1. Which security framework is commonly used by CISOs to establish an information security management system (ISMS)?
ISO 27001
COBIT
NIST CSF
ITIL
✅ Correct Answer: ISO 27001
2. What is the primary role of a Chief Information Security Officer (CISO) in an organization?
Develop and implement security strategies
Configure firewalls and network devices
Perform vulnerability scans and penetration tests
Write code for secure applications
✅ Correct Answer: Develop and implement security strategies
3. Which risk management strategy involves transferring risk to a third party, such as an insurance provider?
Risk Transfer
Risk Avoidance
Risk Mitigation
Risk Acceptance
✅ Correct Answer: Risk Transfer
4. Which regulation requires organizations to protect the personal data of European Union citizens?
GDPR
HIPAA
PCI DSS
SOX
✅ Correct Answer: GDPR
5. What is the primary purpose of a security policy in an organization?
To define security guidelines and procedures
To monitor network traffic
To block unauthorized access
To detect malware
✅ Correct Answer: To define security guidelines and procedures
6. Which framework focuses on improving IT governance and management?
COBIT
ISO 27001
NIST CSF
ITIL
✅ Correct Answer: COBIT
7. What is the primary goal of a risk assessment in cybersecurity?
To identify and evaluate potential risks
To exploit vulnerabilities
To configure firewalls
To monitor network traffic
✅ Correct Answer: To identify and evaluate potential risks
8. Which regulation is specific to the healthcare industry in the United States?
HIPAA
GDPR
PCI DSS
SOX
✅ Correct Answer: HIPAA
9. What is the purpose of a Business Impact Analysis (BIA)?
To assess the impact of disruptions on business operations
To identify vulnerabilities in IT systems
To monitor network traffic
To configure firewalls
✅ Correct Answer: To assess the impact of disruptions on business operations
10. Which framework provides guidelines for improving critical infrastructure cybersecurity?
NIST CSF
ISO 27001
COBIT
ITIL
✅ Correct Answer: NIST CSF
11. What is the primary purpose of an Incident Response Plan (IRP)?
To respond to and manage security incidents
To monitor network traffic
To block unauthorized access
To detect malware
✅ Correct Answer: To respond to and manage security incidents
12. Which regulation is focused on protecting financial data and transactions?
PCI DSS
GDPR
HIPAA
SOX
✅ Correct Answer: PCI DSS
13. What is the primary goal of a security awareness training program?
To educate employees about security risks and best practices
To monitor network traffic
To block unauthorized access
To detect malware
✅ Correct Answer: To educate employees about security risks and best practices
14. Which framework is used for IT service management and improving service delivery?
ITIL
ISO 27001
COBIT
NIST CSF
✅ Correct Answer: ITIL
15. What is the primary purpose of a disaster recovery plan (DRP)?
To restore IT systems and operations after a disruption
To monitor network traffic
To block unauthorized access
To detect malware
✅ Correct Answer: To restore IT systems and operations after a disruption
16. Which regulation requires public companies to ensure the accuracy of financial reporting?
SOX
GDPR
HIPAA
PCI DSS
✅ Correct Answer: SOX
17. What is the primary goal of a vulnerability management program?
To identify and remediate security weaknesses
To monitor network traffic
To block unauthorized access
To detect malware
✅ Correct Answer: To identify and remediate security weaknesses
18. Which framework provides a risk-based approach to managing cybersecurity?
NIST CSF
ISO 27001
COBIT
ITIL
✅ Correct Answer: NIST CSF
19. What is the primary purpose of a data classification policy?
To categorize data based on sensitivity and importance
To monitor network traffic
To block unauthorized access
To detect malware
✅ Correct Answer: To categorize data based on sensitivity and importance
20. Which regulation is focused on protecting the privacy of student educational records?
FERPA
GDPR
HIPAA
PCI DSS
✅ Correct Answer: FERPA
21. Which framework provides guidelines for implementing a risk management program?
ISO 31000
PCI DSS
GDPR
SOX
