CyberVista Governance, Risk, and Compliance Questions and Answers

Question 1

An organization is conducting a risk assessment and uses descriptive ratings such as 'High,' 'Medium,' and 'Low' to evaluate the likelihood and impact of identified risks based on expert judgment and experience.
What type of risk assessment is being performed?

Accepted Answer

Qualitative

Answer

Quantitative

Answer

Hybrid

Answer

Ad-hoc

Question 2

Which of the following BEST describes the primary purpose of a Business Impact Analysis (BIA) within a GRC framework?

Accepted Answer

To identify critical business functions and determine the potential effects of a disruption to those functions.

Answer

To identify and catalog all organizational assets and their monetary value.

Answer

To select and implement specific security controls to mitigate threats.

Answer

To assign roles and responsibilities for the incident response team.

Question 3

A global company is looking to implement a comprehensive framework that is primarily focused on IT governance and aligning IT processes with business goals to deliver value. Which of the following frameworks would be the MOST appropriate choice?

Accepted Answer

COBIT (Control Objectives for Information and Related Technologies)

Answer

ISO/IEC 27001

Answer

NIST Cybersecurity Framework (CSF)

Answer

CIS Controls

Question 4

Within a cybersecurity governance structure, what is the hierarchical relationship between policies, standards, and procedures?

Accepted Answer

Standards and policies are interchangeable, while procedures describe the technology used.

Answer

Standards are high-level goals, which are implemented by policies and detailed in procedures.

Answer

Procedures are high-level statements, which are supported by standards and enforced by policies.

Answer

Policies are high-level statements of intent, supported by mandatory standards, which are implemented through step-by-step procedures.

Question 5

A U.S.-based e-commerce company processes data for customers in California and the European Union. A key difference in their compliance obligations between CCPA and GDPR relates to the basis for processing personal data. Which statement accurately describes this difference?

Accepted Answer

GDPR requires a specific legal basis (like consent) for processing, while CCPA operates on an 'opt-out' model.

Answer

Both regulations require an 'opt-in' consent model before collecting any user data.

Answer

CCPA requires a legal basis for processing, while GDPR allows processing by default.

Answer

Both regulations have identical requirements for data breach notifications, making consent models similar.

Question 6

An organization has identified a risk to its data center from a potential long-term power outage. The organization decides to purchase a contract with a third-party provider for a fully equipped disaster recovery site. Which risk treatment strategy is being employed?

Accepted Answer

Risk Transference

Answer

Risk Acceptance

Answer

Risk Avoidance

Answer

Risk Mitigation

An organization is conducting a risk assessment and uses descriptive ratings such as 'High,' 'Medium,' and 'Low' to evaluate the likelihood and impact of identified risks based on expert judgment and experience.What type of risk assessment is being performed?

An organization is conducting a risk assessment and uses descriptive ratings such as 'High,' 'Medium,' and 'Low' to evaluate the likelihood and impact of identified risks based on expert judgment and experience.
What type of risk assessment is being performed?