Coursera Hipaa
13 community-sourced questions and answers. Free — no login.
A security attack is defined as which of the following?
An event that has been identified by correlation and analytics tools as a malicious activity.
Which order does a typical compliance process follow?
Establish scope, readiness assessment, gap remediation, testing/auditing, management reporting
Under GDPR who determines the purpose and means of processing of personal data?
Controller
Under the International Organization for Standardization (ISO) which standard focuses on Privacy?
ISO 27018
Which SOC report is closest to an ISO report?
Type 1
What is an auditor looking for when they test control the control for implementation over an entire offering with no gaps?
Completeness
The HIPAA Security Rule requires covered entities to maintain which three (3) reasonable safeguards for protecting e-PHI?
technical administrative physical
HIPAA Administrative safeguards include which two (2) of the following?
Workforce training and management Security Personnel
Who is the governing entity for HIPAA?
NOT US Legislature NOT Department of Homeland Security NOT Cyber Security and Infrastructure Security Agency (CISA) US Department of Health and Human Services Office of Civil Rights
HIPAA Physical safeguards include which two (2) of the following?
Facility Access and Control Workstation and Device Security
PCI uses which three (3) of the following Card Holder Data Environment categories to determine scope?
0.5 People --- 0.5 Technology--- Processes (correct then i guess) Governance ---
One PCI Requirement is using an approved scanning vendor to scan at what frequency?
Quarterly
In which CIS control category will you find Incident Response and Management?
Organizational
Looking for a different version?
CBTs get updated every year. Search for the exact version you're taking (e.g. "cyber awareness 2025").
Search all study materials