B.3.5 Security+ SY0-601 Domain 5: Governance, Risk, and Compliance Flashcards
72 questions (plus some of my own)
Which type of control makes use of policies, disaster recovery plans (DPRs), and business continuity plans (BCPs)?
Managerial
Encryption is which type of access control?
Technical
Which of the following are control categories? (Select three.)
Technical
Operational
Managerial
Which of the following is an example of a preventative control type?
An advanced network appliance
Audit trails produced by auditing activities are which type of security control?
Detective
Which access control type is used to implement short-term repairs to restore basic functionality following an attack?
Corrective
Which type of control is used to discourage malicious actors from attempting to breach a network?
Deterrent
Which of the following BEST describes compensating controls?
Partial control solution that is implemented when a control cannot fully meet a requirement
Which security control, if not applied, can allow an attacker to bypass other security controls?
Physical access control
Which of the following standards relates to the use of credit cards?
Personal Card Industry Data Security Standard
(PCI DSS)
Which of the following government acts protects medical records and personal health information?
HIPAA
HIPAA is a set of federal regulations that define security guidelines. What do HIPAA guidelines protect?
Privacy
Which of the following is a government audit by the SEC that relates to internal controls and focuses on IT security, access controls, data backup, change management, and physical security?
Sarbanes-Oxley (SOX)
Which of the following laws was designed to protect a child’s information on the internet?
Children’s Online Privacy Protection Act (COPPA)
Which of the following security frameworks is used by the federal government and all its departments, including the Department of Defense?
National Institute of Standards and Technology (NIST)
Which ISO publication lays out guidelines for selecting and implementing security controls?
27002
What is the ISO 27001?
It is the publication that covers implementing and improving a security management system as well as an assessment guideline
What does the ISO 31000 do?
Covers risk management as it pertains to business continuity, safety, environmental results, and the professional reputation of a company
What does the ISO 27701 do?
Covers establishing, implementing, and improving a privacy information management system
Which SOC type reports focus on predetermined controls that are audited and a detailed report that attests to a company’s compliance?
II
What is a SOC Type I report?
An attestation of controls at an organization for a specific point in time
What is a SOC Type III report?
A non-detailed report attesting to a company’s compliance. This type of report is used for marketing and letting future partners know that compliance has been met
Which type of report is used for marketing and letting future partners know that compliance has been met?
SOC Type III
Which of the following frameworks introduced the first cloud-centric individual certification?
Cloud Security Alliance (CSA)