CPA ISC Missed MCQs Exam With
100% Correct Answers
1. Which of the following framework functions in the Privacy Framework Core best describes
the function that would include categories such as identity management, authentication, and
access control, as well as data security? - CORRECT ANSWER✔✔Protect
2. Which of the following framework functions in the Privacy Framework Core best describes
how the organization should drive dialogue around privacy risks related to data processing
activities? - CORRECT ANSWER✔✔Communicate
3. Which of the following organizations would most likely be considered a covered entity under
the Health Insurance and Portability Act (HIPAA)? - CORRECT ANSWER✔✔A business
specializing in physical therapy for patients with knee and back issues, coordinating with each
patients' primary physician
4. TampCorp is an organization based out of Italy specializing in the data processing of third-
party human resources data. TampCorp collects the human resource data on all clients and
houses the information on company servers located in northern Italy, but the processing is
conducted remotely from the United States. Which of the following best describes TampCorp's
application of general data protection regulation (GDPR)? - CORRECT ANSWER✔✔TampCorp
must comply with GDPR
5. Which CIS Control best describes using processes and tools to create, align, manage, and
revoke access credentials and privileges for user, administrator and service accounts for
enterprise assets and software? - CORRECT ANSWER✔✔Control 6: Access Control Management
6. Which CIS Control best describes the establishment of a program to develop and maintain
policies, plans, procedures, defined roles, training, and communication to prepare, detect, and
quickly react to an attack? - CORRECT ANSWER✔✔Incident Response Management
, 7. Under the COBIT core model, which of the following groups of objectives would best be
classified as Build, Acquire, and Implement (BAI)? - CORRECT ANSWER✔✔Managed knowledge,
managed organizational change, and managed availability and capacity
8. Each of the following objectives falls within the domain Monitor, Evaluate, and Assess (MEA),
except for the following? - CORRECT ANSWER✔✔Managed problems
9. Each of the following are components of the governance system except which of the
following? - CORRECT ANSWER✔✔External stakeholders, culture, and competencies
10. A piece of hardware that connects devices within a network by reading and converting
protocols so that traffic can be transmitted across those devices is most likely which of the
following network components? - CORRECT ANSWER✔✔Gateway
11. Which of the following best describes a benefit of using a cloud service provider (CSP)? -
CORRECT ANSWER✔✔Redundancy and the ability to recover from a disaster is improved
12. Gibbs Energy Inc. is a power producer and distribution network operator that runs a power
grid which generates, transmits, and distributes power to customers. These core business
functions require a large amount of computing power to run highly customized software
applications. These applications often require modifications to the operating system. Since the
usage of energy and computing power varies, Gibbs rents servers, storage, and firewalls from a
cloud service provider (CSP). What type of CSP does Gibbs most likely use? - CORRECT
ANSWER✔✔Infrastructure-as-a-Service
13. A cloud service provider's vision is to provide reliable and consistent network connectivity
for all customers. Part of its corporate strategy for achieving that is heavily reliant on all of the
following except: - CORRECT ANSWER✔✔Utilizing a community cloud deployment model
100% Correct Answers
1. Which of the following framework functions in the Privacy Framework Core best describes
the function that would include categories such as identity management, authentication, and
access control, as well as data security? - CORRECT ANSWER✔✔Protect
2. Which of the following framework functions in the Privacy Framework Core best describes
how the organization should drive dialogue around privacy risks related to data processing
activities? - CORRECT ANSWER✔✔Communicate
3. Which of the following organizations would most likely be considered a covered entity under
the Health Insurance and Portability Act (HIPAA)? - CORRECT ANSWER✔✔A business
specializing in physical therapy for patients with knee and back issues, coordinating with each
patients' primary physician
4. TampCorp is an organization based out of Italy specializing in the data processing of third-
party human resources data. TampCorp collects the human resource data on all clients and
houses the information on company servers located in northern Italy, but the processing is
conducted remotely from the United States. Which of the following best describes TampCorp's
application of general data protection regulation (GDPR)? - CORRECT ANSWER✔✔TampCorp
must comply with GDPR
5. Which CIS Control best describes using processes and tools to create, align, manage, and
revoke access credentials and privileges for user, administrator and service accounts for
enterprise assets and software? - CORRECT ANSWER✔✔Control 6: Access Control Management
6. Which CIS Control best describes the establishment of a program to develop and maintain
policies, plans, procedures, defined roles, training, and communication to prepare, detect, and
quickly react to an attack? - CORRECT ANSWER✔✔Incident Response Management
, 7. Under the COBIT core model, which of the following groups of objectives would best be
classified as Build, Acquire, and Implement (BAI)? - CORRECT ANSWER✔✔Managed knowledge,
managed organizational change, and managed availability and capacity
8. Each of the following objectives falls within the domain Monitor, Evaluate, and Assess (MEA),
except for the following? - CORRECT ANSWER✔✔Managed problems
9. Each of the following are components of the governance system except which of the
following? - CORRECT ANSWER✔✔External stakeholders, culture, and competencies
10. A piece of hardware that connects devices within a network by reading and converting
protocols so that traffic can be transmitted across those devices is most likely which of the
following network components? - CORRECT ANSWER✔✔Gateway
11. Which of the following best describes a benefit of using a cloud service provider (CSP)? -
CORRECT ANSWER✔✔Redundancy and the ability to recover from a disaster is improved
12. Gibbs Energy Inc. is a power producer and distribution network operator that runs a power
grid which generates, transmits, and distributes power to customers. These core business
functions require a large amount of computing power to run highly customized software
applications. These applications often require modifications to the operating system. Since the
usage of energy and computing power varies, Gibbs rents servers, storage, and firewalls from a
cloud service provider (CSP). What type of CSP does Gibbs most likely use? - CORRECT
ANSWER✔✔Infrastructure-as-a-Service
13. A cloud service provider's vision is to provide reliable and consistent network connectivity
for all customers. Part of its corporate strategy for achieving that is heavily reliant on all of the
following except: - CORRECT ANSWER✔✔Utilizing a community cloud deployment model
