This certification benefits any professional who needs to demonstrate their ability to implement the NIST framework components to drive improved cybersecurity practices into the data center.
The exam covers high level framework topics as well as detailed underlying processes that support framework implementation. This includes the framework core, tiers and profiles which allow CSIRT staff to evaluate risk and prioritize feature changes based on business needs and changes in the security landscape.
Dell Technologies NIST Cybersecurity Framework Exam Summary:
| Exam Name | Dell Technologies Certified NIST Cybersecurity Framework 2023 |
| Exam Code | D-CSF-SC-23 |
| Exam Price | $230 (USD) |
| Duration | 90 mins |
| Number of Questions | 60 |
| Passing Score | 63% |
| Books / Training | Introduction to Cybersecurity Frameworks (pre-requisite) (ES131DSY00354) Implementing the NIST Cybersecurity Framework (ES132DSY00786) |
| Sample Questions | Dell Technologies NIST Cybersecurity Framework Sample Questions |
| Practice Exam | Dell Technologies D-CSF-SC-23 Certification Practice Exam |
Dell Technologies D-CSF-SC-23 Exam Syllabus Topics:
| Topic | Details | Weights |
| NIST Framework Overview | - Describe the NIST Framework architecture and purpose including the Core, Tiers, and Profiles - Describe the topics associated with the Category layer and explain how they align to the NIST Framework functions |
10% |
| NIST Framework: Identify Function | - Describe what constitutes an asset and which assets need to be protected - Describe the "who/what/why" of a continuously updated inventory - Describe how discovery and inventory facilitates the planning efforts associated with Disaster Recovery, Incident Response, Communications, and Business Impact Analysis - Describe the controls for the inventory classification and explain the KPIs developed around these controls |
18% |
| NIST Framework: Protect Function | - Describe the need for creating and documenting a baseline configuration - Explain how the Business Impact Analysis is integral to the protect function - Describe the role of the Business Continuity Plan and Business Impact Analysis - Describe the maintenance and access control subcategory controls for the protect function - Describe the awareness training, data security and protective technology subcategory controls of the protect function |
23% |
| NIST Framework: Detect Function | - Describe the anatomy of a breach, including what constitutes a breach, why and how it happens, and the steps to avoid a breach - Identify the methods of detection and how detection can be implemented - Describe the concept and benefits of continuous monitoring - Identify and explain the subcategories associated with detection and analysis |
17% |
| NIST Framework: Respond Function | - Describe how to quantify the extent of a security breach - Describe how to contain a security breach - Understand and construct an effective Incident Response Plan - Describe the purpose and details of an effective Communications Plan - Describe the after action plan and review |
17% |
| NIST Framework: Recover Function | - Determine and describe the considerations when implementing a Disaster Recovery Plan (DRP) - Describe how the BCP (Business Continuity Plan) supports “timely recovery to normal operations to reduce the impact from a cybersecurity incident.” - Assess and describe the requirements and processes to return to "business as usual" - Describe the process of understanding the impact to the business, including reputation and revenue |
15% |
Posts
0 comments:
Post a Comment