Security+_Domain_5 Professional Development Quiz

1.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following controls is used to make an organization initially aware of a data compromise?

Protective

Preventative

Corrective

Detective

2.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A vulnerability has been discovered and a known patch to address the vulnerability does not exist. Which of the following controls works BEST until a proper fix is released?

Detective

Compensating

Deterrent

Corrective

3.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following types of controls is a turnstile?

Physical

Detective

Corrective

Technical

4.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following control types fixes a previously identified issue and mitigates a risk?

Detective

Corrective

Preventative

Finalized

5.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following control types is focused primarily on reducing risk before an incident occurs?

Preventive

Deterrent

Corrective

Detective

Answer explanation

"Preventive controls act before an event, preventing it from advancing".

Deterrent - "acts to discourage the attacker by reducing the likelihood of success from the perspective of the attacker”.

6.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following would BEST provide detective and corrective controls for thermal regulation?

A smoke detector

A fire alarm

An HVAC system

A fire suppression system

Guards

Answer explanation

An HVAC system can detect deviations in temperature and adjust accordingly.

7.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A social media company based in North America is looking to expand into new global markets and needs to maintain compliance with international standards. With which of the following is the company's data protection officer MOST likely concerned?

NIST Framework

ISO 27001

GDPR

PCI-DSS

Answer explanation

GDPR - a regulation in EU laws that requires businesses to protect the personal data and privacy of EU citizens.
ISO - An independent, non-governmental organization that develops standards to ensure the quality, safety and efficiency of products, services and systems.

NIST - A non-regulatory US government agency created to develop cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public.

PCI DSS - A set of security standards for organizations that handle credit cards from major card schemes.

CIS Benchmarks - a set of globally recognized and consensus-driven best practices to help security practitioners implement and manage their cybersecurity defenses.

8.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

The Chief Information Security Officer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls are in place to protect customer data. Which of the following would be BEST for the third-party vendor to provide to the CISO?

GDPR compliance attestation

Cloud Security Alliance materials

SOC 2 Type 2 report

NIST RMF workbooks

Answer explanation

In the SOC 2 Type report, the auditor confirms that the controls are functioning properly.

9.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following organizations sets frameworks and controls for optimal security configuration on systems?

ISO

GDPR

PCI DSS

NIST

Answer explanation

ISO is for all standards, whereas NIST is only related to security.GDPR - a regulation in EU laws that requires businesses to protect the personal data and privacy of EU citizens.
ISO - An independent, non-governmental organization that develops standards to ensure the quality, safety and efficiency of products, services and systems.

NIST - A non-regulatory US government agency created to develop cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public.

PCI DSS - A set of security standards for organizations that handle credit cards from major card schemes.

CIS Benchmarks - a set of globally recognized and consensus-driven best practices to help security practitioners implement and manage their cybersecurity defenses.

10.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A company is auditing the manner in which its European customers' personal information is handled. Which of the following should the company consult?

GDPR

ISO

NIST

PCI DSS

Answer explanation

GDPR - a regulation in EU laws that requires businesses to protect the personal data and privacy of EU citizens.
ISO - An independent, non-governmental organization that develops standards to ensure the quality, safety and efficiency of products, services and systems.

NIST - A non-regulatory US government agency created to develop cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public.

PCI DSS - A set of security standards for organizations that handle credit cards from major card schemes.

CIS Benchmarks - a set of globally recognized and consensus-driven best practices to help security practitioners implement and manage their cybersecurity defenses.

Create a free account and access millions of resources

Similar Resources on Quizizz

Popular Resources on Quizizz

Discover more resources for Computers