Bird
0
0

A company claims to follow a compliance framework but does not encrypt sensitive data as required. What is the main issue?

medium📝 Analysis Q14 of 15
Cybersecurity - Compliance and Governance
A company claims to follow a compliance framework but does not encrypt sensitive data as required. What is the main issue?
AEncryption is optional in all frameworks
BThey are fully compliant with the framework
CThey are ignoring a key security requirement
DThey have improved security by skipping encryption
Step-by-Step Solution
Solution:

  1. Step 1: Identify the framework requirement

    The framework requires encryption of sensitive data as a key security step.

  2. Step 2: Analyze the company's action

    Not encrypting data means ignoring an important security rule, causing non-compliance.

  3. Final Answer:

    They are ignoring a key security requirement -> Option C

  4. Quick Check:

    Missing encryption = Ignoring rules [OK]
Quick Trick: Missing required steps means ignoring rules [OK]
Common Mistakes:
MISTAKES
  • Thinking encryption is optional
  • Assuming skipping encryption improves security
  • Believing they are fully compliant

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Cybersecurity Quizzes
Compliance and Governance - HIPAA for healthcare data - Quiz 2easy Compliance and Governance - PCI DSS for payment data - Quiz 4medium Digital Forensics - Mobile device forensics - Quiz 7medium Digital Forensics - Network forensics - Quiz 6medium Digital Forensics - Network forensics - Quiz 7medium Emerging Security Topics - Why security evolves with technology - Quiz 1easy Emerging Security Topics - Supply chain security - Quiz 7medium Incident Response - Incident response lifecycle - Quiz 8hard Security Architecture and Design - Network segmentation - Quiz 9hard Security Architecture and Design - Microservices security architecture - Quiz 8hard