2026/2027: 90 Practice Questions with
Answers - Cybersecurity Certification
Preparation
Description:
Master your 2026/2027 cybersecurity exam with 90 professionally crafted multiple-choice
questions covering HIPAA, GDPR, Zero Trust, Cloud Security, Incident Response, and
Emerging Threats. Complete with detailed explanations and answer keys. Perfect for
CISSP, Security+, and university-level information assurance preparation.
Download the Complete 2026/2027 Information Security Exam Paper - Your Gateway to
Certification Success!
, Security+ Practice Exam 2026/2027 | 90 Questions
SECTION A: LEGAL, REGULATORY, AND COMPLIANCE FRAMEWORKS
Question 1
Which federal law mandates that all healthcare-related organizations must protect the
personally identifiable information (PII) of patients and implement safeguards against
unauthorized access to medical records?
A. FERPA
B. GLBA
C. HIPAA
D. FISMA
Answer: C
Explanation: The Health Insurance Portability and Accountability Act (HIPAA) establishes
national standards for protecting sensitive patient health information. It requires covered
entities and their business associates to implement administrative, physical, and technical
safeguards to ensure the confidentiality, integrity, and availability of protected health
information (PHI). FERPA protects student education records, GLBA governs financial
institutions' handling of customer data, and FISMA focuses on federal government
information security.
Question 2
The Payment Card Industry Data Security Standard (PCI DSS) serves which primary purpose
within the financial services sector?
A. Regulating investment banking practices and securities trading
B. Establishing accountability for credit card data breaches among merchants and banks
C. Protecting student financial aid information in educational institutions
D. Mandating cybersecurity training for all banking employees
Answer: B
Explanation: PCI DSS is a comprehensive set of security standards designed to ensure that
all organizations that process, store, or transmit credit card information maintain a secure
environment. The standard holds merchants, processors, acquirers, issuers, and service
,providers accountable for protecting cardholder data through mandatory compliance
requirements, regular assessments, and security controls.
Question 3
What distinguishes the Family Educational Rights and Privacy Act (FERPA) from other
federal privacy regulations?
A. FERPA only applies to private educational institutions
B. FERPA specifically addresses the protection of student education records and their
disclosure
C. FERPA mandates data breach notification within 72 hours
D. FERPA applies exclusively to K-12 educational settings
Answer: B
Explanation: FERPA is a federal law that specifically protects the privacy of student
education records and provides parents and eligible students with certain rights regarding
these records. Unlike HIPAA or GLBA, FERPA focuses exclusively on educational
institutions that receive funds from the U.S. Department of Education. It governs who can
access student records, under what circumstances disclosure is permitted, and requires written
consent for most disclosures of personally identifiable information.
Question 4
Which federal law establishes mandatory requirements for protecting government
information, operations, and assets against security threats?
A. Gramm-Leach-Bliley Act (GLBA)
B. Federal Information Security Management Act (FISMA)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. Sarbanes-Oxley Act (SOX)
Answer: B
Explanation: FISMA was developed to protect government information, operations, and
assets against security threats through comprehensive risk management frameworks. It
requires federal agencies to implement information security programs, conduct annual
reviews, report on compliance, and align with NIST standards. FISMA applies to all federal
, agencies and their contractors, establishing baseline security requirements and continuous
monitoring obligations.
Question 5
The Occupational Safety and Health Administration (OSHA) and the National Fire Protection
Association (NFPA) both contribute to workplace safety through:
A. Mandating specific software security controls for all organizations
B. Establishing standards that help create safe environments and prevent accidents
C. Providing cybersecurity certifications for IT professionals
D. Regulating financial data protection requirements
Answer: B
Explanation: OSHA enforces workplace safety regulations and provides guidance to
employers, while NFPA develops codes and standards (including NFPA 70E for electrical
safety and NFPA 1600 for disaster recovery) to help organizations create safe environments.
Both organizations focus on physical and occupational safety, complementing each other
through regulations (OSHA) and consensus-based standards (NFPA).
Question 6
Safety Data Sheets (SDS) are required documentation that identifies potential hazards
associated with chemical products. What significant change occurred when transitioning from
Material Safety Data Sheets (MSDS) to SDS?
A. SDS eliminated the requirement for chemical hazard identification
B. SDS standardized the format and content across 16 sections globally
C. SDS only applies to biological hazards, not chemical substances
D. SDS reduced the number of required hazard communication sections
Answer: B
Explanation: The transition from MSDS to SDS resulted from the adoption of the Globally
Harmonized System (GHS) for classifying and labeling chemicals. SDS features a
standardized 16-section format that ensures consistency across manufacturers and
jurisdictions worldwide. This standardization improves hazard communication, facilitates
international trade, and makes safety information more accessible and understandable to
workers.