BIS310
Compliance & Security Management
Final Exam Review (Qns & Ans)
2025
Multiple Choice Questions
Which of the following frameworks is primarily used for
managing data privacy in information systems?
A. NIST
B. GDPR
C. ISO 27001
©2025
,D. COBIT ANS: B. GDPR Rationale: GDPR (General Data
Protection Regulation) is specifically aimed at data privacy
protection in the EU.
Which of the following is not a component of the CIA triad in
information security?
A. Confidentiality
B. Integrity
C. Accessibility
D. Availability ANS: C. Accessibility Rationale: The CIA triad
comprises Confidentiality, Integrity, and Availability, not
Accessibility.
What does the acronym SIEM stand for in security management?
A. Security Incident and Emergency Management
B. Security Information and Event Management
C. Security Intelligence and Evaluation Management
D. System Information and Event Management ANS: B. Security
Information and Event Management Rationale: SIEM refers to a
solution that aggregates and analyzes security data from across
the organization.
Which of the following is considered an external threat to an
organization’s information security?
©2025
, A. Insider threats
B. Malware
C. Software bugs
D. Human error ANS: B. Malware Rationale: Malware is an
external threat originating from outside the organization.
What is the primary goal of the Sarbanes-Oxley Act (SOX)?
A. To protect consumer privacy
B. To improve data access times
C. To ensure financial transparency
D. To maintain competitive advantage ANS: C. To ensure
financial transparency Rationale: SOX was enacted to increase the
accuracy and reliability of corporate disclosures.
Fill-in-the-Blank Questions
The process of identifying, assessing, and prioritizing risks is
known as __________.
ANS: Risk Management
Rationale: Risk management involves systematic risk assessment
and prioritization.
In information security management, a __________ is a
formalized set of policies and guidelines that dictate how an
organization will protect its information assets.
©2025
Compliance & Security Management
Final Exam Review (Qns & Ans)
2025
Multiple Choice Questions
Which of the following frameworks is primarily used for
managing data privacy in information systems?
A. NIST
B. GDPR
C. ISO 27001
©2025
,D. COBIT ANS: B. GDPR Rationale: GDPR (General Data
Protection Regulation) is specifically aimed at data privacy
protection in the EU.
Which of the following is not a component of the CIA triad in
information security?
A. Confidentiality
B. Integrity
C. Accessibility
D. Availability ANS: C. Accessibility Rationale: The CIA triad
comprises Confidentiality, Integrity, and Availability, not
Accessibility.
What does the acronym SIEM stand for in security management?
A. Security Incident and Emergency Management
B. Security Information and Event Management
C. Security Intelligence and Evaluation Management
D. System Information and Event Management ANS: B. Security
Information and Event Management Rationale: SIEM refers to a
solution that aggregates and analyzes security data from across
the organization.
Which of the following is considered an external threat to an
organization’s information security?
©2025
, A. Insider threats
B. Malware
C. Software bugs
D. Human error ANS: B. Malware Rationale: Malware is an
external threat originating from outside the organization.
What is the primary goal of the Sarbanes-Oxley Act (SOX)?
A. To protect consumer privacy
B. To improve data access times
C. To ensure financial transparency
D. To maintain competitive advantage ANS: C. To ensure
financial transparency Rationale: SOX was enacted to increase the
accuracy and reliability of corporate disclosures.
Fill-in-the-Blank Questions
The process of identifying, assessing, and prioritizing risks is
known as __________.
ANS: Risk Management
Rationale: Risk management involves systematic risk assessment
and prioritization.
In information security management, a __________ is a
formalized set of policies and guidelines that dictate how an
organization will protect its information assets.
©2025
