Reference no: EM132154108
Answer the following Questions :
Question 1
HIPAA security regulations primarily apply to
transportation organizations.
financial organizations.
education organizations.
healthcare organizations.
Question 2
Objectives, purpose, policy, exceptions, and disciplinary actions are the
summary of a policy.
goal of a policy.
outline of a policy.
rules of a policy.
Question 3
Which is defined as the structure for determining the clearance level of an individual, which must match the classification of data, in order to be granted access?
For Your Eyes Only
Top Secret
Secret
Mandatory Access Control
Question 4
Which of the following is NOT a type of background check?
Criminal history
License verification
Family history
Civil records
Question 5
Which of the following is NOT a component of a good security incident reporting program?
Training users to recognize suspicious incidents
Updating antivirus software signature files
Establishing your incident response team
Establishing a system for reporting incidents
Question 6
Which of the following is NOT a type of employment agreement?
Monitoring and auditing agreement
Employee information security agreement
Affirmation agreement
Acceptable use agreement
Question 7
When it comes to disposal of difficult drives that contain company information
it's okay to just dump them in the trash.
all you need to do is reformat the drive.
zeroization is the recommended practice.
all that is needed to do is format the master boot record.
Question 8
This access control method is characterized by the information owner being responsible for assigning privileges to appropriate users.
MAC
RBAC
DAC
PAC
Question 9
If employees using a company-provided application system find what they think is a loophole that allows access to confidential data, they should
alert their manager and the ISO immediately.
verify and test the alleged loophole before alerting anyone.
not say anything, unless they are a member of the Incident Response team.
alert their manager whenever they happen to have a chance to do so.
Question 10
A threat assessment is a(n)
identification of types of threats an organization might be exposed to.
systematic rating of threats based upon level of risk and probability.
potential level of impact.
likelihood of a threat materializing.
Question 11
Which organization, according to the provisions of HIPAA, is mandated to develop and publish rules to implement the HIPAA administrative simplification requirements?
The FDIC
The Department of Health and Human Services
The Office of the Attorney General
The OCS
Question 12
Which is the first requirement set forth by the security management process part of HIPAA's administrative safeguards?
A penetration test
A vulnerability assessment
A risk assessment
A disaster recovery assessment
Question 13
Which of the following concerns federal agencies?
FISMA
FERPA
SOX
GLBA
Question 14
Students have a right to file complaints against a school for disclosing educational records in violation of which federal law?
HIPAA
FERPA
FISMA
SOX
Question 15
Which of the following is true about small businesses?
Small businesses can fall under a federal mandate that governs how they handle protected information.
Small businesses are too small to fall under any federal mandates.
All small businesses are regulated by the Small Business Security Act when it comes to safeguarding protected information.
All of the above
Question 16
Incident reporting is the responsibility of
any employee who discovers an incident.
the CEO.
the ISO.
departmental managers.
Question 17
Keeping the policy documents separate from the procedures, standards, and guidelines is
combining policies and procedures.
the preferred approach to organizing information security policies, procedures, standards and guidelines.
not the preferred approach to organizing information security policies, procedures, standards, and guidelines.
combining standards and guidelines.
Question 18
A guideline can best be defined as a
requirement.
suggestion
series of directions
law.
Question 19
This classification level is used by business organizations for data that are used internally by an organization for the purpose of conducting company business.
Sensitive
Top Secret
Secret
Restricted
Question 20
There is a growing trend of replacing traditional acceptable use agreements with
Employee information security affirmation agreements
employee internet security affirmation agreements.
Security policies
Employee manuals
Question 21
Explain the steps to achieving acceptance of an information security policy within an organization
HTML Editor
Keyboard Shortcuts
Question 22
Define and provide examples for each of the following terms: (1) deny all security posture, (2) need to know security posture, and (3) least privilege security posture.
HTML Editor
Keyboard Shortcuts
Question 23
Evaluate the relationship between GLBA and ISO 17799.
HTML Editor
Keyboard Shortcuts
Question 24
How do COSO and CobiT® vary from ISO 17799?
HTML Editor
Keyboard Shortcuts