Q1. Which regulatory standard applies to healthcare data protection? (Q-627fe2)
- A.PCI DSS
- B.HIPAA✓ Correct
- C.GDPR
- D.SOX
Explanation: HIPAA governs healthcare data security in the U.S. Learn more.
CompTIA CySA+ Practice Questions: Compliance
9 free, exam-style CompTIA CySA+ (CS0-003) practice questions covering Compliance. Each question shows the correct answer and a clear explanation. Ready for the real thing? Take the full timed quiz below.
Q2. Which compliance framework applies to credit card data? (Q-627fe8)
- A.HIPAA
- B.PCI DSS✓ Correct
- C.GDPR
- D.FISMA
Explanation: PCI DSS protects cardholder data. Learn more.
Q3. What does PII stand for? (Q-627fef)
- A.Personal Internet Identifier
- B.Protected Information Integrity
- C.Personally Identifiable Information✓ Correct
- D.Public Infrastructure Information
Explanation: PII is data that can identify an individual. Learn more.
Q4. What is the purpose of a non-disclosure agreement (NDA) in security? (Q-627ff2)
- A.To prevent data breaches
- B.To legally protect confidential information✓ Correct
- C.To document firewall rules
- D.To automate patching
Explanation: NDAs legally bind parties to confidentiality. Learn more.
Q5. Which compliance standard applies to EU data protection? (Q-924458)
- A.HIPAA
- B.GDPR✓ Correct
- C.PCI DSS
- D.SOX
Explanation: GDPR (General Data Protection Regulation) protects EU citizens' data. Learn more.
Q6. Which compliance framework applies to U.S. federal agencies? (Q-924469)
- A.PCI DSS
- B.HIPAA
- C.FISMA✓ Correct
- D.GDPR
Explanation: FISMA (Federal Information Security Management Act) governs federal systems. Learn more.
Q7. Which compliance standard applies to financial reporting? (Q-924479)
- A.HIPAA
- B.SOX✓ Correct
- C.GDPR
- D.PCI DSS
Explanation: SOX (Sarbanes-Oxley Act) governs financial reporting integrity. Learn more.
Q8. What is the PRIMARY purpose of the NIST Privacy Framework? (Q-628033)
- A.To encrypt all personal data
- B.To manage privacy risks alongside cybersecurity✓ Correct
- C.To block international data transfers
- D.To replace GDPR requirements
Explanation: The NIST Privacy Framework helps organizations align privacy controls with security practices. Learn more.
Q9. What is the purpose of a legal hold during an investigation?
- A.Preserve potentially relevant records from alteration or deletion✓ Correct
- B.Authorize vulnerability scanning
- C.Reset all user passwords
- D.Publish a public advisory
Explanation: A legal hold suspends normal deletion or alteration for records that may be needed in legal or regulatory proceedings. Learn more.
More CompTIA CySA+ practice topics
- Security Operations (64)
- Threat Management (53)
- Cloud Security (45)
- Incident Response (44)
- Security Operations and Monitoring (32)
- Access Control (21)
- Network Security (18)
- Risk Management (17)
- Software Security (16)
- Data Security (14)
- Vulnerability Management (11)
- Cryptography (10)
- Threat Intelligence (9)
- Threat Detection (7)
- Threat and Vulnerability Management (5)
- More Practice Questions (15)
- All CompTIA CySA+ topics →