1.   What is an information security standard for organizations that handle credit cards?
    A.     International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) Standard 27001
    B.     General Data Protection Regulation (GDPR)
    C.     Payment Card Industry Data Security Standard (PCI DSS)
    D.     National Institute of Standards and Technology Risk Management Framework (NIST RMF)

2.   What is a cyber security framework that U.S. federal government agencies have to follow? It has a six-step process for organizations to manage information security risk.
    A.     National Institute of Standards and Technology Risk Management Framework (NIST RMF)
    B.     Statement on Standards for Attestation Engagements Service Organization Control (SSAE SOC) 2 Type II
    C.     Center for Internet Security Critical Security Controls (CIS CSC)
    D.     General Data Protection Regulation (GDPR)

3.   Company management wants to make sure that the company is implementing the CIA (confidentiality, integrity, and availability) triad to protect and utilize the company’s data. Management also wants to make sure the company is following international cybersecurity standards. What security standard MOST fulfills these requirements?
    A.     General Data Protection Regulation (GDPR)
    B.     National Institute of Standards and Technology Cybersecurity Framework (NIST CSF)
    C.     Payment Card Industry Data Security Standard (PCI DSS)
    D.     International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) Standard 27001

4.   A College is setting up an e-commerce function on our website. The Chancellor wants to make sure that people can buy Leeward CC apparel using a credit card. Which of the following standards are we MOST likely to use?
    A.     International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) Standard 27001
    B.     National Institute of Standards and Technology Risk Management Framework (NIST RMF)
    C.     Payment Card Industry Data Security Standard (PCI DSS)
    D.     General Data Protection Regulation (GDPR)

5.   What is a worldwide, nonprofit organization that strives to make the world a safer place by developing best practices for cyber defense?
    A.     National Institute of Standards and Technology (NIST)
    B.     General Data Protection Regulation (GDPR)
    C.     Service Organization Control (SOC)
    D.     Center for Internet Security (CIS)

6.   This international standard provides best practices on risk management for organizations.
    A.     International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) Standard 27002
    B.     International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) Standard 31000
    C.     International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) Standard 27701
    D.     International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) Standard 27001

7.   What is a structure used to provide a foundation?
    A.     Framework
    B.     Law
    C.     Standard
    D.     Regulation

8.   What is the process of securing a system by reducing its surface of vulnerability?
    A.     Auditing
    B.     Keeping the default configuration
    C.     Cloud Controls Matrix (CCM)
    D.     Hardening

9.   This international standard is for managing PII (Personally Identifiable Information).
    A.     International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) Standard 27002
    B.     International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) Standard 27701
    C.     International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) Standard 27001
    D.     International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) Standard 31000

10.   What is one of the main steps to harden operating systems?
    A.     Only have it communicate to the web server and database server
    B.     Secure configuration of user accounts
    C.     Disable browsing directories
    D.     Restrict who can access it