CCSP Question #710: Real Exam Question with Answer & Explanation

The correct answer is A: FIPS 140-2. The FIPS 140-2 standard pertains to the certification of cryptographic modules and is not a regulatory framework. The Payment Card Industry Data Security Standard (PCI DSS), the Federal Risk and Authorization Management Program (FedRAMP), and the Health Insurance Portability and

Submitted by helene.fr· Apr 18, 2026Legal, Risk and Compliance

Question

Above and beyond general regulations for data privacy and protection, certain types of data are subjected to more rigorous regulations and oversight. Which of the following is not a regulatory framework for more sensitive or specialized data?

Options

AFIPS 140-2
BFedRAMP
CPCI DSS
DHIPAA

Explanation

The FIPS 140-2 standard pertains to the certification of cryptographic modules and is not a regulatory framework. The Payment Card Industry Data Security Standard (PCI DSS), the Federal Risk and Authorization Management Program (FedRAMP), and the Health Insurance Portability and Accountability Act (HIPAA) are all regulatory frameworks for sensitive or specialized data.

Topics

#Regulatory frameworks#Compliance standards#Sensitive data protection#Data privacy regulations

Community Discussion

No community discussion yet for this question.

Full CCSP Practice Browse All CCSP Questions