Cybersecurity Essentials Module 8 Quiz Answers
Module 8: Governance and Compliance Quiz Question Answers
1. Which of the following measures can an organization implement to manage user threats?
- Conduct post-configuration penetration tests
- Implement LAN server configuration standards
- Disable internal USB ports
- Implement IPS
2. The ability to carry out highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence is covered in what category of the National Cybersecurity Workforce Framework?
- Security provision
- Oversight and development
- Protect and defend
3. What is the primary goal of IT security governance?
- To provide a set of policies and procedures to manage sensitive data
- To provide oversight to ensure that risks are adequately mitigated
- To define a set of controls that an organization should implement
- To make decisions to mitigate risk
4. Matching. Select from lists and then submit.
Match the data governance role to the correct function.
- Oversees an organization’s data protection strategy – Data protection officer
- Processes personal data on behalf of the data controller – Data processor
- Ensures compliance with policies and procedures – Data owner
- Determines the purposes and means of personal data processing – Data controller
- Implements the classification and security controls for data – Data custodian
5. An organization does not have policies in place to establish standardization for approved applications and operating system configurations. What type of policies does it need to develop?
- System-specific policies
- Issue-specific policies
- A master cybersecurity policy
- Acceptable use policies
6. Cybersecurity professionals may have access to sensitive data. What one factor should they understand to help them make informed ethical decisions in relation to this data?
- Cloud provider agreements
- A potential bonus
- Partnerships with third parties
- Laws governing the data
7. What law protects the privacy of an employee’s personal information from being shared with third parties?
- PCI DSS
8. Which of the following frameworks identifies controls based on the latest information about common cyber attacks and provides benchmarks for various platforms?
- The National Cybersecurity Workforce
9. Which industry-specific law governs payment card data protection?
- PCI DSS
10. What federal act law would an individual be subject to if they knowingly accessed a government computer without permission?