regulations, standards or frameworks.

Question 1

The _____ publishes the “20 CIS Controls.” _____ can be used to perform an overall evaluation of security posture.

Answer 1

Center for Internet Security (CIS)

The Risk Assessment Method (CIS-RAM)

Question 2

Department of Defense Cyber Exchange provides _____ with hardening guidelines for a variety of software and hardware solutions.

Answer 2

Security Technical Implementation Guides (STIGs)

Question 3

_____, by the National Institute of Standards and Technology (NIST), provides checklists and benchmarks for a variety of operating systems and applications.

Answer 3

National Checklist Program (NCP)

Question 4

The ______ can be used with automated vulnerability scanners to test compliance against these benchmarks.

Answer 4

Center for Internet Security Configuration Access Tool (CIS-CAT)

Question 5

The ______ is a set of 12 requirements aimed to ensure companies that process, store, or transmit credit card information maintain a secure environment.

Answer 5

Payment Card Data Security Standard (PC DSS)

Question 6

The ______ mandates that medical facilities and patient representatives protect private health information of an individual.

Answer 6

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Question 7

The ______ provides a security policy for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cybersecurity attacks.

Answer 7

National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF)

also maps to Cloud Security Alliance Cloud Controls Matrix (CSA CCM)

Question 8

_____ frameworks are based on specific laws and regulations and ensure compliance of those standards. These _____ frameworks are highly-controlled and regulated

Answer 8

Regulatory

Medical records are governed by regulatory laws, for example.

Question 9

The _____ Act mandates the implementation of risk assessments, internal controls, and audit procedures in the United States. It maps to CSA CCM.

Answer 9

Sarbanes-Oxley (SOX)

Question 10

The _____ is an international standard for information technology security. It maps to CSA CCM.

Answer 10

International Organization for Standardization (ISO)

Question 11

The _____ is an audit specification guide developed for accountants.

Answer 11

Statements on Standards for Attestation Engagements (SSAE)

Question 12

The _____ states that personal data cannot be collected, processed, or retained without the individual’s informed consent.

Answer 12

European Union’s General Data Protection Regulation (GDPR)

Question 13

The _____ is a federal law in the United States and is a vertical law for the financial sector.

Answer 13

Gramm–Leach–Bliley Act (GLBA)

Question 14

The _____ defines the safe handling and storage of financial information.

Answer 14

Payment Card Industry Data Security Standard (PCI DSS)

Question 15

A Service Organization Control (SOC) Type _ report addresses internal controls over financial reporting.

Answer 15

1

Question 16

A Service Organization Control (SOC) Type _ report provides assurances about the effectiveness of controls in place in an organization within a given timeframe.

Answer 16

2

Question 17

A Service Organization Control (SOC) Type _ report is not as detailed of a report certifying compliance with SOC2.

Answer 17

3

Question 18

The _____ is a framework that provides guidance in security domains, including application security, identity and access management, mobile security, encryption and key management, and data center operations.

Answer 18

Cloud Security Alliance Cloud Controls Matrix (CSA CCM)