12.3.7 Practice Questions Flashcards
Question 1.
You are a cybersecurity manager at a large multinational corporation. Your company has recently implemented a new security control system. You are tasked with ensuring the effectiveness and compliance of this new system.
Which of the following approaches would be the MOST effective for this task?
answer
Conduct an internal assessment only.
Rely on self-assessment by the team that implemented the system.
Conduct an external assessment only.
Conduct both an internal and external assessment.
Correct Answer:
Conduct both an internal and external assessment.
Question 2.
Correct
Which of the following terms identifies the process of reviewing log files for suspicious activity and threshold compliance?
answer
Scanning
Phishing
Auditing
CompSec
Correct Answer:
Auditing
Question 3.
Correct
A healthcare organization is developing its data privacy and security strategy. The leadership team is exploring different methods to monitor, evaluate, and improve security practices to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA).
What would be the MOST appropriate measure to maintain and oversee its privacy and security controls?
answer
Conducting a self-assessment
Establishing an audit committee
Implementing a security awareness program
Outsourcing security operations to a managed security service provider
Correct Answer:
Establishing an audit committee
Question 4.
Incorrect
An organization must ensure its operating practices align with laws, regulations, standards, policies, and ethical requirements. The organization wants to evaluate the effectiveness of internal controls, identify any noncompliance or risk areas, and communicate findings to internal stakeholders such as risk managers.
Which internal assessment approach would be MOST appropriate for this purpose?
answer
Compliance assessment
Regulatory assessment
Self-assessment
Using an audit committee
Correct Answer:
Compliance assessment
Question 5.
Correct
An organization must hire nonaffiliated experts (consultants) to conduct an assessment. The organization expects the experts to provide a broad evaluation of their overall performance, practices, and capabilities, including specific focus areas, such as strategy, operational efficiency, risk management, cybersecurity, or compliance practices.
Which type of assessment meets the organization’s needs?
answer
Self-assessment
External assessment
Internal audit committee
Internal compliance assessment
Correct Answer:
External assessment
Question 6.
A multinational corporation wants to enhance its risk management procedures and validate that its systems, controls, and processes align with specific international standards, regulations, and best practices.
Which approach should the organization consider to ensure an unbiased and comprehensive analysis of its security posture?
answer
Self-assessment
External examination
Internal audit
Internal compliance assessment
Correct Answer:
External examination
Question 7.
Which type of audit is performed by either a consultant or an auditing firm employee?
answer
Financial audit
Internal audit
External audit
Usage audit
Correct Answer:
External audit
Question 8.
Which of the following is true concerning internal audits?
answer
They are generally nonobjective.
The process is very formal.
They are always highly rigorous.
Incorrect answer:
The auditor works independently.
Correct Answer:
They are generally nonobjective.
Question 9.
Which of the following standards relates to the use of credit cards?
answer
SOX
PCI DSS
PoLP
Financial audit
Correct Answer:
PCI DSS
Question 10.
An organization validates its security controls, processes, and adherence to industry standards and wants an unbiased evaluation to instill confidence among stakeholders.
Which method should it employ for this purpose?
answer
Compliance assessment
Audit committee
Independent third-party audit
Self-assessment
goal
Correct Answer:
Independent third-party audit