1 | Page
CPA ISC Missed MCQs Exam
Questions with Correct Answers latest
1. Which of the following framework functions in the
Privacy Framework Core best describes the function that
would include categories such as identity management,
authentication, and access control, as well as data
security? Ans: Protect
2. Which of the following framework functions in the
Privacy Framework Core best describes how the
organization should drive dialogue around privacy risks
related to data processing activities? Ans: Communicate
3. Which of the following organizations would most likely
be considered a covered entity under the Health
Insurance and Portability Act (HIPAA)? Ans: A business
specializing in physical therapy for patients with knee
and back issues, coordinating with each patients' primary
physician
4. TampCorp is an organization based out of Italy
specializing in the data processing of third-party human
resources data. TampCorp collects the human resource
data on all clients and houses the information on
company servers located in northern Italy, but the
processing is conducted remotely from the United States.
Which of the following best describes TampCorp's
application of general data protection regulation (GDPR)?
Ans: TampCorp must comply with GDPR
© 2025 All rights reserved
, 2 | Page
5. Which CIS Control best describes using processes and
tools to create, align, manage, and revoke access
credentials and privileges for user, administrator and
service accounts for enterprise assets and software? Ans:
Control 6: Access Control Management
6. Which CIS Control best describes the establishment of
a program to develop and maintain policies, plans,
procedures, defined roles, training, and communication
to prepare, detect, and quickly react to an attack? Ans:
Incident Response Management
7. Under the COBIT core model, which of the following
groups of objectives would best be classified as Build,
Acquire, and Implement (BAI)? Ans: Managed knowledge,
managed organizational change, and managed availability
and capacity
8. Each of the following objectives falls within the
domain Monitor, Evaluate, and Assess (MEA), except for
the following? Ans: Managed problems
9. Each of the following are components of the
governance system except which of the following? Ans:
External stakeholders, culture, and competencies
10. A piece of hardware that connects devices within a
network by reading and converting protocols so that
traffic can be transmitted across those devices is most
likely which of the following network components? Ans:
Gateway
© 2025 All rights reserved
, 3 | Page
11. Which of the following best describes a benefit of
using a cloud service provider (CSP)? Ans: Redundancy
and the ability to recover from a disaster is improved
12. Gibbs Energy Inc. is a power producer and
distribution network operator that runs a power grid
which generates, transmits, and distributes power to
customers. These core business functions require a large
amount of computing power to run highly customized
software applications. These applications often require
modifications to the operating system. Since the usage of
energy and computing power varies, Gibbs rents servers,
storage, and firewalls from a cloud service provider (CSP).
What type of CSP does Gibbs most likely use? Ans:
Infrastructure-as-a-Service
13. A cloud service provider's vision is to provide reliable
and consistent network connectivity for all customers.
Part of its corporate strategy for achieving that is heavily
reliant on all of the following except: Ans: Utilizing a
community cloud deployment model
14. When evaluating a cloud service provider's data
security measures, a company would appropriately
consider each of the following risk factors, except: Ans:
The provider's vertical scalability
15. An accounting information system (AIS) is
distinguished from an enterprise resource planning (ERP)
system by the fact that: Ans: An AIS stores financial data,
whereas an ERP stores shipping data
© 2025 All rights reserved
CPA ISC Missed MCQs Exam
Questions with Correct Answers latest
1. Which of the following framework functions in the
Privacy Framework Core best describes the function that
would include categories such as identity management,
authentication, and access control, as well as data
security? Ans: Protect
2. Which of the following framework functions in the
Privacy Framework Core best describes how the
organization should drive dialogue around privacy risks
related to data processing activities? Ans: Communicate
3. Which of the following organizations would most likely
be considered a covered entity under the Health
Insurance and Portability Act (HIPAA)? Ans: A business
specializing in physical therapy for patients with knee
and back issues, coordinating with each patients' primary
physician
4. TampCorp is an organization based out of Italy
specializing in the data processing of third-party human
resources data. TampCorp collects the human resource
data on all clients and houses the information on
company servers located in northern Italy, but the
processing is conducted remotely from the United States.
Which of the following best describes TampCorp's
application of general data protection regulation (GDPR)?
Ans: TampCorp must comply with GDPR
© 2025 All rights reserved
, 2 | Page
5. Which CIS Control best describes using processes and
tools to create, align, manage, and revoke access
credentials and privileges for user, administrator and
service accounts for enterprise assets and software? Ans:
Control 6: Access Control Management
6. Which CIS Control best describes the establishment of
a program to develop and maintain policies, plans,
procedures, defined roles, training, and communication
to prepare, detect, and quickly react to an attack? Ans:
Incident Response Management
7. Under the COBIT core model, which of the following
groups of objectives would best be classified as Build,
Acquire, and Implement (BAI)? Ans: Managed knowledge,
managed organizational change, and managed availability
and capacity
8. Each of the following objectives falls within the
domain Monitor, Evaluate, and Assess (MEA), except for
the following? Ans: Managed problems
9. Each of the following are components of the
governance system except which of the following? Ans:
External stakeholders, culture, and competencies
10. A piece of hardware that connects devices within a
network by reading and converting protocols so that
traffic can be transmitted across those devices is most
likely which of the following network components? Ans:
Gateway
© 2025 All rights reserved
, 3 | Page
11. Which of the following best describes a benefit of
using a cloud service provider (CSP)? Ans: Redundancy
and the ability to recover from a disaster is improved
12. Gibbs Energy Inc. is a power producer and
distribution network operator that runs a power grid
which generates, transmits, and distributes power to
customers. These core business functions require a large
amount of computing power to run highly customized
software applications. These applications often require
modifications to the operating system. Since the usage of
energy and computing power varies, Gibbs rents servers,
storage, and firewalls from a cloud service provider (CSP).
What type of CSP does Gibbs most likely use? Ans:
Infrastructure-as-a-Service
13. A cloud service provider's vision is to provide reliable
and consistent network connectivity for all customers.
Part of its corporate strategy for achieving that is heavily
reliant on all of the following except: Ans: Utilizing a
community cloud deployment model
14. When evaluating a cloud service provider's data
security measures, a company would appropriately
consider each of the following risk factors, except: Ans:
The provider's vertical scalability
15. An accounting information system (AIS) is
distinguished from an enterprise resource planning (ERP)
system by the fact that: Ans: An AIS stores financial data,
whereas an ERP stores shipping data
© 2025 All rights reserved