✅ Correct Answer: ISO 31000
22. What is the primary purpose of a security governance framework?
To align security with business objectives
To configure firewalls
To perform vulnerability scans
To develop secure code
✅ Correct Answer: To align security with business objectives
23. Which regulation requires financial institutions to protect customer information?
GLBA
HIPAA
FERPA
FISMA
✅ Correct Answer: GLBA
24. What is the primary goal of a third-party risk management program?
To assess vendor security risks
To negotiate lower prices
To standardize contracts
To improve service delivery
✅ Correct Answer: To assess vendor security risks
25. Which security leadership skill is most critical for a CISO?
Stakeholder communication
Firewall configuration
Penetration testing
Malware analysis
✅ Correct Answer: Stakeholder communication
26. What is the primary purpose of a security metrics program?
To measure security effectiveness
To configure IDS rules
To perform code reviews
To manage firewalls
✅ Correct Answer: To measure security effectiveness
27. Which framework focuses on cloud security controls?
CSA CCM
NIST CSF
ISO 27001
COBIT
✅ Correct Answer: CSA CCM
28. What is the primary purpose of a security awareness program?
To reduce human risk factors
To configure network devices
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To reduce human risk factors
29. Which regulation applies to publicly traded companies in the US?
SOX
HIPAA
GDPR
PCI DSS
✅ Correct Answer: SOX
30. What is the primary purpose of a business continuity plan?
To maintain critical operations during disruptions
To configure firewalls
To perform penetration tests
To develop secure applications
✅ Correct Answer: To maintain critical operations during disruptions
31. Which framework provides privacy control guidelines?
ISO 27701
NIST SP 800-53
COBIT
ITIL
✅ Correct Answer: ISO 27701
32. What is the primary purpose of a security architecture framework?
To design secure systems
To perform vulnerability scans
To configure firewalls
To manage incidents
✅ Correct Answer: To design secure systems
33. Which regulation applies to educational institutions in the US?
FERPA
HIPAA
GLBA
SOX
✅ Correct Answer: FERPA
34. What is the primary purpose of a security operations center (SOC)?
To monitor and respond to threats
To develop security policies
To configure network devices
To perform code reviews
✅ Correct Answer: To monitor and respond to threats
35. Which framework focuses on security controls for federal systems?
NIST SP 800-53
ISO 27001
COBIT
ITIL
✅ Correct Answer: NIST SP 800-53
36. What is the primary purpose of a vulnerability management program?
To identify and remediate weaknesses
To configure firewalls
To develop security policies
To manage user access
✅ Correct Answer: To identify and remediate weaknesses
37. Which regulation applies to defense contractors in the US?
DFARS
HIPAA
GLBA
FERPA
✅ Correct Answer: DFARS
38. What is the primary purpose of a data classification policy?
To protect information based on sensitivity
To configure network devices
To perform penetration tests
To develop secure code
✅ Correct Answer: To protect information based on sensitivity
39. Which framework focuses on security for industrial control systems?
NIST SP 800-82
ISO 27001
COBIT
ITIL
✅ Correct Answer: NIST SP 800-82
40. What is the primary purpose of an identity and access management program?
To control user permissions
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To control user permissions
41. Which regulation applies to credit card transactions?
PCI DSS
HIPAA
GLBA
FERPA
✅ Correct Answer: PCI DSS
42. What is the primary purpose of a security audit?
To verify compliance with policies
To configure network devices
To perform penetration tests
To develop secure applications
✅ Correct Answer: To verify compliance with policies
43. Which framework focuses on security for healthcare organizations?
HITRUST CSF
NIST CSF
ISO 27001
COBIT
✅ Correct Answer: HITRUST CSF
44. What is the primary purpose of a security awareness training program?
To educate employees about risks
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To educate employees about risks
