Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

SANS MGT514 COMPREHENSIVE EXAM UPDATED QUESTIONS AND ANSWERS SURE

Rating
-
Sold
-
Pages
22
Grade
A+
Uploaded on
20-05-2026
Written in
2025/2026

SANS MGT514 COMPREHENSIVE EXAM UPDATED QUESTIONS AND ANSWERS SURE

Institution
SANS MGT514
Course
SANS MGT514

Content preview

SANS MGT514 COMPREHENSIVE EXAM UPDATED
QUESTIONS AND ANSWERS SURE A+
✔✔Disruptive innovation (2:84) - ✔✔Creates a new market eventually displacing old or
outdated technology or process: examples - cars (mass produced) digital music, digital
photography, PCs, smartphones, telephones, wikipedia

✔✔Jobs to be done Theory (2:86) - ✔✔customers don't just buy products, they hire
solutions to get jobs done. Provides insight into what customers actually want and value

✔✔Security Framework - Need for (2:92) - ✔✔provide a blueprint for building security
programs, managing risk, and communicating about security using a common
vocabulary. Examples are ISO 2700, COBIT, ENISA Evaluation Framework, FFIEC
Cybersecurity assessment tool, NIST Cybersecurity framework.

✔✔NIST Cybersecurity Framework (2:94) - ✔✔3 Parts: Core, Implementation tiers, and
profiles. Defines common language for managing security risk.

✔✔NIST - Framework Core (2:94) - ✔✔Identify - Planning activities to understand
business needs and threats that can prioritized; Protect - Activities that prevent or
contain the impact of security incidents; Detect - Activities that identify security
incidents; Respond - Incident response activities; Recover - Activities that restore
normal operations and reduce impact of security incidents.

✔✔NIST - Framework Core (cont'd) (2:94) - ✔✔Helps organizations describe the
current cybersecurity posture, describe their target state for cybersecurity, Identify and
prioritize opportunities for improvement within the context of a continuous and
repeatable process; assess progress towards the target state; Communicate among
internal and external stakeholders about cybersecurity risk.

✔✔Framework Categories - Identify (2:96) - ✔✔Asset Management, Business
environment, Governance, Risk Assessment, Risk Management Strategy, Supply chain
Risk management

✔✔Framework Categories - Protect (2:97) - ✔✔Access Control (PR.AC), Awareness &
training (PR.AT), Data Security (PR.DS), Information Protection Processes and
Procedures (PR.IP), Maintenance (PR.MA), Protective Technology (PR.PT)

✔✔Tips for using CyberSecurity Framework (2:99) - ✔✔Defines a comprehensive set of
activities that can be conducted by your security program. New programs can use the
framework as a guiding light

✔✔Measuring Maturity (2:100) - ✔✔Defines four implementation tiers that represent an
"increasing degree of rigor and sophistication in cybersecurity risk management
practices. Tier 1 - Partial; Tier 2 - Risk informed; Tier 3 - Repeatable; Tier 4 - Adaptive

,✔✔Maturity Models - Types (2:101/2) - ✔✔These provide a way to measure
organizational capabilities and identify areas for improvement. Examples include
Capability Maturity Model Integration (CMMI), ESG Maturity Model, Gartner ITScore,
CyberSecurity Capability Maturity Model (C2M2), Building Security in Maturity Model
(BSIMM), Open Software Assurance Maturity Model (OpenSAMM), Capability
Immaturity Model (CIMM) - 4 Levels - Level 0 to 3

✔✔Enterprise Strategy Group (ESG) Security model (2:103) - ✔✔Lays out a
progression for basic, progressing, and advanced organizaitons in 4 Categories -
Philosophy, People, Process, Technology

✔✔Capability Immaturity Model Integration (CMMI) (2:104) - ✔✔Defines what should be
done to improve performance. Defines 5 maturity levels and 3 areas of focus including
CMMI for development (CMMI-Dev) for product and service development, CMMI for
services (CMMI-SVC) for service establishment and management, CMMI for aquisition
(CMMI-ACQ) for product service and acquisition.

✔✔Capability Immaturity Model Integration (CMMI) Maturity Levels (2:105) - ✔✔Level 1
- initial, Level 2 - Repeatable, Level 3 - Defined, Level 4 - Managed, Level 5 -
Optimizing.

