Skip to content

Module 3 Graded Quiz: Understanding Cybersecurity Laws and Regulations :Cybersecurity Compliance Framework, Standards & Regulations (IBM Cybersecurity Analyst Professional Certificate) Answers 2025

1. Question 1

A financial institution reviewing how customer data is shared should focus on:

  • ❌ Consumer Protection Act

  • Gramm-Leach-Bliley Act (GLBA)

  • ❌ Patriot Act

  • ❌ Cybersecurity Enhancement Act

Explanation:
GLBA requires financial institutions to explain how they share and protect customers’ personal information.

2. Question 2

Which act protects student education records?

  • ❌ USA FREEDOM Act

  • Family Educational Rights and Privacy Act (FERPA)

  • ❌ SOX

  • ❌ HIPAA

Explanation:
FERPA governs privacy of student records and limits access to them.

3. Question 3

Encrypting and controlling access to electronic health information relates to:

  • ❌ Physical safeguards

  • ❌ Administrative safeguards

  • ❌ Privacy rule

  • Security rule

Explanation:
HIPAA Security Rule governs protection of electronic PHI (ePHI), including access control and encryption.

4. Question 4

Training staff on PHI handling and conducting risk assessments relates to:

  • Administrative safeguards

  • ❌ Technical safeguards

  • ❌ Physical safeguards

  • ❌ Privacy safeguards

Explanation:
Administrative safeguards include policies, training, and risk assessments.

5. Question 5

Identifying vulnerabilities in ePHI protection is:

  • ❌ Encrypting ePHI

  • ❌ Policies & procedures

  • Conducting regular risk assessments

  • ❌ Staff training

Explanation:
Risk assessments help identify and mitigate potential vulnerabilities.

6. Question 6

Which regulation requires explicit consent before processing personal data?

  • GDPR

  • ❌ PIPEDA

  • ❌ CCPA

  • ❌ China Cybersecurity Law

Explanation:
GDPR has strict consent requirements, including explicit opt-in.

7. Question 7

When must a company appoint a GDPR DPO?

  • ❌ Based outside EU

  • When processing sensitive data on a large scale

  • ❌ Only when dealing with EU residents

  • ❌ All companies regardless of size

Explanation:
Large-scale processing of sensitive data or monitoring triggers the mandatory DPO requirement.

8. Question 8

First step to comply with international cybersecurity requirements:

  • ❌ Appoint DPO

  • Understand the specific requirements of each jurisdiction

  • ❌ Develop protection strategy

  • ❌ Implement encryption

Explanation:
You must know the rules before you can design a compliant program.

9. Question 9

Which law governs personal data handling in Canada?

  • ❌ GDPR

  • ❌ Data Protection Act 2018

  • PIPEDA

  • ❌ NIS Directive

Explanation:
PIPEDA applies to private-sector organizations operating in Canada.

10. Question 10

UK retailer targeting Australian consumers must comply with:

  • ❌ PCI DSS

  • Privacy Act 1988 (Australia)

  • ❌ GDPR

  • ❌ Data Protection Act 2018

Explanation:
Australia’s Privacy Act governs handling of Australian citizens’ personal data.

🧾 Summary Table

Q Correct Answer Key Concept
1 GLBA Financial data privacy
2 FERPA Student record protection
3 Security Rule ePHI safeguards
4 Administrative safeguards HIPAA training & risk mgmt
5 Risk assessments Vulnerability identification
6 GDPR Explicit consent
7 Large-scale sensitive data DPO requirement
8 Understand jurisdiction laws First compliance step
9 PIPEDA Canadian privacy law
10 Privacy Act 1988 Australian data protection