Question 1

Which NIST publication provides guidelines for federal information system security?

Accepted Answer

NIST SP 800-53 - NIST SP 800-53 provides security controls for federal information systems to protect them from cyber threats.

Question 2

What is the main objective of the NIST Cybersecurity Framework?

Accepted Answer

To iimprove cybersecurity risk management for critical infrastructure - The NIST Cybersecurity Framework is designed to guide organizations in improving their cybersecurity posture by managing risks, especially in critical infrastructure.

Question 3

In the NIST Cybersecurity Framework, what does the 'Detect' function focus on?

Accepted Answer

Identifying cybersecurity events - The 'Detect' function in the NIST Cybersecurity Framework is focused on identifying cybersecurity incidents and events.

Question 4

Which NIST publication outlines a process for managing cybersecurity risk using the Risk Management Framework (RMF)?

Accepted Answer

NIST SP 800-37 - NIST SP 800-37 outlines the Risk Management Framework (RMF) used by federal agencies to manage cybersecurity risks.

Question 5

Which NIST publication is used for managing cryptographic standards and guidelines?

Accepted Answer

NIST SP 800-57 - NIST SP 800-57 provides guidance on cryptographic standards and key management processes.

Question 6

ISO/IEC 27001:2013 is primarily concerned with:

Accepted Answer

Information security management systems (ISMS) - ISO/IEC 27001:2013 focuses on creating and maintaining an Information Security Management System (ISMS) to ensure the security of information.

Question 7

What is a key element required for ISO 27001 certification?

Accepted Answer

An Information Security Management System (ISMS) - ISO 27001 certification requires an organization to have a fully established and functioning ISMS to manage information security risks.

Question 8

What is the purpose of 'Annex A' in ISO 27001?

Accepted Answer

To list security controls for mitigating identified risks - Annex A of ISO 27001 provides a comprehensive list of security controls that an organization can adopt to address identified risks.

Question 9

Annex A of ISO 27001 provides a comprehensive list of security controls that an organization can adopt to address identified risks.

Accepted Answer

Clause 6 - Clause 6 in ISO 27001 outlines the requirements for planning, establishing, and maintaining the ISMS.

Question 10

What does PDCA stand for in ISO 27001?

Accepted Answer

Plan, Do, Check, Act - PDCA is a continuous improvement cycle used in ISO 27001 to manage and improve the ISMS.

Question 11

What does GDPR stand for?

Accepted Answer

General Data Protection Regulation - GDPR stands for the General Data Protection Regulation, a regulation aimed at protecting the personal data of EU citizens.

Question 12

What is the primary objective of the GDPR?

Accepted Answer

To protect the privacy of EU citizens - The primary goal of the GDPR is to protect the privacy and personal data of individuals in the EU.

Question 13

Which of the following is NOT a principle of GDPR?

Accepted Answer

Data encryption - Data encryption is an important security measure but not one of the core principles of GDPR. The principles focus on lawful, fair, and transparent data processing.

Question 14

Under GDPR, how long do organizations have to notify the authorities of a data breach?

Accepted Answer

72 hours

Question 15

Which of the following is considered "special category data" under GDPR?

Accepted Answer

Racial or ethnic origin - Racial or ethnic origin is classified as "special category data" under GDPR, which requires stricter processing and protection.

Question 16

Which of the following is a key component of the GRC framework?

Accepted Answer

Risk management - Risk management is a core component of the GRC framework, focusing on identifying, assessing, and mitigating risks within an organization.

Question 17

Which of the following best describes Governance in GRC?

Accepted Answer

The strategic alignment of processes, controls, and policies - Governance in the GRC framework refers to ensuring that processes, controls, and policies align with the organization's objectives and regulatory requirements.

Question 18

Which of the following is the main objective of Risk Management within GRC?

Accepted Answer

To manage and mitigate organizational risks - The primary objective of risk management in the GRC framework is to assess and mitigate risks to achieve business objectives and reduce negative impacts.

Question 19

In GRC, what does the term "risk appetite" refer to?

Accepted Answer

The level of risk an organization is willing to accept to achieve its objec - Risk appetite refers to the amount of risk an organization is willing to tolerate or accept in pursuit of its objectives.

Question 20

Which GRC framework is widely used for IT governance and risk management?

Accepted Answer

COBIT - COBIT (Control Objectives for Information and Related Technologies) is a widely recognized framework used for IT governance, risk management, and compliance.

Governance, Risk & Compliance quiz - GRC quiz

2) What is the main objective of the NIST Cybersecurity Framework?

3) In the NIST Cybersecurity Framework, what does the 'Detect' function focus on?

4) Which NIST publication outlines a process for managing cybersecurity risk using the Risk Management Framework (RMF)?

5) Which NIST publication is used for managing cryptographic standards and guidelines?

6) ISO/IEC 27001:2013 is primarily concerned with:

7) What is a key element required for ISO 27001 certification?

8) What is the purpose of 'Annex A' in ISO 27001?

9) Annex A of ISO 27001 provides a comprehensive list of security controls that an organization can adopt to address identified risks.

10) What does PDCA stand for in ISO 27001?

11) What does GDPR stand for?

12) What is the primary objective of the GDPR?

13) Which of the following is NOT a principle of GDPR?

14) Under GDPR, how long do organizations have to notify the authorities of a data breach?

15) Which of the following is considered "special category data" under GDPR?

16) Which of the following is a key component of the GRC framework?

17) Which of the following best describes Governance in GRC?

18) Which of the following is the main objective of Risk Management within GRC?

19) In GRC, what does the term "risk appetite" refer to?

20) Which GRC framework is widely used for IT governance and risk management?