Skip to content

Module 4 Graded Quiz: Understanding Cybersecurity Standards and Audits :Cybersecurity Compliance Framework, Standards & Regulations (IBM Cybersecurity Analyst Professional Certificate) Answers 2025

1. Question 1

Protocol essential for secure web browsing:

  • SSL/TLS

  • ❌ TCP/IP

  • ❌ SATA

  • ❌ HDMI

Explanation:
TLS (formerly SSL) encrypts communication between the browser and server.

2. Question 2

Purpose of OWASP SAMM:

  • ❌ Define secure coding practices

  • ❌ Recommend encryption algorithms

  • Improve the security posture of software practices

  • ❌ Create penetration testing framework

Explanation:
SAMM helps organizations assess and improve software security maturity.

3. Question 3

Framework NIST offers for improving cybersecurity posture:

  • NIST Cybersecurity Framework (CSF)

  • ❌ IEEE 802.11

  • ❌ OWASP Top 10

  • ❌ ISO/IEC 27000

Explanation:
NIST CSF is widely used for risk-based cybersecurity improvements.

4. Question 4

NIST framework for RMF (Risk Management Framework):

  • ❌ NIST SP 800-30

  • ❌ NIST SP 800-53

  • ❌ NIST CSF

  • NIST SP 800-37

Explanation:
SP 800-37 defines the steps of the Risk Management Framework.

5. Question 5

Audit essential in highly regulated industries:

  • ❌ Self-assessments

  • ❌ Penetration testing

  • ❌ Internal audits

  • Compliance audits

Explanation:
Regulated industries must prove compliance with laws and standards.

6. Question 6

Purpose of penetration testing:

  • ❌ Review legal requirements

  • ❌ Evaluate performance

  • Simulate attacks on systems

  • ❌ Assess data protection policies

Explanation:
Pen tests identify vulnerabilities by imitating real attackers.

7. Question 7

COBIT primarily assists with:

  • Evaluating IT risks and aligning IT with business objectives

  • ❌ Financial advice

  • ❌ Certifications

  • ❌ Community engagement

Explanation:
COBIT is a governance framework for IT management and control.

8. Question 8

Val IT framework focuses on:

  • ❌ Cybersecurity audit methodology

  • ❌ Reducing IT resource waste

  • ❌ Continuous improvement tools

  • Monitoring and evaluating IT investment success

Explanation:
Val IT ensures organizations get value from IT investments.

9. Question 9

SOC 2 component assessing protection of sensitive information:

  • ❌ Processing integrity

  • ❌ Security

  • ❌ Availability

  • Confidentiality

Explanation:
Confidentiality ensures sensitive information is protected against unauthorized access.

10. Question 10

SOC report intended for public dissemination:

  • SOC 3

  • ❌ SOC 4 (not standard)

  • ❌ SOC 2

  • ❌ SOC 1

Explanation:
SOC 3 provides a general-use summary of SOC 2 findings.

🧾 Summary Table

Q Correct Answer Key Concept
1 SSL/TLS Secure web browsing
2 Improve software security maturity SAMM
3 NIST CSF Cybersecurity guidance
4 NIST SP 800-37 RMF
5 Compliance audits Regulated industries
6 Simulate attacks Pen testing
7 IT risk & business alignment COBIT
8 Evaluate IT investment value Val IT
9 Confidentiality SOC 2
10 SOC 3 Public report