Skip to content

Module 1 Graded Quiz: Introduction to Information Security and Compliance :Cybersecurity Compliance Framework, Standards & Regulations (IBM Cybersecurity Analyst Professional Certificate) Answers 2025

1. Question 1

Which policy sets standards for how technology resources should be used?

  • ❌ Disaster recovery plans

  • ❌ Business continuity plans

  • Acceptable Use Policies (AUP)

  • ❌ Information security policies

Explanation:
An AUP defines what users can and cannot do with organizational IT resources.

2. Question 2

NIST CSF component where risks, assets, and threats are understood:

  • ❌ Protect

  • ❌ Detect

  • Identify

  • ❌ Govern

Explanation:
The Identify function builds understanding of assets, risks, and environment.

3. Question 3

CSF component where goals, strategy, policies, duties, and supply chain risks are defined:

  • ❌ Recover

  • ❌ Respond

  • Govern

  • ❌ Identify

Explanation:
“Govern” is the planning and oversight component in NIST CSF 2.0.

4. Question 4

When should a backout plan be created?

  • ❌ After a breach

  • ❌ Not necessary

  • ❌ After implementation

  • Before the change is implemented

Explanation:
A rollback plan must exist in advance in case the change fails.

5. Question 5

National considerations for international organizations:

  • ❌ Geopolitical risks

  • Laws, regulations, and cultural norms of a particular country

  • ❌ Industry-specific regulations

  • ❌ Legal implications of policies

Explanation:
National laws and cultural expectations must be followed to operate legally and ethically.

6. Question 6

How does standardization help network configuration?

  • Ensures straightforward troubleshooting and maintenance

  • ❌ Helps uniform vulnerability assessment

  • ❌ Minimizes unauthorized access

  • ❌ Ensures personnel stay current

Explanation:
Standardizing configuration reduces complexity and makes systems easier to support.

7. Question 7

Benefit of automation that solves repetitive task overload:

  • ❌ Standard infrastructure configurations

  • ❌ Enforcing baselines

  • ❌ Secure scaling

  • Efficiency and time saving

Explanation:
Automation removes manual repetitive tasks, increasing productivity and speed.

8. Question 8

Why documentation is necessary in change management:

  • ❌ For new employees only

  • ❌ To increase paper usage

  • ❌ Legal requirement everywhere

  • For historical records and evidence of compliance

Explanation:
Documentation allows auditing, accountability, and learning from past changes.

9. Question 9

Secure destruction method for permanent data erasure:

  • ❌ Chemical destruction

  • ❌ Physical destruction

  • ❌ Electromagnetic destruction

  • Degaussing

Explanation:
Degaussing destroys magnetic fields on storage media, permanently erasing data.

10. Question 10

Asset tracking method that predicts future needs:

  • ❌ Reconciliation processes

  • ❌ Asset tagging

  • ❌ Inventory management software

  • Asset lifecycle tracking

Explanation:
Lifecycle tracking helps forecast replacement cycles and budget planning.

🧾 Summary Table

Q Correct Answer Key Concept
1 AUP Acceptable use
2 Identify NIST CSF risk understanding
3 Govern Strategy, planning, policies
4 Before implementation Backout plan timing
5 National laws & norms Global compliance
6 Easier troubleshooting Standardization
7 Efficiency & time saving Automation benefit
8 Historical records & compliance Documentation
9 Degaussing Data destruction
10 Asset lifecycle tracking Forecasting needs