KeyTrain's Key Training — Compliance & Governance — free practice exam
20 original practice questions aligned to official exam domains. Run a timed, domain-weighted quiz in your browser — no login required.
Exam domains
| Domain | Weight |
|---|---|
| HIPAA | 20% |
| Policy adherence | 20% |
| Audit readiness | 20% |
| Documentation | 20% |
| Risk management alignment | 20% |
Sample practice questions
- Annual risk register omits cloud misconfiguration threats. Update?
- Audit finds developers pushing code without peer review despite policy. Gap?
- Auditors request proof of privileged access reviews; team has screenshots but no tickets. Gap?
- Auditors request sample of privileged access reviews; team has ad hoc emails only. Improvement?
- Business associate agreement missing for cloud backup vendor storing ePHI. Risk?
- Change records missing for emergency firewall rule during incident. Fix for next time?
- A clinic texts patient results via personal SMS. Violation concern?
- Data flow diagrams for PHI are missing for a new SaaS tool. Why needed?
- Developers bypass code review using emergency break-glass accounts weekly. Issue?
- Employees use personal cloud storage for work files against AUP. Response?
- A high-risk finding is accepted without expiration date. Problem?
- Incident response fails because network diagrams are six years out of date. Improvement?
- Leadership accepts ransomware risk without backup testing or IR exercises. Problem?
- Log retention is 30 days but audit needs 90. Finding?
- Minimum necessary principle means what for a billing clerk?
- Network diagram last updated five years ago. Risk during incident?
- Third-party risk scores are collected but not tied to contract renewals. Gap?
- IR playbooks exist but contacts are outdated after reorg. Priority?
- Policy requires annual security training; 40% overdue. Metric to report?
- A vendor offers free analytics on ePHI if they sign a BAA. What must you verify?