Cybersecurity Compliance Framework & System Administration Quiz Answer | Compliance Frameworks and Industry Standards | Week 1

Compliance and Regulations for Cybersecurity ( PRACTICE QUIZ )

Q1) Which of the bad guys are described as "They are "in" an organization but are human and make mistakes" ?

• Inadvertant Actor

Q2) Which is NOT one of the security controls ?

• Testing

Q3) What year did the GDPR come into effect ?

• 2018

Q4) Which three (3) of these obligations are part of the 5 key GDPR obligations? Check all that apply

• Accountability of Compliance
• Consent
• Rights of EU Data Subject

System and Organization Controls Report (SOC) Overview ( PRACTICE QUIZ )

Q1) Which is the foundational principle that everyone will get during a SOC audit ?

• Security

Industry Standards ( PRACTICE QUIZ )

Q1) The HIPAA security rule requires covered entites to maintain which two (2) reasonable safeguards for protecting e-PHI ?

• Physical
• Technical

Q2) HIPAA Administrative safeguards include which two (2) of the following ?

• Security Personnel 
• Workforce Training and Management

Q3) PCI includes 264 requirements grouped under how many main requirements ?

• 12

CIS Critical Security Controls ( PRACTICE QUIZ )

Q1) If you are a mature organization which CIS Controls Implementation Group would you use ?

• Implementation Group 3

Compliance Frameworks and Industry Standards ( MAIN QUIZ)

Q1) A security attack is defined as which of the following?

• An event that has been identified by correlation and analytics tools as a malicious activity.

Q2)Which order does a typical compliance process follow?

• Establish scope, readiness assessment, gap remediation, testing/auditing, management reporting

Q3)Under GDPR who determines the purpose and means of processing of personal data?

• Controller

Q4)Under the International Organization for Standardization (ISO) which standard focuses on Privacy?

• ISO 27018

Q5)Which SOC report is closest to an ISO report?

• Type 1

Q6)What is an auditor looking for when they test control the control for implementation over an entire offering with no gaps?

• Completeness

Q7)The HIPAA Security Rule requires covered entities to maintain which three (3) reasonable safeguards for protecting e-PHI?

• physical
• technical
• administrative

Q8)HIPAA Administrative safeguards include which two (2) of the following?

• Workforce training and management
• Security Personnel

Q9)Who is the governing entity for HIPAA?

• US Department of Health and Human Services Office of Civil Rights

Q10)HIPAA Physical safeguards include which two (2) of the following?

• Workstation and Device Security
• Facility Access and Control

Q11)PCI uses which three (3) of the following Card Holder Data Environment categories to determine scope?

• Technology
• Processes
• People

Q12)One PCI Requirement is using an approved scanning vendor to scan at what frequency?

• Quarterly

Q13)In which CIS control category will you find Incident Response and Management?

• Organizational

********************************************************************************************************************************

Cybersecurity Compliance Framework & System Administration

• Cybersecurity Compliance Framework & System Administration Quiz Answer | Compliance Frameworks and Industry Standards | Week 1

• Cybersecurity Compliance Framework & System Administration | Client System Administration, Endpoint Protection and Patching | Week 2

• Cybersecurity Compliance Framework & System Administration All Quiz Answer | Server and User Administration | Week 3

• Cybersecurity Compliance Framework & System Administration All Quiz Answer | Cryptography and Compliance Pitfalls | Week 4