ISC2 ISSMP Domain 6: Law, Ethics and Security Compliance Management Welcome to your ISC2 ISSMP Domain 6: Law, Ethics and Security Compliance Management 1. ISSMP: Law Ethics and Security Compliance Management Which of the following best describes the primary purpose of the General Data Protection Regulation (GDPR)? A. To enhance cyber security defenses within the European Union. B. To standardize data protection laws across all European Union member states. C. To regulate the export of personal data outside the EU and EEA areas. D. To provide a framework for global financial transactions. None 2. ISSMP: Law Ethics and Security Compliance Management What does the principle of "minimum necessary use" under the Health Insurance Portability and Accountability Act (HIPA A. entail? A) Ensuring that healthcare data is encrypted at all times. B. Limiting personal health information access to the minimum necessary to perform a job. C. Guaranteeing that all healthcare employees receive data protection training. D. Mandating regular audits of health information systems. None 3. ISSMP: Law Ethics and Security Compliance Management Which legislation primarily governs the security of electronic transactions and signatures in the United States? A. The Sarbanes-Oxley Act B. The Electronic Signatures in Global and National Commerce Act (E-SIGN) C. The Computer Fraud and Abuse Act D. The Federal Information Security Management Act (FISMA) None 4. ISSMP: Law Ethics and Security Compliance Management In the context of information security, which international standard provides guidelines for an Information Security Management System (ISMS)? A. ISO 27001 B. ISO 9001 C. ISO 31000 D. ISO 14001 None 5. ISSMP: Law Ethics and Security Compliance Management What is the primary focus of the Payment Card Industry Data Security Standard (PCI DSS)? A. To ensure the security of electronic health records. B. To protect cardholder data and ensure the secure processing of credit card transactions. C. To standardize information security across all federal information systems except those related to national security. D. To regulate the international exchange of digital information. None 6. ISSMP: Law Ethics and Security Compliance Management Which of the following best describes the primary objective of the Children's Online Privacy Protection Act (COPP A. A) To protect children under the age of 13 from online exploitation. B. To encrypt children's data on the internet. C. To monitor and regulate online transactions made by children. D. To ensure educational content is prioritized in children's search results. None 7. ISSMP: Law Ethics and Security Compliance Management Under which circumstances can a company be held liable for non-compliance with the Sarbanes-Oxley Act? A. When it fails to conduct annual fire safety inspections. B. When it does not provide digital security training to all employees. C. If it lacks an environmental sustainability policy. D. If it fails to accurately report financial information and maintain adequate internal controls. None 8. ISSMP: Law Ethics and Security Compliance Management What is the primary purpose of conducting a Privacy Impact Assessment (PI A. A) To evaluate the environmental impact of a company's data centers. B. To assess the effectiveness of an organization's marketing strategies. C. To identify and mitigate privacy risks in projects and systems processing personal information. D. To ensure compliance with international trade laws. None 9. ISSMP: Law Ethics and Security Compliance Management Which regulation mandates that U.S. federal agencies develop, document, and implement an agency-wide program to secure their information and information systems? A. The Health Insurance Portability and Accountability Act (HIPAA) B. The Federal Information Security Management Act (FISMA) C. The General Data Protection Regulation (GDPR) D. The Cybersecurity Information Sharing Act (CISA) None 10. ISSMP: Law Ethics and Security Compliance Management What is the main focus of the "right to be forgotten" as it relates to online data under the GDPR? A. The right of individuals to have outdated or inaccurate personal data removed from search engine results. B. The obligation of companies to encrypt all stored personal data. C. The requirement for websites to include cookie consent forms on all pages. D. The mandate for businesses to publicly disclose all data breaches within 72 hours. None 11. ISSMP: Law Ethics and Security Compliance Management In information security, what is the primary ethical concern associated with "backdoor" access to software and systems? A. It can enhance the efficiency of system maintenance. B. It may violate user privacy and trust by allowing unauthorized access. C. It increases the transparency of data processing activities. D. It ensures compliance with open-source software licenses. None 12. ISSMP: Law Ethics and Security Compliance Management Which of the following is a key requirement of the "due diligence" process in information security management? A. Conducting regular performance appraisals for IT staff B. Ensuring that third-party vendors comply with relevant security standards and regulations C. Implementing a mandatory dress code for all employees accessing secure facilities D. Posting security notices on all entrances to data centers None 13. ISSMP: Law Ethics and Security Compliance Management What legal doctrine is primarily concerned with the responsibilities of organizations to protect data from unauthorized access or disclosure? A. Duty of Care B. Prudent Man Rule C. Safe Harbor Provisions D. Negligence Standard None 14. ISSMP: Law Ethics and Security Compliance Management Under which circumstances does the "principle of proportionality" apply in the context of cybersecurity law? A. When determining the appropriate level of security controls based on the sensitivity of data B. In allocating budget resources for IT departments C. During the recruitment process for security personnel D. When deciding on the physical location of data centers None 15. ISSMP: Law Ethics and Security Compliance Management Which international agreement is focused on cybercrime and electronic evidence? A. The Budapest Convention B. The Paris Agreement C. The Tallinn Manual D. The BRICS Cybersecurity Pact None 16. ISSMP: Law Ethics and Security Compliance Management What is the primary focus of the "need to know" principle in information security? A. Limiting information access to individuals who require it to perform their job functions B. Ensuring all employees are aware of the company's security policies C. Mandating regular security training for IT staff D. Guaranteeing that external stakeholders receive timely security updates None 17. ISSMP: Law Ethics and Security Compliance Management In the context of security compliance, what is the primary purpose of a "Data Protection Impact Assessment" (DPI A. A) To evaluate the financial impact of a data breach B. To assess the privacy risks associated with processing personal data C. To determine the market value of stored data D. To calculate the storage costs of data retention None 18. ISSMP: Law Ethics and Security Compliance Management What concept is primarily concerned with ensuring that electronic contracts are as legally binding as paper-based contracts? A. Digital Signature Law B. Uniform Electronic Transactions Act (UETA) C. Online Consumer Protection Act D. Electronic Document Security Standard (EDSS) None 19. ISSMP: Law Ethics and Security Compliance Management Which regulation requires financial institutions in the United States to explain their information-sharing practices to their customers and to safeguard sensitive data? A. The Gramm-Leach-Bliley Act (GLBA) B. The Federal Information Security Management Act (FISMA) C. The Dodd-Frank Wall Street Reform and Consumer Protection Act D. The Fair Credit Reporting Act (FCRA) None 20. ISSMP: Law Ethics and Security Compliance Management Which ethical framework in cybersecurity focuses on the outcome or consequence of actions rather than the actions themselves? A. Deontological Ethics B. Virtue Ethics C. Utilitarianism D. Contractarianism None 1 out of 20 Time is Up! Time's up
