Governance, Risk, and Compliance (50 Questions & Answers)

Which of the following controls is considered a preventive control?

Intrusion Detection System (IDS)
Security Awareness Training
Security Incident Response Plan
Security Audit

Which of the following controls is an example of a technical control?

Background checks
Security awareness training
Firewall
Security policies and procedures

A security incident occurs involving a compromised user account, and the security team needs to investigate the activities performed by the compromised account. To gather more information, the security analyst reviews the SIEM dashboard. Which of the following data sources within the SIEM dashboard is responsible for capturing and recording user activity logs?

DNS server logs
Proxy server logs
Email server logs
Endpoint security logs

In the context of governance, risk, and compliance, which of the following is an example of a managerial control?

Firewall
Data Encryption
Security Awareness Training
Intrusion Detection System (IDS)

Which of the following is an example of a managerial control for ensuring compliance with legal and regulatory requirements?

Two-Factor Authentication (2FA)
Penetration Testing
Privacy Impact Assessment (PIA)
Patch Management

During an investigation, a security analyst is reviewing the SIEM dashboard to identify security incidents. The analyst notices an event with high sensitivity indicating a potential critical security breach. Which of the following data sources within the SIEM dashboard is responsible for assigning sensitivity levels to security events?

Firewall logs
System logs
Threat intelligence feeds
User access logs

In the context of governance, risk, and compliance, which of the following is an example of an operational control?

Risk Assessment
Business Continuity Plan
Incident Response Team
Security Awareness Training

While investigating an incident, a security analyst discovers an event in the SIEM dashboard flagged with low sensitivity. The event involves an unsuccessful login attempt from an unknown IP address. Which of the following data sources within the SIEM dashboard is responsible for providing sensitivity ratings to security events?

Network traffic logs
Security event logs
Incident response reports
Access control logs

Which of the following is an example of an operational control for managing physical access to sensitive areas?

Intrusion Detection System (IDS)
Security Guards
Data Encryption
Security Incident Response Plan

In the context of governance, risk, and compliance, which of the following is an example of a technical control?

Security Policies and Procedures
Background Checks
Intrusion Detection System (IDS)
Risk Assessment

Which of the following is an example of a technical control for protecting data in transit?

Encryption
Security Awareness Training
Penetration Testing
Business Impact Analysis (BIA)

In the context of governance, risk, and compliance, which of the following is an example of a physical control?

Firewall
Security Camera
Security Awareness Training
Intrusion Detection System (IDS)

Which of the following is an example of an administrative control?

Encryption
Security Incident Response Plan
Biometric Authentication
Network Segmentation

In the context of governance, risk, and compliance, which of the following is an example of a preventive control?

Security Awareness Training
Incident Response Plan
Security Audit
Intrusion Detection System (IDS)

Which of the following is an example of a preventive control for securing physical access to a restricted area?

Security Guards
Biometric Authentication
Video Surveillance
Security Incident Response Plan

In the context of governance, risk, and compliance, which of the following is an example of a detective control?

Security Awareness Training
Firewall
Security Incident Response Plan
Intrusion Detection System (IDS)

Which of the following is an example of a detective control used for monitoring and analyzing security events?

Access Control Lists (ACLs)
Security Awareness Training
Security Information and Event Management (SIEM)
Encryption

In the context of governance, risk, and compliance, which of the following is an example of a corrective control?

Data Backup and Recovery
Security Incident Response Plan
Intrusion Detection System (IDS)
Security Awareness Training

Which of the following is an example of a corrective control for addressing vulnerabilities and applying security patches?

Security Audit
Change Management
Vulnerability Assessment
Security Incident Response Plan

In the context of governance, risk, and compliance, which of the following is an example of a deterrent control?

Security Awareness Training
Intrusion Detection System (IDS)
Access Control Lists (ACLs)
Security Guards

Which of the following is an example of a deterrent control to prevent unauthorized physical access to a restricted area?

CCTV Surveillance
Encryption
Security Incident Response Plan
Biometric Authentication

In the context of governance, risk, and compliance, which of the following is an example of a compensating control?

Security Awareness Training
Firewall
Intrusion Detection System (IDS)
Multi-factor Authentication (MFA)

Which of the following is an example of a compensating control for mitigating the risk of unauthorized data access in a cloud environment?

Data Encryption
Security Incident Response Plan
Third-party Audits
Physical Access Controls

Which of the following is an example of a physical control for securing server rooms or data centers?

Firewalls
Security Cameras
Security Incident Response Plan
Data Encryption

Which of the following best describes the importance of applicable regulations, standards, or frameworks in relation to organizational security posture?

They provide guidelines for physical security measures.
They ensure compliance with software development practices.
They help establish a baseline for implementing security controls.
They dictate the specific encryption algorithms to be used.

Why are regulations, standards, or frameworks important for organizations in relation to cybersecurity?

They define the company's acceptable use policy.
They ensure the organization's financial stability.
They facilitate international collaboration on cybersecurity issues.
They provide a common language and approach for cybersecurity.

Which of the following best describes the importance of the General Data Protection Regulation (GDPR) in relation to organizational security posture?

It ensures compliance with physical security measures.
It provides guidelines for secure software development practices.
It establishes requirements for data protection and privacy.
It specifies the encryption algorithms to be used for data storage.

Why is compliance with the General Data Protection Regulation (GDPR) important for organizations?

It protects organizations from cybersecurity incidents.
It ensures the security of physical infrastructure.
It fosters customer trust and data privacy rights.
It reduces the cost of data storage and processing.

Why are national, territory, or state laws important for organizations in relation to cybersecurity?

They ensure the physical security of organizational assets
They protect organizations from cybersecurity incidents.
They establish legal requirements for data protection and privacy.
They specify the technical controls to be implemented by organizations.

Which of the following best describes the significance of complying with national, territory, or state laws in relation to organizational security posture?

It ensures international collaboration on cybersecurity issues.
It establishes standardized security practices across industries.
It helps organizations demonstrate legal and regulatory compliance.
It reduces the complexity of cybersecurity governance frameworks.

Why is compliance with the Payment Card Industry Data Security Standard (PCI DSS) important for organizations?

It ensures the physical security of payment card terminals.
It establishes guidelines for secure software development practices.
It helps protect cardholder data and prevents payment card fraud.
It specifies the encryption algorithms to be used for data transmission.

Which of the following is a key framework that helps organizations establish and maintain effective cybersecurity practices?

Health Insurance Portability and Accountability Act (HIPAA)
International Organization for Standardization (ISO) 27001
Federal Information Security Management Act (FISMA)
Family Educational Rights and Privacy Act (FERPA)

Which of the following frameworks is commonly used to manage cybersecurity risks associated with industrial control systems (ICS)?

Health Information Trust Alliance (HITRUST)
Control Objectives for Information and Related Technologies (COBIT)
National Institute of Standards and Technology (NIST) Cybersecurity Framework
Center for Internet Security (CIS) Controls

Which of the following best describes the importance of the Center for Internet Security (CIS) framework in relation to organizational security posture?

It provides guidelines for securing industrial control systems (ICS).
It ensures compliance with international privacy laws.
It focuses on securing cloud-based environments.
It establishes standards for physical access controls.

Why is the Center for Internet Security (CIS) framework important for organizations?

It helps organizations achieve compliance with industry-specific regulations.
It reduces the complexity of incident response procedures.
It provides guidelines for securing wireless network infrastructure.
It ensures the availability of web-based applications.

Why is the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) important for organizations?

It provides guidelines for physical security controls.
It ensures compliance with industry-specific regulations.
It establishes a framework for managing cybersecurity risks.
It focuses on securing cloud-based environments.

Which of the following best describes the significance of the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) for organizations?

It establishes a set of technical security controls.
It ensures compliance with international privacy laws.
It provides a risk-based approach to cybersecurity.
It focuses on securing wireless network infrastructure.

Why is the International Organization for Standardization (ISO) 27001 important for organizations?

It focuses on securing wireless network infrastructure.
It ensures compliance with industry-specific regulations.
It provides a framework for information security management.
It establishes guidelines for physical access controls.

Which of the following best describes the importance of ISO 31000 for organizations?

It ensures compliance with international privacy laws.
It provides guidelines for securing industrial control systems (ICS).
It establishes a framework for enterprise risk management.
It focuses on securing cloud-based environments.

Why is the SSAE SOC 2 Type I/II framework important for organizations?

It ensures compliance with international privacy laws.
It focuses on securing wireless network infrastructure.
It provides assurance regarding the security and privacy of service organizations.
It establishes a framework for physical security controls.

Why is the Cloud Security Alliance (CSA) framework important for organizations?

It focuses on securing physical access controls.
It ensures compliance with industry-specific regulations.
It provides guidelines for secure cloud adoption and implementation.
It establishes a risk management framework for organizations.

Why is the Cloud Control Matrix (CCM) framework important for organizations?

It ensures compliance with international privacy laws.
It focuses on securing physical access controls.
It provides a comprehensive set of security controls for cloud environments.
It establishes guidelines for securing wireless network infrastructure.

Why is a reference architecture framework important for organizations?

It ensures compliance with international privacy laws.
It provides a standardized blueprint for implementing security controls.
It focuses on securing physical infrastructure within data centers.
It establishes guidelines for securing wireless network infrastructure

Why are benchmarks important for organizations?

They ensure compliance with industry-specific regulations.
They provide a standardized framework for risk assessment.
They focus on securing physical access controls.
They establish guidelines for securing wireless network infrastructure.

Which of the following best describes the significance of benchmarks for organizations?

They ensure compliance with international privacy laws.
They provide a baseline for measuring security performance.
They focus on securing data at rest and in transit.
They establish guidelines for securing cloud-based environments.

Which of the following best describes the importance of securing organizational assets?

It ensures compliance with industry regulations.
It safeguards sensitive customer information.
It focuses on securing physical infrastructure.
It establishes guidelines for securing wireless networks.

Why is it important to implement secure coding practices in software development?

It ensures compliance with international privacy laws.
It mitigates the risk of software vulnerabilities and exploits.
It focuses on securing physical access controls.
It establishes guidelines for securing cloud-based environments.

Why are platform/vendor-specific guides important for organizations?

They ensure compliance with international privacy laws.
They provide step-by-step instructions for implementing security controls.
They focus on securing physical access controls.
They establish guidelines for securing wireless network infrastructure.

What is the significance of platform/vendor-specific guides for organizations?

They ensure compliance with industry-specific regulations.
They provide tailored security recommendations for specific technologies.
They focus on securing data at rest and in transit.
They establish guidelines for securing cloud-based environments.

Why are platform/vendor-specific guides for web servers important for organizations?

They ensure compliance with international privacy laws.
They provide guidance on securing physical access controls.
They offer tailored recommendations for securing web server technologies.
They establish guidelines for securing wireless network infrastructure.

CompTIA Security+ (SY0-601) Practice Exam Pack

Simulator Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

16. Question

17. Question

18. Question

19. Question

20. Question

21. Question

22. Question

23. Question

24. Question

25. Question

26. Question

27. Question

28. Question

29. Question

30. Question

31. Question

32. Question

33. Question

34. Question

35. Question

36. Question

37. Question

38. Question

39. Question

40. Question

41. Question

42. Question

43. Question

44. Question

45. Question

46. Question

47. Question

48. Question

49. Question

50. Question