Module quiz: Laws and standards Quiz Answers
In this article i am gone to share Coursera Course: Cybersecurity Management and Compliance | Week 3 Quiz | Module quiz: Laws and standards Quiz Answers with you..
Enrol link: Cybersecurity Management and Compliance
Module quiz: Laws and standards Quiz Answers
Question 1)
John is working for a federal agency and is responsible for implementing and maintaining security protocols for their information system. After setting up the initial security controls, John is discussing the next steps with his team. Which of the following FISMA requirements should John emphasize as a continuous process?
- Set up Minimum Baseline Controls and leave them as they are.
- Document the Controls in the System Security Plan once and forget.
- Monitor the Security Controls on a Continuous Basis.
Question 2)
Anna is the Chief Information Security Officer (CISO) for a global manufacturing company. She’s been asked to create a system that helps her team understand their current cybersecurity posture, outline their future goals, and continuously track progress toward achieving those goals. Which component of the NIST Framework should she utilize for this purpose?
- Describing their current cybersecurity posture, outlining their cybersecurity goals, and tracking progress to the desired state.
- Focus on Implementation Tiers without considering the Framework Core or Profiles.
- Using the Framework solely for a basic review of cybersecurity practices by comparing against five high-level Functions: Identify, Protect, Detect, Respond, and Recover.
Question 3)
Which of the following are components of the NIST Framework? Select all that apply.
- Framework Profiles
- Risk Management
- Risk Assessment
- Framework Core
Question 4)
Jenny, a CFO of a publicly traded company, is discussing the importance of adhering to the Sarbanes-Oxley Act with her team. One of the team members mentions that the company could face legal consequences and significant financial penalties if they fail to comply. Another team member brings up that the company could also experience a loss of investor trust. Jenny wants to emphasize one more significant repercussion of non-compliance. What should she highlight?
- The company may encounter operational challenges, like increased audit fees and disruptions to core business functions.
- The company might face increased competition.
- The company might have to decrease its workforce.
Question 5)
Imagine you are the CEO of a company that uses Microsoft services to store customer data. One day, you are informed of unauthorized access to this data. How will Microsoft, as a data processor, assist you in addressing this breach as per GDPR regulations?
- Microsoft will immediately delete all data related to the breach without notifying the company.
- Microsoft will assess the privacy risks and determine if there’s a need to notify the DPA.
- Microsoft will notify you of the breach unless the data accessed is unintelligible, like encrypted data with a secure key.
Question 6)
True or False: ISO 27001 is a region-specific standard and is not recognized internationally.
- True
- False
Question 7)
True or False: Once resources are deployed using ARM templates, there remains a permanent connection between the deployed resources and the template.
- True
- False
Question 8)
Which of the following describes a key principle of COBIT?
- COBIT separates governance from management roles and responsibilities.
- COBIT is only applicable to large-scale enterprises.
- COBIT exclusively focuses on technological solutions for IT governance.
Question 9)
True or False: The NIST Privacy Framework consists of the Core, Profiles, and Implementation Tiers.
- True
- False
Question 10)
Which of the following best describes the primary purpose of a Privacy Risk Assessment (PRA) in the context of cloud services?
- Solely to ensure compliance with GDPR and HIPAA.
- To evaluate the cloud service provider’s technical capabilities.
- Systematically identifying, analyzing, evaluating, and addressing privacy risks associated with personal data and sensitive information in the cloud.
Question 11)
What is the primary purpose of the Federal Information Security Management Act (FISMA)?
- To create standardized cloud services for federal agencies.
- To bolster the security framework around federal information systems.
- To regulate private sector companies and their data security.
Question 12)
True or False: The NIST Framework replaces all other existing cybersecurity processes in an organization.
- True
- False
Question 13)
True or False: One of the primary components of the NIST Framework is the “Risk Management Tier.”
- True
- False
Question 14)
Which of the following best describes the primary objective of the Sarbanes-Oxley Act (SOX)?
- To reduce the tax burden on corporations.
- To protect investors by enhancing the accuracy and reliability of corporate financial statements.
- To promote corporate mergers and acquisitions.
Question 15)
Which of the following are controls of the ISO 27001 standard? Select all that apply.
