Quiz Summary
0 of 50 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 50 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 50
1. Question
A company is facing a security breach that could potentially compromise sensitive customer information. The incident response team has suggested implementing a security measure that involves collecting additional personal data from customers to identify potential fraudulent activity. However, the legal team is concerned about violating privacy laws. What should the company do in this situation?
CorrectIncorrect -
Question 2 of 50
2. Question
A company has recently implemented a new security system that monitors employee internet activity to prevent data breaches. Some employees are concerned that this system may violate their privacy rights. What should the company do to address these concerns?
CorrectIncorrect -
Question 3 of 50
3. Question
A company handles sensitive data related to its clients and has recently experienced data breaches. To address this issue, the company has decided to classify its data. What is the primary goal of data classification?
CorrectIncorrect -
Question 4 of 50
4. Question
A company has classified its data into three categories: public, confidential, and highly confidential. Which of the following is an appropriate non-technical control that can be implemented for the confidential data category?
CorrectIncorrect -
Question 5 of 50
5. Question
In a company, who is responsible for ensuring the ownership of data and the protection of sensitive information?
CorrectIncorrect -
Question 6 of 50
6. Question
What is the purpose of establishing ownership of data in an organization?
CorrectIncorrect -
Question 7 of 50
7. Question
An organization is conducting a review of its data retention policy. Which of the following is the primary reason for establishing a retention policy?
CorrectIncorrect -
Question 8 of 50
8. Question
An organization is developing a data retention policy for its customer database. Which of the following is the BEST approach for determining the retention period for this data?
CorrectIncorrect -
Question 9 of 50
9. Question
A company wants to establish a data classification policy. Which of the following data types should be classified as Confidential?
CorrectIncorrect -
Question 10 of 50
10. Question
An organization is reviewing its data types and is trying to determine which type of data should be classified as Restricted. Which of the following data types should be classified as Restricted?
CorrectIncorrect -
Question 11 of 50
11. Question
A company has a retention policy that states that all employee records must be retained for 5 years. However, an employee was terminated and their records were deleted after only 3 years. The company could potentially face legal action from the employee. Which of the following is the BEST non-technical control to prevent this from happening again?
CorrectIncorrect -
Question 12 of 50
12. Question
A hospital stores sensitive patient information, including medical records and billing information. Which of the following is the best non-technical control to ensure the privacy and protection of this information?
CorrectIncorrect -
Question 13 of 50
13. Question
An employee receives an email from a colleague containing sensitive information about a new product release. The employee suspects that the email was accidentally sent to them and was not intended for their eyes. What non-technical control can the employee implement to ensure confidentiality of this information?
CorrectIncorrect -
Question 14 of 50
14. Question
A company handles sensitive customer data, including names, addresses, and social security numbers. What non-technical control can the company implement to ensure the confidentiality of this data?
CorrectIncorrect -
Question 15 of 50
15. Question
A company stores the personal data of its customers, including their name, address, and credit card information. A hacker has gained access to this information and is now threatening to release it online unless the company pays a ransom. The company wants to ensure that they comply with legal requirements related to data privacy and protection. Which non-technical control would be MOST effective in this scenario?
CorrectIncorrect -
Question 16 of 50
16. Question
A government agency holds classified information related to national security. The agency wants to ensure that this information is protected from unauthorized access and disclosure. Which non-technical control would be MOST effective in this scenario?
CorrectIncorrect -
Question 17 of 50
17. Question
A multinational company has operations in multiple countries and regions across the world. The company is required to comply with various data privacy regulations and laws in each country they operate. Which of the following non-technical control ensures that the data of each country remains in that country and is protected according to the laws of that country?
CorrectIncorrect -
Question 18 of 50
18. Question
A company based in Country A has a subsidiary in Country B. The company stores its data on servers located in Country A, but the subsidiary in Country B requires access to some of the data for its business operations. Which non-technical control should the company implement to ensure compliance with data sovereignty regulations?
CorrectIncorrect -
Question 19 of 50
19. Question
An organization is working on a project that involves collecting sensitive information from customers. The project team wants to ensure that the collected data is protected from unauthorized access, but they are also concerned about data minimization. Which of the following actions would best align with data minimization principles while still providing adequate security for the data?
CorrectIncorrect -
Question 20 of 50
20. Question
A company is preparing to implement a new customer relationship management (CRM) system that will collect and store customer information. The management team is concerned about the potential privacy implications of this new system and wants to ensure that data minimization principles are followed. Which of the following actions should the company take to implement data minimization controls?
CorrectIncorrect -
Question 21 of 50
21. Question
A company hires a contractor to develop a new software application. The company has sensitive intellectual property that it wants to protect from being shared or stolen. Which non-technical control is BEST suited to protect the company’s sensitive intellectual property?
CorrectIncorrect -
Question 22 of 50
22. Question
An organization is outsourcing a project to a third-party vendor. The vendor will have access to the organization’s confidential data during the project. Which of the following non-technical controls should be implemented to protect the organization’s data privacy and confidentiality?
CorrectIncorrect -
Question 23 of 50
23. Question
An organization is concerned about unauthorized access to sensitive data stored on its file servers. Which of the following technical controls can help mitigate this risk?
CorrectIncorrect -
Question 24 of 50
24. Question
A company stores sensitive customer data on its servers, which are accessible to multiple employees. The company wants to ensure the data is protected in transit and at rest. Which technical control should the company implement?
CorrectIncorrect -
Question 25 of 50
25. Question
In a software development company, developers have access to sensitive customer data for testing purposes. The company wants to ensure that the developers cannot view or manipulate the actual data while still being able to perform testing. Which technical control can be implemented to address this concern?
CorrectIncorrect -
Question 26 of 50
26. Question
A healthcare organization needs to share patient data with a research organization to conduct a study. The healthcare organization wants to protect the privacy of the patients and comply with HIPAA regulations. Which technical control would be MOST appropriate to use in this scenario?
CorrectIncorrect -
Question 27 of 50
27. Question
A company wants to protect its digital media content from illegal copying and distribution. Which technical control can they implement to prevent piracy of their media content?
CorrectIncorrect -
Question 28 of 50
28. Question
A company handles sensitive customer data that needs to be protected. They want to implement a security measure that replaces sensitive data with a unique identifier while maintaining the data’s functionality. Which technical control should they implement?
CorrectIncorrect -
Question 29 of 50
29. Question
In conducting a business impact analysis (BIA), which of the following is the primary goal?
CorrectIncorrect -
Question 30 of 50
30. Question
A company’s IT department is performing a risk assessment on its network infrastructure. During the process of identifying potential threats, they realize that their network perimeter security is weak and vulnerable to external attacks. Which of the following is the most appropriate risk identification process that the IT department should use to mitigate this risk?
CorrectIncorrect -
Question 31 of 50
31. Question
A company has recently identified a vulnerability in its software that could potentially result in unauthorized access to sensitive customer data. The IT department has remediated the vulnerability but the management team wants to ensure that all stakeholders are informed of the situation. Which of the following is the MOST appropriate method to communicate this risk factor to the stakeholders?
CorrectIncorrect -
Question 32 of 50
32. Question
A company is evaluating the risk of a potential data breach. They have identified several possible attack vectors and have assigned likelihood scores to each. The company now needs to calculate the probability of a data breach occurring. What method should they use?
CorrectIncorrect -
Question 33 of 50
33. Question
During a systems assessment, an organization identifies multiple vulnerabilities in its network infrastructure. Which of the following is the BEST approach to address the identified vulnerabilities?
CorrectIncorrect -
Question 34 of 50
34. Question
In a software development project, the team has identified several potential risks related to security, cost, and schedule. After evaluating each risk, the team has determined that the risk of a security breach has the highest impact on the project. However, mitigating this risk requires significant additional resources, which may affect the project’s schedule and budget. What is the BEST approach for the team to take?
CorrectIncorrect -
Question 35 of 50
35. Question
A company wants to improve its security posture by conducting a blue team exercise. Which of the following activities is typically performed by the blue team?
CorrectIncorrect -
Question 36 of 50
36. Question
A company has hired a red team to test the effectiveness of its security controls. The red team successfully gained access to sensitive data by exploiting a vulnerability in the company’s network. What should be the next step taken by the company?
CorrectIncorrect -
Question 37 of 50
37. Question
In a white team exercise, what is the primary responsibility of the white team?
CorrectIncorrect -
Question 38 of 50
38. Question
A large corporation is preparing for a potential cyber attack and wants to conduct a simulated exercise to test its incident response plan. The management team is concerned about potential damage to their reputation and financial losses. What type of training and exercise would be most appropriate for this situation?
CorrectIncorrect -
Question 39 of 50
39. Question
Which of the following is a benefit of using a risk-based framework for security?
CorrectIncorrect -
Question 40 of 50
40. Question
A company recently implemented a new code of conduct policy for its employees. Which of the following is the primary objective of this policy?
CorrectIncorrect -
Question 41 of 50
41. Question
A company has experienced several security incidents recently, and it has been determined that weak passwords are the cause of most of these incidents. The company wants to implement a new password policy to ensure stronger passwords. Which of the following should be included in the policy?
CorrectIncorrect -
Question 42 of 50
42. Question
ABC company recently implemented an Acceptable Use Policy (AUP) to regulate the use of company resources by employees. However, some employees are still using company computers for personal activities during work hours, violating the AUP. Which of the following is the BEST course of action for the company to take?
CorrectIncorrect -
Question 43 of 50
43. Question
A company is conducting a review of its data retention policy. The policy currently states that all data must be retained for a minimum of five years. However, the company has recently been receiving complaints from customers who are concerned about their personal data being stored for such a long period of time. What should the company do to address these concerns?
CorrectIncorrect -
Question 44 of 50
44. Question
A company has recently implemented a new security system to protect its network and data from unauthorized access. The security team has created a policy for continuous monitoring of the system. What is the main purpose of the continuous monitoring policy?
CorrectIncorrect -
Question 45 of 50
45. Question
In which of the following situations would managerial control be the most effective?
CorrectIncorrect -
Question 46 of 50
46. Question
An organization is implementing a new security control to prevent unauthorized access to its systems. The control involves requiring all employees to authenticate using a smart card before accessing any system. Which type of control does this represent?
CorrectIncorrect -
Question 47 of 50
47. Question
A company is concerned about insider threats and wants to implement controls that will detect any malicious activity. Which of the following is an example of a detective control?
CorrectIncorrect -
Question 48 of 50
48. Question
A company has implemented a security control that requires users to change their passwords every 90 days. What type of control is this?
CorrectIncorrect -
Question 49 of 50
49. Question
In a compliance audit, which of the following is the primary focus of the auditor?
CorrectIncorrect -
Question 50 of 50
50. Question
A company is required to comply with a new data privacy regulation. What is the best approach to ensure regulatory compliance?
CorrectIncorrect