Exam 3 Quiz Answers

Hello Friends in this article i am gone to share Coursera Course: Cybersecurity Policy for Water and Electricity Infrastructures Week 4 | Exam 3 Quiz Answers with you..

Exam 3 Quiz Answers

Question 1)
What is the worst reasonable consequence of a cyber attack on a major metropolitan
water utility?

  • It could trigger a massive release of toxic chlorine gas in proximity to residential neighborhoods and business centers.
  • It could disrupt water services for an extended period by causing physical faults on controlling and pumping equipment.
  • It could open sluice gates and drain the available water supply from servicing reservoirs.
  • It could release radioactive nucleotides contaminating the entire water distribution system.

Question 2)
Under PPD-21 and 2013 National Infrastructure Protection Plan, which Federal department is the Sector-Specific Agency responsible for working with drinking water utilities to protect this infrastructure sector?

  • DHS
  • DoD
  • FBI
  • EPA

Question 3)
The Environmental Protection Agency’s regulatory authority allows it to direct specific security measures and standards over commercial water utilities.

  • True
  • False

Question 4)
What are the basic components of the NIST Cybersecurity Framework?

  • Standards, Domains, Profiles, & Processes
  • Standards, Domains, Maturity Levels, & Processes
  • Standards, Tiers, Profiles, & Practices
  • Standards, Tiers, Profiles, & Processes

Question 5)
This component of the NIST Cybersecurity Framework provides the basis for identifying, detecting, and protecting against threats, and responding and recovering from cyber attack.

  • Standards
  • Tiers
  • Process
  • Practices

Question 6)
Which step of the NIST Cybersecurity Framework assesses current practices to develop a Current Profile?

  • Step 1
  • Step 2
  • Step 3
  • Step 4

Question 7)
Which step of the NIST Cybersecurity Framework prioritizes Framework Core actions necessary to achieve the Target Profile?

  • Step 4
  • Step 5
  • Step 6
  • Step 7

Question 8)
Which step of the NIST Cybersecurity Framework implements identified Framework Core actions to achieve the Target Profile?

  • Step 1
  • Step 2
  • Step 3
  • Step 4

Question 9)
You are the system security officer for a drinking water utility servicing a small city of about 30,000 residents in Vermont. Management has agreed to apply the NIST Cybersecurity to assess and improve their cybersecurity posture. What is your next step to improving your cybersecurity posture?

  • Assess current practices to develop a Framework Profile.
  • Create a Target Profile for achieving increased cybersecurity protection.
  • Prioritize Framework Core actions necessary to achieve the Target Profile.
  • Implement identified Framework Core actions to achieve the Target Profile.

Question 10)
You are the system security officer for a drinking water utility servicing a small city of about 30,000 residents in Vermont. Management has agreed to apply the NIST Cybersecurity to assess and improve their cybersecurity posture. You have developed a Framework Profile indicating your current practices may be characterized as Tier 1 “Partial”. You have also developed a Target Profile indicating what actions are required to achieve Tier 2 “Risk Informed” status. You have also prioritized Framework Core actions necessary to achieve the Target Profile. What is your next step to improving your cybersecurity posture?

  • Assess current practices to develop a Framework Profile.
  • Create a Target Profile for achieving increased cybersecurity protection.
  • Prioritize Framework Core actions necessary to achieve the Target Profile.
  • Implement identified Framework Core actions to achieve the Target Profile

Question 12)
You are the system security officer for a drinking water utility servicing a large city of about 3.8 million residents in California. In 2014, your department allocated funding to start implementing the NIST Cybersecurity Framework. By 2017, your office succeeded in completing two cycles of the Framework Process, and now assess your Current Profile at Tier 3, “Repeatable”. At the annual business review meeting, management asks if you are going to try and attain a Tier 4 “Adaptive” Target Profile. Because your system is riddled with single points of failure that could shut down water to the city for a week a more, you recommend proceeding with Tier 4 implementation even though it will require a 20% increase to your department budget. How should management respond to your recommendation?

  • Management should agree with you because your are the designated expert in this area.
  • Management should agree with you because the risk is too great not to proceed.
  • Management should make their own decision based on their own judgment.
  • Management should make their own decision based on cost.

Question 13)
You are the system security officer for a drinking water utility servicing a large city of about 2.7 million residents in Illinois. In 2014, your department allocated funding to start implementing the NIST Cybersecurity Framework. By 2017, your office succeeded in completing two cycles of the Framework Process, and now assess your Current Profile at Tier 3, “Repeatable”. At the annual business review meeting, management asks if you are going to try and attain a Tier 4 “Adaptive” Target Profile. Because your system is redundant and likely to survive even a sophisticated cyber attack, you recommend remaining at Tier 3 because the additional cost will result in virtually no additional protection. How should management respond to your recommendation?

  • Management should agree with you because your are the designated expert in this area.
  • Management should agree with you because the risk is too great not to proceed.
  • Management should make their own decision based on their own judgment.
  • Management should make their own decision based on cost.

Question 14)
The NIST Cybersecurity Framework Core is organized into five functional areas. Which function develops and implements appropriate activities to restore capabilities or services impaired by a cybersecurity event?

  • Protect
  • Detect
  • Respond
  • Recover

Question 15)
The NIST Cybersecurity Framework Core is organized into five functional areas. Which function will facilitate shorter down time and result in smaller losses?

  • Protect
  • Detect
  • Respond
  • Recover

Question 16)
What makes the drinking water infrastructure a potential target of attack?

  • About 15% of water facilities in major urban areas provide service to more than 75% of the US population.
  • Water utilities are essential for providing potable drinking water and fire suppression capability.
  • Water utilities have lax cybersecurity protocols.
  • Nobody can live without water.

Question 17)
This component of the NIST Cybersecurity Framework provides a set of four operational objectives representing increasing levels of protection.

  • Standards
  • Tiers
  • Process
  • Practices

Question 18)
Which step of the NIST Cybersecurity Framework creates a Target Profile for achieving increased cybersecurity protection?

  • Step 4
  • Step 5
  • Step 6
  • Step 7

Question 19)
You are the system security officer for a drinking water utility servicing a small city of about 30,000 residents in Vermont. Management has agreed to apply the NIST Cybersecurity to assess and improve their cybersecurity posture. You have developed a Framework Profile indicating your current practices may be characterized as Tier 1 “Partial”. You have also developed a Target Profile indicating what actions are required to achieve Tier 2 “Risk Informed” status. What is your next step to improving your cybersecurity posture?

  • Assess current practices to develop a Framework Profile.
  • Create a Target Profile for achieving increased cybersecurity protection.
  • Prioritize Framework Core actions necessary to achieve the Target Profile.
  • Implement identified Framework Core actions to achieve the Target Profile

Question 20)
The NIST Cybersecurity Framework Core is organized into five functional areas. Which function accepts the inevitability of a successful cyber attack?

  • Protect
  • Detect
  • Respond
  • Recover

Question 21)
Water utilities, like most utilities, are designed to withstand storms and vandals, but not concerted attack.

  • True
  • False

Question 22)
Participation in the National Infrastructure Protection Plan Risk Management Framework is compulsory for water infrastructure owners and operators.

  • True
  • False

Question 23)
How does the NIST Cybersecurity Framework help an organization’s overall cybersecurity program?

  • It enhances long-term budgeting.
  • It increases promotion opportunities.
  • It eliminates risk from cyber attack.
  • It facilitates strategic risk reduction planning.

Question 24)
The NIST Cybersecurity Framework is a continuous improvement process for reducing risk.

  • True
  • False

Question 25)
This component of the NIST Cybersecurity Framework establishes a collaborative effort between System Operations and Business Management.

  • Standards
  • Tiers
  • Process
  • Practices

Question 26)
You are the system security officer for a drinking water utility servicing a large city of about 2.7 million residents in Illinois. In 2014, your department allocated funding to start implementing the NIST Cybersecurity Framework. By 2017, your office succeeded in completing two cycles of the Framework Process, and now assess your Current Profile at Tier 3, “Repeatable”. At the annual business review meeting, management asks if you are going to try and attain a Tier 4 “Adaptive” Target Profile. Because of your familiarity with the Framework Core, you already have a pretty good idea what additional measures would be required. You also know that these measures would exceed your current budget authorization by as much as 20%. Because your system is completely redundant, you feel confident that you can maintain the city’s water supply even in the event of a sophisticated cyber attack. Based on this information, what do you recommend to management?

