What is the primary goal of the NIST Cybersecurity Framework?

  1. Replace all security systems
  2. Reduce IT costs
  3. Eliminate all cyber attacks
  4. Provide guidelines for managing cybersecurity risks in organizations ✓

Correct answer: Provide guidelines for managing cybersecurity risks in organizations

Option D is correct because the NIST Cybersecurity Framework (CSF) was developed to provide organizations with a voluntary, risk-based set of guidelines, best practices, and standards for identifying, protecting against, detecting, responding to, and recovering from cybersecurity threats, making risk management its central purpose. Option A is incorrect because the NIST CSF is not designed to replace existing security systems; it is a complementary framework that organizations apply on top of their existing controls. Option B is incorrect because while good security practices may reduce operational inefficiencies, reducing IT costs is not the primary goal of the NIST CSF. Option C is incorrect because no framework can guarantee the elimination of all cyber attacks; the CSF focuses on managing and reducing risk to acceptable levels rather than achieving perfect security.

Topic: Security Program Management and Oversight · nist csf, cybersecurity framework, risk management, security guidelines

Practice CompTIA Security+ (SY0-701) Questions Free