Application Security
GRC
Privacy
Information Security
Audit
100

What common vulnerability could allow an attacker to execute arbitrary SQL code on a database?

What is SQL Injection?

100

What does GRC stand for in the context of information security?


What is Governance, Risk Management, and Compliance?

100

What regulation requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states?

What is the General Data Protection Regulation (GDPR)?

100

What term describes measures taken to protect a computer or computer system against unauthorized access or attack?

What is Information Security?

100

What assesses the effectiveness of a company's internal controls?

What is an IT audit?

200

Name a security mechanism for detecting and preventing external attacks on web applications by inspecting HTTP traffic.

What is a Web Application Firewall (WAF)?

200

 Name the process of identifying, assessing, and prioritizing risks followed by coordinated application of resources to minimize, monitor, and control the probability or impact of unfortunate events.

What is Risk Management?

200

 Name the U.S. law that protects the privacy of children under the age of 13 online.

What is the Children's Online Privacy Protection Act (COPPA)?

200

Name the process of encoding information in such a way that only authorized parties can access it.

What is Encryption?

200

The acronym ISACA is used to abbreviate this full name of this professional organization.

What is the Information Systems Audit and Control Association?

300

What principle minimizes privacy risks by limiting personal data collection, storage, and usage to what is strictly necessary for its intended purpose?

What is Data Minimization?

300

 What framework aims to align IT infrastructure with business objectives while managing risks and resource optimization?

What is COBIT (Control Objectives for Information and Related Technologies)?

300

Identify the regulation that provides data privacy and security protections for health information in the United States.


 What is the Health Insurance Portability and Accountability Act (HIPAA)?


300

 What is a systematic approach called that is used to manage an organization's sensitive data, ensuring it is securely protected?

What is Data Governance?

300

Which process aims to ensure that financial statements are accurate?

What is Financial Audit?

400

Describe an attack that exploits vulnerabilities in the process of exchanging information between users and web services.

What is Cross-Site Request Forgery (CSRF)?

400

Identify the act that requires U.S. public companies to maintain accurate financial records and adequate internal controls.

What is the Sarbanes-Oxley Act (SOX)?

400

Describe the California state statute that aims to enhance privacy rights and consumer protection for residents of California.

What is the California Consumer Privacy Act (CCPA)?

400

Identify the practice of sending fraudulent communications that appear to come from a reputable source, typically via email, to steal sensitive data like credit card numbers and login information.

What is Phishing?

400

What evaluates the safety and soundness of computer systems?

What is a Security Audit?

500

 Identify the security model that focuses on ensuring that data policies are adhered to based on user attributes rather than on predefined roles.

What is Attribute-Based Access Control (ABAC)?

500

Describe the international standard that provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System (ISMS).

What is ISO/IEC 27001?

500

This regulation stipulates the principle of "the right to be forgotten" as it pertains to a consumer's right to have personal data deleted from a company's records upon request?


What is the General Data Protection Regulation or GDPR?

500

Describe the methodology that involves an attacker attempting to overload a system with a flood of internet traffic.

What is a Distributed Denial of Service (DDoS) attack?

500

What principle prevents one person from having control over all aspects of a financial transaction?

What is Segregation of Duties?

M
e
n
u