45. Which regulation applies to US government agencies?
FISMA
HIPAA
GLBA
FERPA
✅ Correct Answer: FISMA
46. What is the primary purpose of a security risk assessment?
To identify and prioritize risks
To configure network devices
To perform penetration tests
To develop secure code
✅ Correct Answer: To identify and prioritize risks
47. Which framework focuses on security for financial institutions?
FFIEC
NIST CSF
ISO 27001
COBIT
✅ Correct Answer: FFIEC
48. What is the primary purpose of a security policy framework?
To establish security requirements
To configure firewalls
To perform vulnerability scans
To develop secure applications
✅ Correct Answer: To establish security requirements
49. Which regulation applies to California residents' data privacy?
CCPA
GDPR
HIPAA
GLBA
✅ Correct Answer: CCPA
50. What is the primary purpose of a security compliance program?
To meet regulatory requirements
To configure network devices
To perform penetration tests
To develop secure code
✅ Correct Answer: To meet regulatory requirements
51. Which framework focuses on security for payment systems?
PCI DSS
NIST CSF
ISO 27001
COBIT
✅ Correct Answer: PCI DSS
52. What is the primary purpose of a security training program?
To develop security skills
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To develop security skills
53. Which regulation applies to New York financial services companies?
NYDFS
HIPAA
GLBA
FERPA
✅ Correct Answer: NYDFS
54. What is the primary purpose of a security maturity assessment?
To evaluate security program effectiveness
To configure network devices
To perform penetration tests
To develop secure applications
✅ Correct Answer: To evaluate security program effectiveness
55. Which framework focuses on security for critical infrastructure?
NIST CSF
ISO 27001
COBIT
ITIL
✅ Correct Answer: NIST CSF
56. What is the primary purpose of a security incident response plan?
To manage security breaches
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To manage security breaches
57. Which regulation applies to telecommunications carriers in the US?
CALEA
HIPAA
GLBA
FERPA
✅ Correct Answer: CALEA
58. What is the primary purpose of a security architecture review?
To identify design weaknesses
To configure network devices
To perform penetration tests
To develop secure code
✅ Correct Answer: To identify design weaknesses
59. Which framework focuses on security for service providers?
SOC 2
NIST CSF
ISO 27001
COBIT
✅ Correct Answer: SOC 2
60. What is the primary purpose of a security awareness campaign?
To reinforce security behaviors
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To reinforce security behaviors
61. Which regulation applies to chemical facilities in the US?
CFATS
HIPAA
GLBA
FERPA
✅ Correct Answer: CFATS
62. What is the primary purpose of a security risk register?
To track and manage risks
To configure network devices
To perform penetration tests
To develop secure applications
✅ Correct Answer: To track and manage risks
63. Which framework focuses on security for cloud computing?
CSA STAR
NIST CSF
ISO 27001
COBIT
✅ Correct Answer: CSA STAR
64. What is the primary purpose of a security baseline?
To establish minimum security standards
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To establish minimum security standards
65. Which regulation applies to nuclear facilities in the US?
NRC RG 5.71
HIPAA
GLBA
FERPA
✅ Correct Answer: NRC RG 5.71
66. What is the primary purpose of a security control framework?
To standardize security measures
To configure network devices
To perform penetration tests
To develop secure code
✅ Correct Answer: To standardize security measures
67. Which framework focuses on security for supply chains?
NIST SP 800-161
ISO 27001
COBIT
ITIL
✅ Correct Answer: NIST SP 800-161
68. What is the primary purpose of a security metrics dashboard?
To visualize security performance
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To visualize security performance
69. Which regulation applies to maritime facilities in the US?
MTSA
HIPAA
GLBA
FERPA
✅ Correct Answer: MTSA
70. What is the primary purpose of a security gap analysis?
To identify program deficiencies
To configure network devices
To perform penetration tests
To develop secure applications
✅ Correct Answer: To identify program deficiencies
71. Which framework focuses on security for small businesses?
CIS Controls
NIST CSF
ISO 27001
COBIT
✅ Correct Answer: CIS Controls
72. What is the primary purpose of a security steering committee?
To oversee security strategy
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To oversee security strategy
73. Which regulation applies to federal contractors in the US?
NIST SP 800-171
HIPAA
GLBA
FERPA
✅ Correct Answer: NIST SP 800-171
74. What is the primary purpose of a security budget plan?
To allocate security resources
To configure network devices
To perform penetration tests
To develop secure code
✅ Correct Answer: To allocate security resources
75. Which framework focuses on security for mobile devices?
NIST SP 800-124
ISO 27001
COBIT
ITIL
✅ Correct Answer: NIST SP 800-124
76. What is the primary purpose of a security roadmap?
To plan security initiatives
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To plan security initiatives
