Compliance and Auditing IT Compliance and Security 2

Question 1

What is a 'system security plan' (SSP) required by FISMA?

Accepted Answer

A formal document that provides an overview of security requirements and describes the controls in place

Answer

A disaster recovery plan for IT systems

Answer

An incident response playbook

Answer

A network architecture diagram

Question 2

Which process under NIST RMF involves selecting and implementing security controls?

Accepted Answer

Select and Implement

Answer

Categorize

Answer

Assess

Answer

Authorize

Question 3

What is a 'vulnerability scan' primarily used for in IT compliance?

Accepted Answer

Automatically identifying known security weaknesses in systems and software

Answer

Monitoring employee internet usage

Answer

Testing disaster recovery procedures

Answer

Analyzing network traffic patterns

Question 4

What is 'patch management' as an IT compliance control?

Accepted Answer

The systematic process of identifying, acquiring, testing, and deploying software updates to fix vulnerabilities

Answer

Managing software licensing agreements

Answer

Patching physical damage to IT equipment

Answer

Managing network configuration changes

Question 5

In cybersecurity compliance, what is a 'Security Information and Event Management' (SIEM) system used for?

Accepted Answer

Collecting and analyzing security event logs to detect threats and support compliance reporting

Answer

Managing employee security awareness training

Answer

Encrypting sensitive data transmissions

Answer

Managing digital certificates

Question 6

What is the purpose of a 'data loss prevention' (DLP) solution in compliance programs?

Accepted Answer

Detecting and preventing unauthorized transmission or exfiltration of sensitive data

Answer

Recovering deleted files from backups

Answer

Encrypting data stored in databases

Answer

Managing data retention schedules