最新的CSF Practitioner認證 CCSFP考試題庫

問題1

What frameworks are the HITRUST CSF built upon? (Select all that apply) [0005] NIST SP 800-53

A. ISO 27799

B. ISO 27001/2

C. NIST SP 800-37 Rev 1

D. HIPAA Omnibus Rule

正確答案: A,B,D

說明：（僅 VCESoft 成員可見）

問題2

Is the HITRUST CSF a replacement standard for HIPAA or NIST 800-53?

A. Yes

B. No

正確答案: B

說明：（僅 VCESoft 成員可見）

問題3

What information is required to complete the documentation of a Corrective Action Plan (CAP)? (Select all that apply) [0064]

A. An estimated date when the CAP will be completed by

B. Who is responsible for closing the CAP

C. The status of the CAP

D. The amount of capital/expense required to implement remediation activities

E. What steps will be taken to address the CAP

正確答案: A,B,C,E

說明：（僅 VCESoft 成員可見）

問題4

An r2 certification is good for how many years?

A. Two years provided an interim assessment is performed and interim requirements are met

B. Until there has been a significant change in the in-scope environment

C. Two years provided an interim assessment is performed, all CAPs have been remediated, and all N/As discharged

D. Two years regardless

正確答案: A

說明：（僅 VCESoft 成員可見）

問題5

For an r2 assessment, to obtain a Validated Report with Certification, each domain must score at least a 71 or higher.

A. False

B. True

正確答案: B

說明：（僅 VCESoft 成員可見）

問題6

Using only the information from the chart and question below, please answer the following question:
Domain
Control Reference
Requirement Statement
Numeric Score
01 Information Program
00.a.ISMP
The organization has...
72
01 Information Program
00.a.ISMP
The organization ensures...
74
01 Information Program
00.a.ISMP
A formal information...
81
02 Endpoint Protection
09.j Controls Against Malicious Code
Antivirus clients have...
62
02 Endpoint Protection
09.ab Monitoring System Use
Antivirus clients are...
79
05 Wireless Protection
09.ab Monitoring System Use
Networks are monitored...
84
19 Data Protection & Privacy
11.c Responsibilities and Procedures
The Privacy Officer...
42
19 Data Protection & Privacy
11.c Responsibilities and Procedures
A formal privacy program...
63
19 Data Protection & Privacy
02.d Management Responsibilities
Senior management...
68
19 Data Protection & Privacy
02.d Management Responsibilities
Requests for covered...
70
Assuming no Implementation score achieved 100% on any requirement statement and assuming all Control References are required for certification, this assessment will contain a required Corrective Action Plan (CAP)? [0193]

A. False

B. True

正確答案: B

說明：（僅 VCESoft 成員可見）

問題7

What can the Illustrative Procedures be used for? (Select all that apply)

A. Optional procedures

B. Consistency in testing between the Assessed Entity and the External Assessor

C. The basis for an assessor test plan

D. Implementation testing guidance

正確答案: A,C,D

說明：（僅 VCESoft 成員可見）

問題8

If an organization's relying party is requesting an Insights Report covering AI risks, which of the following factors should be added to an assessment?

A. The A1 Risk Assessment

B. The A1 Security Assessment

正確答案: A

說明：（僅 VCESoft 成員可見）

最新的HITRUST Certified CSF Practitioner 2025 - CCSFP免費考試真題

最新更新

站內鏈接

聯系我們