software company identifies a significant risk of source code leaks due to inadequate version control and employee access management. What key elements should be included in their risk management plan to address this issue effectively?

A : Increase general cybersecurity awareness training, especially social engineering attacks, for all employees.

B : Outsource source code development to external contractors to reduce internal risks

C : Implement robust version control systems and restrict access to sensitive information based on roles and responsibilities

D : Conduct a public relations campaign to reassure stakeholders about data security and emphasize cybersecurity training

Answer: C

Question 4

A startup is currently managing cybersecurity issues on an incident-by-incident basis without any predefined strategy. Most decisions are made spontaneously without consulting any established guidelines or standards. What tier best describes their cybersecurity implementation?

A : Tier 3 (Repeatable)

B : Tier 4 (Adaptive)

C : Tier 1 (Partial)

D : Tier 2 (Risk Informed)

Answer: C

Question 5

A company's IT department has identified an increase in phishing attacks targeting employees. To address this cybersecurity risk, what strategic action should be included in their comprehensive cybersecurity strategy?

A : Outsource all email management to a third-party provider without implementing additional security measures

B : Upgrade the physical security systems within company facilities

C : Decrease the frequency of network security audits to allocate more resources to training and other phishing defenses

D : Implement a continuous employee training program focused on recognizing and responding to phishing attempts

Answer: D