510 questions with instant explanations, domain breakdown, and wrong-answer analysis. Built for the real exam.
This is exactly what you see during practice — question, options, and a full explanation after you answer.
A global financial firm must comply with GDPR and SOX. The CISO wants to consolidate controls across frameworks using a single set of controls. Which approach best addresses this requirement?
Adopting a unified control framework such as NIST SP 800-53 allows the firm to map controls from GDPR and SOX into a single, comprehensive set, reducing duplication and ensuring consistent compliance. This approach leverages the framework's catalog of controls, which can be tailo…Read full explanation
A healthcare organization is planning to migrate patient data to a cloud provider. The risk assessment identifies that the provider's SOC 2 report does not cover HIPAA controls. What is the BEST course of action?
Option B is correct because a BA agreement is required under HIPAA to ensure the provider contractually agrees to safeguard ePHI. Option A is wrong because the risk assessment should drive decisions, not just acceptance. Option C is wrong because encryption does not eliminate the…Read full explanation
An organization wants to ensure that its third-party vendors comply with the company's security policies. Which of the following is the MOST effective method?
Including security requirements in contracts and conducting periodic audits is the most effective method because it creates a legally binding obligation for vendors to adhere to the organization's security policies, and audits provide direct, verifiable evidence of compliance. Un…Read full explanation
Answer at your own pace. Explanation and domain tag shown immediately after each answer.
Countdown timer starts immediately. Results and domain scores shown at the end — just like the real exam.
Full explanations on every question
Not just the right answer — you get exactly why each wrong option is wrong, so you learn the concept, not the answer.
Domain score breakdown
After each session see your score by exam domain so you know exactly where to focus study time.
100% free, forever
No subscription, no trial, no email wall. Start a session in under 10 seconds.
Exam-style questions
Scenario-based, precise wording, realistic distractors — written to match what you actually see on exam day.