ISO 27018 Foundations Quiz

Test your understanding of cloud privacy fundamentals.

Question 1

What does ISO 27018 specifically address?

A) General cloud security B) PII protection in public cloud computing ✓ C) Private cloud security D) Data center physical security

Which standard does ISO 27018 build upon?

A) ISO 9001 B) ISO 27001 and ISO 27002 ✓ C) ISO 22301 D) ISO 31000

What is PII?

A) Protected Internet Information B) Personally Identifiable Information ✓ C) Private Internal Information D) Primary Identification Interface

True or False: ISO 27018 is legally required in the European Union.

A) True B) False ✓

ISO 27018 is a voluntary standard. GDPR is the legal requirement in the EU.

Which is NOT one of the core PII processing principles?

A) Consent and Choice B) Collection Limitation C) Profit Maximization ✓ D) Data Minimization

What must a CSP do before engaging a new sub-processor?

A) Nothing, it's their decision B) Notify the customer in advance ✓ C) Wait 90 days D) Get government approval

How long does ISO 27018 recommend for PII deletion after contract termination?

A) Immediately B) Within 30-90 days ✓ C) Within 1 year D) Never required

What is data minimization?

A) Reducing storage costs B) Processing only the minimum PII necessary ✓ C) Minimizing data breaches D) Reducing data center size

Who is responsible for obtaining consent from end users?

A) The cloud service provider B) The cloud customer ✓ C) The sub-processor D) The data protection authority

What should a cloud customer agreement include?

A) Data processing terms B) Sub-processor list C) Audit rights D) All of the above ✓

Passing Score: 8/10 (80%)

Next Module: PII Control Categories - Learn the specific controls for cloud privacy protection.