✔✔security controls (2:107) - ✔✔Strong security controls are the foundation of any
program. Examples include NIST SP 800-53, Critical Security Controls (CSC),
Australian Signals Directorate (ASD) Mitigation strategies

✔✔NIST SP 800-53 (2:108) - ✔✔Security and Privacy Controls for Federal Information
Systems and Organizations: and is a comprehensive control catalog containing a large
number of security controls that you can potentially use in your program.

✔✔CIS Security Controls (2:109) - ✔✔Center for internet security; security controls
developed and maintained by the CIS & are a subset of the comprehensive catalog in
NIST SP 800-53

✔✔Mapping Controls to the Security Framework (2:110) - ✔✔Maps the CSC to other
commonly used security frameworks, compliance standards, and control guidance.

✔✔Gap analysis (2:115) - ✔✔Contains three steps 1 - Identify the future state; 2 -
Analyze current situation; 3 - Defining actions/proposals that bridge the gap between
current and future state.

✔✔Security Roadmap (2:126) - ✔✔Developing plan of action for security program

, ✔✔Roadmap Development (2:126-129) - ✔✔3-step process; Step 1 - Identify what is
being done today, Step 2 - Map Current Capabilities to maturity levels, Step 3 -
Prioritize new initiatives to increase maturity

✔✔Decision Matrix analysis (2:130) - ✔✔too utilized to rank initiatives and inform
decisions. Categories include Cost, Ability to execute, stakeholder support, threat
defense.

✔✔Business Case (The why?) (2:136) - ✔✔helps to estimate costs and benefits of
various initiatives; Helps management determine resource allocation.

✔✔Business case (what is it) (2:137) - ✔✔Captures the reason for an initiative and lays
out a problem and the potential solutions. Includes underlying assumptions and
rationale,

✔✔Business Case (Different approaches) (2:139) - ✔✔Cost approach - how much does
it cost to recover, Industry comparison approach - what are comparable firms doing,
Business innovation approach - what can i gain from this?

✔✔Business Case (Cost approach) (2:140-141) - ✔✔Numbers include direct and
indirect costs, i.e. engaging in forensics experts, credit monitoring, in-house
investigations and communication, extrapolated value of customer loss. Issues that may
arise, numbers aren't always accurate - over/under estimates

✔✔Business Case (Industry comparison approach) (2:144) - ✔✔What is reasonable for
security based on Industry, size, market position, region; and can be analyzed by
Spending and Maturity comparisons

✔✔Business Case (Industry comparison approach - Spending Comparison) (2:144) -
✔✔Provides a rough understanding of organizational maturity and can indicate whether
spending has been focused solely on meeting mandatory requirements, has expanded
the necessary requirements.

✔✔Business Case (Industry comparison approach - Maturity Comparison) (2:146) -
✔✔Comparing your security program to others, via Information Sharing & Analysis
Centers (ISAC), Community projects, Research and consulting organizations.

✔✔BSIMM Maturity Comparison Model Radar Chart (2:149) - ✔✔represents
organizational maturity level compared to your overall industry for various security
capabilities in the protect area of NIST Cybersecurity Framework.

✔✔Business Case (Business Innovation approach) (2:151) - ✔✔Business opportunities;
business requirements; business risk

Written for

Institution
SANS MGT514
Course
SANS MGT514

Document information

Uploaded on
May 20, 2026
Number of pages
22
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$13.99
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
EXAMCAFE Chamberlain College Nursing
Follow You need to be logged in order to follow users or courses
Sold
140
Member since
1 year
Number of followers
5
Documents
23068
Last sold
6 days ago
EXAM CAFE

NBA FINALS.....CRAZY TIMES Welcome to Exam Docs Hub, the ultimate online destination for high-quality exam documents, study guides, and academic resources to help you excel in your studies! Whether you're preparing for final exams, standardized tests, certifications, or coursework, we provide comprehensive and well-structured materials to boost your confidence and performance. Our collection includes: ✅ Past exam papers for various subjects ✅ Study guides & summaries to simplify learning ✅ Practice tests & quizzes to assess your knowledge ✅ Detailed solutions & answer keys for effective revision At Exam Docs Hub, we prioritize accuracy, quality, and accessibility. Our resources are carefully curated to meet the needs of students, educators, and professionals. With instant downloads and user-friendly access,

Read more Read less
3.2

17 reviews

5
6
4
3
3
2
2
1
1
5

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions