CSL Study Guide 2026
Everything you need to pass the CSL exam in one place: the exam format, every topic to study, real practice questions with explanations, flashcards, and full-length practice tests. Free, no sign-up needed.
📋 CSL Exam Format at a Glance
📚 CSL Topics to Study (22)
✍️ Sample CSL Questions & Answers
1. What is a Master Service Agreement (MSA) in the context of cybersecurity vendor relationships?
An MSA is a foundational contract establishing overall terms governing a long-term vendor relationship, with individual Statements of Work (SOWs) addressing specific projects or services.
2. Which rule of the Federal Rules of Civil Procedure specifically addresses electronically stored information (ESI) in discovery?
Rule 26(b) governs the scope of discovery and includes specific provisions for ESI, including proportionality and preservation obligations.
3. What due diligence process should companies conduct before engaging a cybersecurity vendor?
Proper vendor due diligence includes reviewing security certifications (SOC 2, ISO 27001), security questionnaires, financial stability, past breach history, and reference checks before contracting.
4. Which international treaty requires member nations to provide legal protections for technological protection measures similar to the DMCA?
The WIPO Copyright Treaty of 1996 requires signatories to provide adequate legal protection against circumvention of technological protection measures.
5. China's Cybersecurity Law (CSL) of 2017 requires operators of 'critical information infrastructure' to store data locally within China. This type of requirement is known as:
Data localization requirements mandate that certain categories of data be stored and processed within national borders, affecting multinational companies' cloud strategies.
6. Under the Federal Trade Commission Act, what does the FTC consider 'reasonable security' for companies handling consumer data?
The FTC applies a flexible reasonableness standard that considers the company's resources, the nature of its data, and the cost and availability of security tools.