- web.groovymark@gmail.com
- November 28, 2024
Question 41
Which of the following describes the legal requirement under GDPR for organizations to notify individuals in the event of a data breach?
A. Purpose Limitation
B. Data Minimization
C. Data Breach Notification
D. Integrity and Confidentiality
Correct Answer: C. Data Breach Notification
Explanation: GDPR requires organizations to notify individuals in the event of a data breach that affects their personal data. Purpose Limitation and Data Minimization are principles for data use and collection, while Integrity and Confidentiality protect data.
Question 42
Which of the following describes an isolated environment for testing and development to prevent security issues from affecting production systems?
A. Sandbox
B. Encryption
C. Multi-Factor Authentication (MFA)
D. Virtual Private Network (VPN)
Correct Answer: A. Sandbox
Explanation: A Sandbox is an isolated environment used for testing and development to prevent potential security issues from affecting production systems. Encryption protects data, MFA strengthens access control, and VPN secures network communications.
Question 43
Which operational activity involves the continuous monitoring of security events and incident detection?
A. Security Information and Event Management (SIEM)
B. Incident Management
C. Disaster Recovery
D. Configuration Management
Correct Answer: A. Security Information and Event Management (SIEM)
Explanation: SIEM involves continuous monitoring and analysis of security events to detect and respond to incidents. Incident Management addresses immediate issues, Disaster Recovery focuses on restoring services after a disruption, and Configuration Management ensures systems are configured correctly.
Question 44
Which scenario-based risk analysis evaluates how specific risks could impact business operations?
A. Scenario Analysis
B. Business Impact Analysis (BIA)
C. Risk Mitigation
D. Risk Transference
Correct Answer: A. Scenario Analysis
Explanation: Scenario Analysis evaluates how specific risks could impact business operations by considering different risk scenarios. BIA assesses the impact on business functions, Risk Mitigation reduces risks, and Risk Transference shifts risks to another party.
Question 45
Which regulation requires organizations to implement security controls to protect electronic health records (EHRs)?
A. Gramm-Leach-Bliley Act (GLBA)
B. Sarbanes-Oxley Act (SOX)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. General Data Protection Regulation (GDPR)
Correct Answer: C. Health Insurance Portability and Accountability Act (HIPAA)
Explanation: HIPAA requires organizations to implement security controls to protect electronic health records (EHRs). GLBA and SOX address financial information, and GDPR focuses on personal data protection in the EU.
Question 46
Which security technology is most effective for ensuring that only authorized devices can connect to a cloud network?
A. Network Access Control (NAC)
B. Virtual Private Network (VPN)
C. Web Application Firewall (WAF)
D. Intrusion Detection System (IDS)
Correct Answer: A. Network Access Control (NAC)
Explanation: NAC ensures that only authorized devices can connect to a network by enforcing security policies at the point of entry. VPN secures remote access, WAF protects web applications, and IDS detects unauthorized access, but NAC specifically controls device access.
Question 47
Which process involves the regular review and adjustment of cloud resources to ensure optimal performance and cost-efficiency?
A. Capacity Management
B. Change Management
C. Incident Management
D. Service Level Management
Correct Answer: A. Capacity Management
Explanation: Capacity Management involves regularly reviewing and adjusting cloud resources to ensure they are used efficiently and meet demand. Change Management controls modifications, Incident Management addresses issues, and Service Level Management ensures service agreements are met.
Question 48
Which risk management strategy is used when an organization takes no action to mitigate or transfer a risk and chooses to accept the potential consequences?
A. Risk Avoidance
B. Risk Acceptance
C. Risk Mitigation
D. Risk Transference
Correct Answer: B. Risk Acceptance
Explanation: Risk Acceptance occurs when an organization chooses to take no action to mitigate or transfer a risk, instead accepting the potential consequences. Risk Avoidance eliminates the risk, Risk Mitigation reduces it, and Risk Transference shifts it to another party.
Question 49
Which U.S. regulation is specifically designed to protect the privacy and security of health information?
A. Health Insurance Portability and Accountability Act (HIPAA)
B. General Data Protection Regulation (GDPR)
C. Payment Card Industry Data Security Standard (PCI DSS)
D. Sarbanes-Oxley Act (SOX)
Correct Answer: A. Health Insurance Portability and Accountability Act (HIPAA)
Explanation: HIPAA is designed to protect the privacy and security of health information in the U.S. SOX focuses on corporate financial practices, GDPR on personal data protection in the EU, and PCI DSS on payment card security.
Question 50
Which cloud security measure involves creating an isolated environment for testing and development to prevent potential security issues from affecting production systems?
A. Sandbox
B. Encryption
C. Multi-Factor Authentication (MFA)
D. Virtual Private Network (VPN)
Correct Answer: A. Sandbox
Explanation: A Sandbox is an isolated environment used for testing and development to prevent potential security issues from affecting production systems. Encryption protects data, MFA strengthens access control, and VPN secures network communications.