PECB Lead SOC 2 Analyst Exam Questions

Question 6 of 79

Which of the following regulations do the CIS Controls help organizations conform to?

A.

PCI DSS, HIPAA, GDPR

B.

OSHA, ADA, EPA

C.

FDIC, SEC, FTC

Question 7 of 79

What is the shared focus of SOC 2 and NIST 800-53 regarding security controls?

A.

Implementing security controls without considering risks

B.

Prioritizing system availability over security measures

C.

Guiding on the selection and application of security controls

Question 8 of 79

An organization is struggling with inconsistent implementation of security controls across different departments, leading to compliance gaps. How can TSC mapping help address this challenge?

A.

By mandating the use of identical security controls across all departments, regardless of their specific risk profiles

B.

By providing a standardized framework for mapping and aligning security controls with different departments' compliance needs, promoting consistency

C.

By replacing existing departmental security policies with a centralized, TSC-based security policy applicable to the entire organization

Question 9 of 79

What is the primary difference between a SOC 2 Type 1 and SOC 2 Type 2 report?

A.

SOC 2 Type 1 evaluates the design and implementation of controls at a specific point in time, while SOC 2 Type 2 examines the controls over time

B.

SOC 2 Type 1 is conducted by internal auditors, while SOC 2 Type 2 is conducted by independent auditors

C.

SOC 2 Type 1 does not assess adherence to the TSC, while SOC 2 Type 2 does

Question 10 of 79

How does the NIST Cybersecurity Framework strengthen the link between business objectives and cybersecurity measures?

A.

By focusing solely on industry-specific guidelines

B.

By incorporating the core, profiles, and implementation tiers

C.

By providing general cybersecurity best practices