Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CCSP All Questions

View all questions & answers for the CCSP exam
Go to Exam

Exam CCSP topic 1 question 325 discussion

Actual exam question from ISC's CCSP
Question #: 325
Topic #: 1
[All CCSP Questions]

Which of the following is NOT a major regulatory framework?

  • A. PCI DSS
  • B. HIPAA
  • C. SOX
  • D. FIPS 140-2
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
FIPS 140-2 is a United States certification standard for cryptographic modules, and it provides guidance and requirements for their use based on the requirements of the data classification. However, these are not actual regulatory requirements. The Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-
Oxley Act (SOX), and the Payment Card Industry Data Security Standard (PCI DSS) are all major regulatory frameworks either by law or specific to an industry.
by cisapriyank at Aug. 10, 2020, 5:21 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
JohnnyBG
9 months, 2 weeks ago
Selected Answer: A
PCI is not regulatory (Not from government)
upvoted 1 times
FranklinG
8 months, 2 weeks ago
PCI isn't a regulatory framework by law, but it is so to an industry. My answer is "D"
upvoted 1 times
...
...
Kneebee
1 year ago
My choice is answer "D". FIPS 140-2 is important, especially for government agencies and their contractors, it is not a broad regulatory framework that applies to a wide range of industries or organizations. Instead, it is a specific set of guidelines and requirements related to cryptographic security.
upvoted 1 times
...
Zeezee2
3 years ago
FIPS is the worst answer so I'll just roll with that one.
upvoted 2 times
...
evilwizardington
3 years, 9 months ago
Frameworks created by a group of industries are also considered regulatory (in that sector). PCI is mandatory for companies processing card payments.
upvoted 1 times
evilwizardington
3 years, 9 months ago
Also, the key work in the question is 'major'. That's why FIPS is not the answer.
upvoted 1 times
...
...
kap0306
3 years, 10 months ago
If Answer is D then question should be asked in different wording. It should include compliance framework
upvoted 2 times
...
Sa007788
3 years, 10 months ago
both PCSI DSS and FIPS are not regulatory framework
upvoted 2 times
...
Guivent
4 years ago
I think the answer should be PCI dss
upvoted 2 times
...
HCL
4 years ago
PCI DSS is a regulatory framework; while FIPS-140 is just a standard which has four levels.
upvoted 1 times
HCL
4 years ago
Correction: PCI DSS is a compliance framework
upvoted 1 times
...
...
CL888
4 years, 2 months ago
I agree, PCI is not even created by the government. FIPS should be the answer.
upvoted 1 times
...
bark101
4 years, 3 months ago
PCI is not regulatory it's a standard
upvoted 4 times
...
cisapriyank
4 years, 3 months ago
how is pci gegulatory
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel