FINAL EXAM MISY 5325 FALL 2025 –
2026 QUESTIONS WITH RIGHT
ANSWERS.
Informative references ANSWER : - __________ point to industry standards, guidelines, and practices
that are beneficial for an organization trying to achieve outcomes.
FALSE ANSWER : - NIST is very clear that their framework is aimed to replace existing risk management
processes and cybersecurity programs of your organization.
Internal Participation ANSWER : - The NIST Cybersecurity Framework Tiers include all of these
categories EXCEPT:
implementation/operations ANSWER : - In the NIST s Cybersecurity Framework Coordination model,
the business/process level obtains the executive level inputs into the risk management process, and
then collaborates with the __________ level.
TRUE ANSWER : - The NIST Cybersecurity Framework was created through collaboration between
industry and government.
Tiers ANSWER : - The NIST Cybersecurity Framework __________ provide guidance to allow
organizations to analyze cybersecurity risk and to enhance their processes to manage such risk.
partial
risk-informed
repeatable
adaptive ANSWER : - The four (4) NIST Cybersecurity Framework Tiers are:
Tiers ANSWER : - The NIST Cybersecurity Framework __________ is/are designed to help organizations
to view and understand the characteristics of their approach to managing cybersecurity risk.
,Subcategories ANSWER : - __________ are a list of specific outcomes of technical and/or management
activities.
framework ANSWER : - NIST s Cybersecurity __________ is a living document and will continue to be
updated and improved as participants provide feedback on implementation.
profile ANSWER : - The work product of cybersecurity requirements management using the NIST
Cybersecurity Framework is referred to as a(n) __________.
identify, protect, detect, respond, recover ANSWER : - The NIST Cybersecurity Framework Core consist
of these functions:
business/process ANSWER : - In the NIST s Cybersecurity Framework Coordination model, the
executive level communicates the mission priorities, available resources, and overall risk tolerance to
the __________ level.
TRUE ANSWER : - NIST s Cybersecurity Framework provides a common language to communicate
requirements with all the stakeholders within or outside your organization that are responsible for the
delivery of essential critical infrastructure services.
guidance ANSWER : - NIST Cybersecurity Framework is built from standards, guidelines, and practices
to provide a common __________ for organizations.
business/process ANSWER : - In the NIST s Cybersecurity Framework Coordination model, the
implementation/operations level is where the stakeholders are in charge of implementing the
framework and communicating the implementation progress to the __________ level.
FALSE ANSWER : - The NIST Cybersecurity Framework cannot be used to translate among a variety of
risk management practices.
Identify ANSWER : - The NIST Cybersecurity Framework __________ function includes the categories
and subcategories that define what processes and assets need protection.
, The NIST Cybersecurity Framework Core functions are broken down in to all of these EXCEPT: ANSWER
: - Guidelines
Standards ANSWER : - NIST s Cybersecurity Framework is divided into three parts including all EXCEPT
Maturity ANSWER : - The Implementation Tiers in the NIST Cybersecurity Framework are designed as
an overarching measurement of cybersecurity risk management _________.
Core ANSWER : - The NIST Cybersecurity Framework __________ is/are a collection of cybersecurity
activities, outcomes, and informative references that are common across critical infrastructure sectors.
FALSE ANSWER : - The NIST Cybersecurity Framework is never used by organizations of differing sizes.
Categories ANSWER : - __________ group the elements of a function into collections of cybersecurity
outcomes.
ANSWER : - In the NIST Cybersecurity Framework Cyber Supply Chain Relationship, companies have
communication with all EXCEPT:
TRUE ANSWER : - The NIST Cybersecurity Framework Core subcategory outcomes are meaningful for
multiple requirements.
TRUE ANSWER : - The Implementation Tiers in the NIST Cybersecurity Framework are not prescriptive
like you may find in other maturity models.
PROFILES ANSWER : - The NIST Cybersecurity Framework __________ is/are designed to help the
underlying organization align its cybersecurity undertakings with business requirements, risk tolerances,
and resources.
2026 QUESTIONS WITH RIGHT
ANSWERS.
Informative references ANSWER : - __________ point to industry standards, guidelines, and practices
that are beneficial for an organization trying to achieve outcomes.
FALSE ANSWER : - NIST is very clear that their framework is aimed to replace existing risk management
processes and cybersecurity programs of your organization.
Internal Participation ANSWER : - The NIST Cybersecurity Framework Tiers include all of these
categories EXCEPT:
implementation/operations ANSWER : - In the NIST s Cybersecurity Framework Coordination model,
the business/process level obtains the executive level inputs into the risk management process, and
then collaborates with the __________ level.
TRUE ANSWER : - The NIST Cybersecurity Framework was created through collaboration between
industry and government.
Tiers ANSWER : - The NIST Cybersecurity Framework __________ provide guidance to allow
organizations to analyze cybersecurity risk and to enhance their processes to manage such risk.
partial
risk-informed
repeatable
adaptive ANSWER : - The four (4) NIST Cybersecurity Framework Tiers are:
Tiers ANSWER : - The NIST Cybersecurity Framework __________ is/are designed to help organizations
to view and understand the characteristics of their approach to managing cybersecurity risk.
,Subcategories ANSWER : - __________ are a list of specific outcomes of technical and/or management
activities.
framework ANSWER : - NIST s Cybersecurity __________ is a living document and will continue to be
updated and improved as participants provide feedback on implementation.
profile ANSWER : - The work product of cybersecurity requirements management using the NIST
Cybersecurity Framework is referred to as a(n) __________.
identify, protect, detect, respond, recover ANSWER : - The NIST Cybersecurity Framework Core consist
of these functions:
business/process ANSWER : - In the NIST s Cybersecurity Framework Coordination model, the
executive level communicates the mission priorities, available resources, and overall risk tolerance to
the __________ level.
TRUE ANSWER : - NIST s Cybersecurity Framework provides a common language to communicate
requirements with all the stakeholders within or outside your organization that are responsible for the
delivery of essential critical infrastructure services.
guidance ANSWER : - NIST Cybersecurity Framework is built from standards, guidelines, and practices
to provide a common __________ for organizations.
business/process ANSWER : - In the NIST s Cybersecurity Framework Coordination model, the
implementation/operations level is where the stakeholders are in charge of implementing the
framework and communicating the implementation progress to the __________ level.
FALSE ANSWER : - The NIST Cybersecurity Framework cannot be used to translate among a variety of
risk management practices.
Identify ANSWER : - The NIST Cybersecurity Framework __________ function includes the categories
and subcategories that define what processes and assets need protection.
, The NIST Cybersecurity Framework Core functions are broken down in to all of these EXCEPT: ANSWER
: - Guidelines
Standards ANSWER : - NIST s Cybersecurity Framework is divided into three parts including all EXCEPT
Maturity ANSWER : - The Implementation Tiers in the NIST Cybersecurity Framework are designed as
an overarching measurement of cybersecurity risk management _________.
Core ANSWER : - The NIST Cybersecurity Framework __________ is/are a collection of cybersecurity
activities, outcomes, and informative references that are common across critical infrastructure sectors.
FALSE ANSWER : - The NIST Cybersecurity Framework is never used by organizations of differing sizes.
Categories ANSWER : - __________ group the elements of a function into collections of cybersecurity
outcomes.
ANSWER : - In the NIST Cybersecurity Framework Cyber Supply Chain Relationship, companies have
communication with all EXCEPT:
TRUE ANSWER : - The NIST Cybersecurity Framework Core subcategory outcomes are meaningful for
multiple requirements.
TRUE ANSWER : - The Implementation Tiers in the NIST Cybersecurity Framework are not prescriptive
like you may find in other maturity models.
PROFILES ANSWER : - The NIST Cybersecurity Framework __________ is/are designed to help the
underlying organization align its cybersecurity undertakings with business requirements, risk tolerances,
and resources.
