CISSP CISSP Legal and Compliance 2

Question 1

What does the term 'due diligence' mean in the context of information security governance?

Accepted Answer

Investigating and verifying security practices before entering a business relationship

Answer

Implementing security controls after a breach occurs

Answer

Conducting annual security awareness training

Answer

Following the minimum legal requirements for data protection

Question 2

Which US law requires publicly traded companies to maintain accurate financial records and internal controls, with CISOs often accountable for IT controls?

Accepted Answer

SOX (Sarbanes-Oxley Act)

Answer

GLBA

Answer

FISMA

Answer

COPPA

Question 3

Under the EU GDPR, what is the maximum fine for the most serious violations?

Accepted Answer

€20 million or 4% of global annual turnover

Answer

€10 million or 2% of global annual turnover

Answer

€50 million or 5% of global annual turnover

Answer

$100 million flat fine

Question 4

What is the main purpose of a privacy impact assessment (PIA)?

Accepted Answer

To identify and mitigate privacy risks before deploying new systems or processes

Answer

To document all data breaches over the past year

Answer

To verify compliance with PCI DSS requirements

Answer

To classify all data assets by sensitivity level

Question 5

Which regulation governs the security and privacy of student education records in the US?

Accepted Answer

FERPA

Answer

HIPAA

Answer

COPPA

Answer

GLBA

Question 6

What is the primary purpose of intellectual property (IP) law in information security?

Accepted Answer

To grant exclusive rights over creative works and inventions, protecting them from unauthorized use

Answer

To protect organizations from data breaches

Answer

To regulate how organizations collect customer data

Answer

To establish criminal penalties for hacking