- Business continuity management
- Vendor management
- Employee training programs
- Information security policies
Question 16)
Which of the following best describes the purpose of the COBIT framework in the context of cloud computing?
- It provides a comprehensive set of goals, practices, roles, responsibilities, and metrics to manage and audit cloud services effectively.
- It outlines the legal and regulatory obligations for cloud services.
- It is solely used for evaluating the Azure deployment.
Question 17)
True or False: A Privacy Requirements Traceability Matrix (PRTM) is primarily used to map privacy requirements from the PRA to the technical features provided by cloud services.
- True
- False
Question 18)
Which of the following best describes the primary purpose of the NIST Framework?
- It provides a comprehensive structure for organizations to manage and mitigate cybersecurity risks.
- It is a set of regulations that companies must legally adhere to.
- It is solely focused on the technological aspects of an organization.
Question 19)
True or False: Microsoft, when acting as a data processor, will only notify customers of data breaches when the breached data is intelligible.
- True
- False
Question 20)
Imagine you are a Cloud Architect for a company that needs to maintain compliance with the ISO standard. Your CEO is concerned about ensuring that every deployment within Azure adheres to the ISO guidelines. Which Azure service should you recommend to the CEO to enforce consistent policy implementation and resource conventions across deployments?
- Azure Storage
- Azure Blueprints
- ARM templates
Question 21)
Your organization is transitioning to Microsoft Azure and wants to ensure that the services provided by Azure support both operational and compliance objectives. Which ISACA guide would best assist auditors in this evaluation?
- COBIT Performance Management System.
- Azure Audit Program.
- COBIT Design and Implementation Guides.
Question 22)
Imagine you are the CIO of a large organization that’s considering moving its operations to a cloud-based infrastructure. One of your team members suggests neglecting the change management processes, stating that once the transition to the cloud is complete, no further action is required. Based on the article, what’s the best response?
- Implementing cloud frameworks is not a one-time activity but a continuous process that requires monitoring and adapting to changes in the cloud environment, business objectives, stakeholder needs, and legal requirements.
- The change management process is only relevant during the initial transition to the cloud.
- Only the initial setup of cloud services is crucial; post-deployment processes like monitoring changes are not essential.
Question 23)
A multinational company wants to ensure its cybersecurity measures are adaptable across borders and recognize global cybersecurity risks. How does the NIST Framework facilitate this?
- By providing financial incentives to companies that operate in multiple countries.
- By mandating specific cybersecurity software and hardware that must be used in all countries.
- By fostering technical innovation through its technology-neutral stance and referencing a range of evolving global standards, guidelines, and practices.
Question 24)
True or False: COBIT’s primary function is to provide guidelines for IT audits.
- True
- False
Question 25)
You are an IT consultant hired by a new startup company that is looking to use Microsoft Azure for its cloud services. The CEO is concerned about privacy and wants to ensure that their Azure deployment meets all necessary privacy requirements. Which of the following should be your primary recommendation?
- Ignore COBIT as it is not relevant to cloud services.
- Solely focus on the NIST Privacy Framework as it is the only framework related to cloud privacy.
- Utilize the Azure Audit Program as it offers evaluative control statements and detailed testing procedures specific to Azure deployment areas.
Question 26)
True or False: One of the main categories in FISMA requires federal agencies to conduct security reviews every five years.
- True
- False
Question 27)
What is the primary function of Azure Blueprints?
- Azure Blueprints allows organizations to define a repeatable set of Azure resources that adhere to requirements and standards.
- Azure Blueprints provides a platform for developing cloud-based applications.
- Azure Blueprints are primarily used for storing data in the cloud.
Question 28)
Which entity decides the purpose and method of processing personal data under GDPR?
- Data Subject
- Data Controller
- Processor
Question 29)
True or False: One of the significant sections of the Sarbanes-Oxley Act, Section 404, mandates that companies evaluate their external marketing strategies.
- True
- False
Question 30)
Which of the following best describes the purpose of ISO 27001 within the realm of information security?
- It establishes guidelines for an Information Security Management System (ISMS).
- It serves as a guideline for setting up a physical security system.
- It provides standards for setting up a global communication network.