PECB Lead SOC 2 Analyst Exam Questions

Question 6 of 79

Which of the following regulations do the CIS Controls help organizations conform to?

PCI DSS, HIPAA, GDPR

OSHA, ADA, EPA

FDIC, SEC, FTC

Correct Answer: A

Question 7 of 79

What is the shared focus of SOC 2 and NIST 800-53 regarding security controls?

Implementing security controls without considering risks

Prioritizing system availability over security measures

Guiding on the selection and application of security controls

Correct Answer: C

Question 8 of 79

An organization is struggling with inconsistent implementation of security controls across different departments, leading to compliance gaps. How can TSC mapping help address this challenge?

By mandating the use of identical security controls across all departments, regardless of their specific risk profiles

By providing a standardized framework for mapping and aligning security controls with different departments' compliance needs, promoting consistency

By replacing existing departmental security policies with a centralized, TSC-based security policy applicable to the entire organization

Correct Answer: B

Question 9 of 79

What is the primary difference between a SOC 2 Type 1 and SOC 2 Type 2 report?

SOC 2 Type 1 evaluates the design and implementation of controls at a specific point in time, while SOC 2 Type 2 examines the controls over time

SOC 2 Type 1 is conducted by internal auditors, while SOC 2 Type 2 is conducted by independent auditors

SOC 2 Type 1 does not assess adherence to the TSC, while SOC 2 Type 2 does

Correct Answer: A

Question 10 of 79

How does the NIST Cybersecurity Framework strengthen the link between business objectives and cybersecurity measures?

By focusing solely on industry-specific guidelines

By incorporating the core, profiles, and implementation tiers

By providing general cybersecurity best practices

Correct Answer: B