  • Proceed with Tier 4 implementation because single points of failure could result in catastrophic loss.
  • Proceed with Tier 4 implementation because your department could benefit from a budget increase.
  • Remain at Tier 3 because the probability of catastrophic failure from cyber attack is extremely low.
  • Remain at Tier 3 because your department has been working really hard and needs a break.

Question 27)
You are the system security officer for a drinking water utility servicing a small city of about 30,000 residents in Vermont. You are assessing your cybersecurity posture using the NIST Cybersecurity Framework. You have assessed your current Framework Profile as Tier 1, “Partial”. You have developed a Target Profile representing what you consider Tier 2, “Risk Informed” capability. Moreover, you have identified Framework Core Actions necessary to attain Tier 2 status that can be accomplished within your current budget authorization. You have determined that there is a very low, but non-zero probability that a cyber attack could shut down your water supply to the city for as much as a week, maybe longer. What is the best recommended course of action to make to management?

  • Remain at Tier 1 because the probability of cyber attack is very low.
  • Remain at Tier 1 because the consequences of cyber attack aren’t catastrophic.
  • Advance to Tier 2 because the cost of implementation is within your budget.
  • Advance to Tier 2 because the risk reduction is worth the cost of implementation.

Question 28)
You are the system security officer for a drinking water utility servicing a small city of about 30,000 residents in Vermont. Management has agreed to apply the NIST Cybersecurity to assess and improve their cybersecurity posture. You have developed a Framework Profile indicating your current practices may becharacterized as Tier 1 “Partial”. What is your next step to improving your cybersecurity posture?

  • Assess current practices to develop a Framework Profile.
  • Create a Target Profile for achieving increased cybersecurity protection.
  • Prioritize Framework Core actions necessary to achieve the Target Profile.
  • Implement identified Framework Core actions to achieve the Target Profile

Question 29)
You are the system security officer for a drinking water utility servicing a large city of about 3.8 million residents in California. In 2014, your department allocated funding to start implementing the NIST Cybersecurity Framework. By 2017, your office succeeded in completing two cycles of the Framework Process, and now assess your Current Profile at Tier 3, “Repeatable”. At the annual business review meeting, management asks if you are going to try and attain a Tier 4 “Adaptive” Target Profile. Because of your familiarity with the Framework Core, you already have a pretty good idea what additional measures would be required. You also know that these measures would exceed your current budget authorization by as much as 20%. While you feel pretty confident about your current cybersecurity posture, you know that there are single points of failure throughout the system that could allow a successful cyber attack to shut off water to the city for a week or longer. Based on this information, what do you recommend to management?

  • Proceed with Tier 4 implementation because single points of failure could result in catastrophic loss.
  • Proceed with Tier 4 implementation because your department could benefit from a budget increase.
  • Remain at Tier 3 because the probability of catastrophic failure from cyber attack is extremely low.
  • Remain at Tier 3 because your department has been working really hard and needs a break.

Question 30)
You are the system security officer for a drinking water utility servicing a small city of about 30,000 residents in Vermont. You are assessing your cybersecurity posture using the NIST Cybersecurity Framework. You have assessed your current Framework Profile as Tier 1, “Partial”. You have developed a Target Profile representing what you consider Tier 2, “Risk Informed” capability. Moreover, you have identified Framework Core Actions necessary to attain Tier 2 status, and management has agreed upon implementing these actions. You are now undergoing the process of prioritizing which actions should be accomplished first. You are currently trying to choose between two Core Actions under the Detect function. Option 1 requires you to purchase and install an Intrusion Protection System to report malicious and suspicious cyber activities. Option 2 requires sending your System Administrator to an expensive training program to learn how to analyze and respond to suspicious cyber activities. Which option do you give higher priority?

  • Option 1 should receive higher priority because without detection there is no need for analysis.
  • Option 2 should receive higher priority because without analysis there is no ability to respond.
  • Both options should be given equal priority because they are clearly dependent on each other.
  • The answer depends on the SSO’s knowledge and experience.

 

Leave a Comment