(TCO 1) HIPAA security regulations primarily apply to transportation organizations. financial organizations. education organizations. healthcare organizations.
(TCO 2) Objectives, purpose, policy, exceptions, and disciplinary actions are the summary of a policy. goal of a policy. outline of a policy. rules of a policy.
(TCO 3) Which is defined as the structure for determining the clearance level of an individual, which must match the classification of data, in order to be granted access? For Your Eyes Only Top Secret Secret Mandatory Access Control
(TCO 4) Which of the following is NOT a type of background check? Criminal history License verification Family history Civil records
(TCO 5) Which of the following is NOT a component of a good security incident reporting program? Training users to recognize suspicious incidents Updating antivirus software signature files Establishing your incident response team Establishing a system for reporting incidents
(TCO 4) Which of the following is NOT a type of employment agreement? Monitoring and auditing agreement Employee information security agreement Affirmation agreement Acceptable use agreement
(TCO 6) When it comes to disposal of difficult drives that contain company information it’s okay to just dump them in the trash. all you need to do is reformat the drive. zeroization is the recommended practice. all that is needed to do is format the master boot record.
(TCO 7) This access control method is characterized by the information owner being responsible for assigning privileges to appropriate users. MAC RBAC DAC PAC
(TCO 8) If employees using a company-provided application system find what they think is a loophole that allows access to confidential data, they should alert their manager and the ISO immediately. verify and test the alleged loophole before alerting anyone. not say anything, unless they are a member of the Incident Response team. alert their manager whenever they happen to have a chance to do so.
(TCO 9) A threat assessment is a(n) identification of types of threats an organization might be exposed to. systematic rating of threats based upon level of risk and probability. potential level of impact. likelihood of a threat materializing.
(TCO 10) Which organization, according to the provisions of HIPAA, is mandated to develop and publish rules to implement the HIPAA administrative simplification requirements? The FDIC The Department of Health and Human Services The Office of the Attorney General The OCS
(TCO 10) Which is the first requirement set forth by the security management process part of HIPAA’s administrative safeguards? A penetration test A vulnerability assessment A risk assessment A disaster recovery assessment
(TCO 11) Which of the following concerns federal agencies? FISMA FERPA SOX GLBA
(TCO 11) Students have a right to file complaints against a school for disclosing educational records in violation of which federal law? HIPAA FERPA FISMA SOX
(TCO 12) Which of the following is true about small businesses? Small businesses can fall under a federal mandate that governs how they handle protected information. Small businesses are too small to fall under any federal mandates. All small businesses are regulated by the Small Business Security Act when it comes to safeguarding protected information. All of the above
(TCO 12) Incident reporting is the responsibility of any employee who discovers an incident. the CEO. the ISO. departmental managers.
(TCO 1) Keeping the policy documents separate from the procedures, standards, and guidelines is combining policies and procedures. the preferred approach to organizing information security policies, procedures, standards and guidelines. not the preferred approach to organizing information security policies, procedures, standards, and guidelines. combining standards and guidelines.
(TCO 2) A guideline can best be defined as a requirement. suggestion. series of directions. law.
(TCO 3) This classification level is used by business organizations for data that are used internally by an organization for the purpose of conducting company business. Sensitive Top Secret Secret Restricted
(TCO 4) There is a growing trend of replacing traditional acceptable use agreements with employee information security affirmation agreements. employee internet security affirmation agreements. security policies. employee manuals.
(TCO 1) Explain the steps to achieving acceptance of an information security policy within an organization
(TCO 7) Define and provide examples for each of the following terms: (1) deny all security posture, (2) need to know security posture, and (3) least privilege security posture.
(TCO 9) Evaluate the relationship between GLBA and ISO 17799.
(TCO 11) How do COSO and CobiT® vary from ISO 17799?