Get the Preplance app for a seamless learning experience. Practice offline, get daily streaks, and stay ahead with real-time interview updates.
Get it on
Google Play
4.9/5 Rating on Store
Cybersecurity Basics · Question Set
Compliance & Risk Frameworks interview questions for placements and exams.
Questions
10
Included in this set
Subject
Cybersecurity Basics
Explore more sets
Difficulty
Mixed
Level of this set
Go through each question and its explanation. Use this set as a focused practice pack for Cybersecurity Basics.
In risk management, one common model expresses risk as the product of threat, vulnerability and impact. This helps organisations prioritise risks and allocate resources accordingly. By quantifying risk this way, teams can identify which combinations of threat and vulnerability result in greatest impact and then design appropriate controls or mitigation plans.
For complete preparation, combine this set with full subject-wise practice for Cybersecurity Basics. You can also explore other subjects and sets from the links below.
ISO 27001 is an international standard that provides requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS). :contentReference[oaicite:0]{index=0} An ISMS gives an organization a systematic approach to managing sensitive company information so that it remains secure. Using ISO 27001 helps organizations build structured processes around risk, controls, monitoring and continuous improvement.
One of the key GDPR principles is data minimisation — organisations should only collect and process personal data which is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. :contentReference[oaicite:1]{index=1} Understanding GDPR principles such as lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality is essential for compliance roles.
Compliance refers to a state of adhering to laws, regulations, standards or policies. Audit is the process of conducting a systematic evaluation to determine whether the compliance state is achieved and maintained. In interview contexts, understanding this distinction shows you recognise both ongoing control activities (compliance) and assurance activities (audit). :contentReference[oaicite:2]{index=2}
PDCA (Plan-Do-Check-Act) is a continual improvement cycle used by ISO 27001 and other management standards. The organisation plans its ISMS, implements and operates it (Do), monitors and reviews it (Check), and then takes actions to improve (Act). :contentReference[oaicite:4]{index=4}
Under GDPR, organisations must perform a Data Protection Impact Assessment (DPIA) for processing operations that are likely to result in a high risk to individuals’ rights and freedoms. This assessment identifies, evaluates and mitigates privacy risks. :contentReference[oaicite:5]{index=5}
An effective GRC programme needs incident response to be tightly integrated. Governance sets policy and roles; risk management identifies and prioritises threats; compliance ensures controls are in place and audited. Incident response ties these together by providing processes to detect, contain, recover from and learn from incidents. The feedback loop from incidents into risk assessments and policy updates ensures continuous improvement. Demonstrating this integration shows maturity in compliance roles.
An internal audit is conducted by the organisation’s internal staff or internal audit department to evaluate compliance and effectiveness of controls. An external audit is performed by an independent certification body or regulator to verify compliance with standards or laws (e.g., ISO 27001 certification audit). A management review is a periodic senior management meeting to assess ISMS performance, allocate resources and approve improvements. Understanding these roles and how they feed into each other demonstrates interview readiness for compliance and risk roles.
Assessing third-party vendor risk is critical because organisations often rely on external suppliers that can introduce vulnerabilities. A structured vendor risk assessment examines vendor’s security posture, compliance certifications, contract terms, history of incidents, and controls. Interviewers expect candidates to know that vendor risk cannot be ignored just because the vendor is external; it must be managed, monitored and included in the organisation’s risk-treatment process. :contentReference[oaicite:3]{index=3}
Common compliance frameworks include ISO 27001 (an information security management standard), NIST Cybersecurity Framework (CSF) which provides a risk-based approach with functions Identify, Protect, Detect, Respond and Recover, and GDPR for data protection law in Europe. :contentReference[oaicite:6]{index=6} ISO 27001 focuses on establishing an ISMS and controlling information security risk. NIST CSF gives a high-level structure organisations can use to manage security risk and integrate with other standards. GDPR is a regulatory law that applies to personal data protection and has legal penalties for non-compliance. Understanding how they differ helps you explain framework selection and obligations in interviews.