77. Which regulation applies to US government cloud services?
FedRAMP
HIPAA
GLBA
FERPA
✅ Correct Answer: FedRAMP
78. What is the primary purpose of a security awareness survey?
To measure security knowledge
To configure network devices
To perform penetration tests
To develop secure applications
✅ Correct Answer: To measure security knowledge
79. Which framework focuses on security for IoT devices?
NIST IR 8259
ISO 27001
COBIT
ITIL
✅ Correct Answer: NIST IR 8259
80. What is the primary purpose of a security organizational chart?
To define security roles
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To define security roles
81. Which regulation applies to US defense industrial base?
CMMC
HIPAA
GLBA
FERPA
✅ Correct Answer: CMMC
82. What is the primary purpose of a security job description?
To define security responsibilities
To configure network devices
To perform penetration tests
To develop secure code
✅ Correct Answer: To define security responsibilities
83. Which framework focuses on security for artificial intelligence?
NIST AI RMF
ISO 27001
COBIT
ITIL
✅ Correct Answer: NIST AI RMF
84. What is the primary purpose of a security performance review?
To evaluate security staff
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To evaluate security staff
85. Which regulation applies to US healthcare clearinghouses?
HIPAA
GLBA
FERPA
SOX
✅ Correct Answer: HIPAA
86. What is the primary purpose of a security skills matrix?
To identify training needs
To configure network devices
To perform penetration tests
To develop secure applications
✅ Correct Answer: To identify training needs
87. Which framework focuses on security for software development?
SSDF
NIST CSF
ISO 27001
COBIT
✅ Correct Answer: SSDF
88. What is the primary purpose of a security career path?
To retain security talent
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To retain security talent
89. Which regulation applies to US financial market utilities?
SEC Reg SCI
HIPAA
GLBA
FERPA
✅ Correct Answer: SEC Reg SCI
90. What is the primary purpose of a security mentorship program?
To develop security leaders
To configure network devices
To perform penetration tests
To develop secure code
✅ Correct Answer: To develop security leaders
91. Which framework focuses on security for operational technology?
IEC 62443
NIST CSF
ISO 27001
COBIT
✅ Correct Answer: IEC 62443
92. What is the primary purpose of a security succession plan?
To ensure leadership continuity
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To ensure leadership continuity
93. Which regulation applies to US pipeline systems?
TSA Pipeline Security
HIPAA
GLBA
FERPA
✅ Correct Answer: TSA Pipeline Security
94. What is the primary purpose of a security knowledge base?
To share security information
To configure network devices
To perform penetration tests
To develop secure applications
✅ Correct Answer: To share security information
95. Which framework focuses on security for privacy management?
ISO 27701
NIST CSF
COBIT
ITIL
✅ Correct Answer: ISO 27701
96. What is the primary purpose of a security lessons learned review?
To improve future performance
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To improve future performance
97. Which regulation applies to US water treatment facilities?
AWIA
HIPAA
GLBA
FERPA
✅ Correct Answer: AWIA
98. What is the primary purpose of a security innovation program?
To adopt new security technologies
To configure network devices
To perform penetration tests
To develop security policies
✅ Correct Answer: To adopt new security technologies
99. Which framework focuses on security for identity management?
NIST SP 800-63
ISO 27001
COBIT
ITIL
✅ Correct Answer: NIST SP 800-63
100. What is the primary purpose of a security recognition program?
To motivate security staff
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To motivate security staff
101. Which regulation applies to US rail transit systems?
TSA Rail Security
HIPAA
GLBA
FERPA
✅ Correct Answer: TSA Rail Security
102. What is the primary purpose of a security benchmarking program?
To compare against industry standards
To configure network devices
To perform penetration tests
To develop secure applications
✅ Correct Answer: To compare against industry standards
103. Which framework focuses on security for endpoint protection?
CIS Benchmarks
NIST CSF
ISO 27001
COBIT
✅ Correct Answer: CIS Benchmarks
104. What is the primary purpose of a security automation program?
To improve efficiency
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To improve efficiency
105. Which regulation applies to US aviation systems?
TSA Aviation Security
HIPAA
GLBA
FERPA
✅ Correct Answer: TSA Aviation Security
106. What is the primary purpose of a security collaboration program?
To share threat intelligence
To configure network devices
To perform penetration tests
To develop secure code
✅ Correct Answer: To share threat intelligence
107. Which framework focuses on security for containerization?
NIST SP 800-190
ISO 27001
COBIT
ITIL
✅ Correct Answer: NIST SP 800-190
108. What is the primary purpose of a security certification program?
To validate security skills
To configure firewalls
To perform vulnerability scans
To develop security policies
✅ Correct Answer: To validate security skills
109. Which regulation applies to US surface transportation?
TSA Surface Security
HIPAA
GLBA
FERPA
✅ Correct Answer: TSA Surface Security
110. What is the primary purpose of a security professional development program?
To advance security careers
To configure network devices
To perform penetration tests
To develop secure applications
✅ Correct Answer: To advance security careers
The Eccouncil 712 50 Ec Council Certified Ciso certification is a globally recognized credential for IT professionals.
This practice test helps you prepare by covering key topics like hardware, networking, troubleshooting, and security.
Want more practice? Check out our other mock exams: