Final (Chapters 13 - 15)

¡Supera tus tareas y exámenes ahora con Quizwiz!

The regulating agency for the Family Educational Rights and Privacy Act is the ________. A. Department of Health and Human Services B. U.S. Department of Education C. Securities and Exchange Commission D. FTC

B. U.S. Department of Education

Information regulated under the Gramm-Leach-Bliley Act is ________. A. corporate financial information B. consumer financial information C. federal information systems D. protected health information

B. consumer financial information

CompTIA's Security+ certification provides ________. A. four main credentials, each addressing a different security professional role B. entry-level information security certification of choice for IT professionals C. several credentials that focus on both general and Web-related security D. more than 20 individual credentials that span several information security job disciplines

B. entry-level information security certification of choice for IT professionals

What term is used to describe any personally identifiable financial information that a consumer provides to a financial institution? A. covered entity B. nonpublic personal information (NPI) C. personally identifiable information (PII) D. directory information

B. nonpublic personal information (NPI)

"There are so many demands on your time, it is often difficult to justify setting aside time to study. Also, you may find that self-study takes more time than you planned." This is a disadvantage to choosing the self-study option that can be labeled ________. A. resource selection B. procrastination C. lack of interaction D. quality issues

B. procrastination

The four main areas in NIST SP 800-50 are awareness, training, education, and __________________. A. academic excellence B. professional development C. certification D. responsibility

B. professional development

FISMA requires each federal agency to create an agency-wide information security program that includes a plan to fix weaknesses in the program. This is referred to as ________. A. testing and evaluation B. remedial action C. incident response D. subordinate plans

B. remedial action

A master's degree program goes beyond the level of a bachelor's degree program and generally consists of ___________ year(s) of study beyond a bachelor's degree. A. one B. two C. three D. four

B. two

One type of degree that many institutions offer is the associate's degree. This degree is the most accessible because it generally represents a _________ program. A. one-year B. two-year C. three-year D. four-year

B. two-year

Which is the highest level of Check Point certification for network security? A. CCMA B. CCSPA C. CCSA D. CCSE

A. CCMA

The ____________ concentration from (ISC)2 is the road map for incorporating security into projects, applications, business processes, and all information systems. A. CISSP-ISSEP® B. CISSP-ISSAP® C. CISSP-ISSMP® D. CSSLP®

A. CISSP-ISSEP®

(ISC)2 offers the ________________ credential, which is one of the few credentials that address developing secure software. It evaluates professionals for the knowledge and skills necessary to develop and deploy secure applications. A. Certified Secure Software Lifecycle Professional B. Certified Information Systems Security Professional C. Certified Authorization Professional D. Systems Security Certified Practitioner

A. Certified Secure Software Lifecycle Professional

The regulating agency for the Gramm-Leach-Bliley Act is the ________. A. FTC B. U.S. Department of Education C. Office of Management and Budget D. Securities and Exchange Commission

A. FTC

The ________________ ,enacted as part of the American Recovery and Reinvestment Act of 2009, was designed to promote the widespread adoption and standardization of health information technology. A. HITECH Act B. Federal Information Systems Management Act C. Sarbanes-Oxley Act D. Office for Civil Rights

A. HITECH Act

What name is given to educational institutions that meet specific federal information assurance educational guidelines? A. National Centers of Academic Excellence in Information Assurance Education (CAE/IAE) B. accredited institutions C. continuing education centers D. National Centers of Academic Excellence in Research (CAE/R)

A. National Centers of Academic Excellence in Information Assurance Education (CAE/IAE)

A certificate of completion is a document that is given to a student upon completion of the program and is signed by the instructor. A. True B. False

A. True

An information security safeguard is also called an information security control. A. True B. False

A. True

Certifications that require additional education generally specify the number of credits each certificate requires. A. True B. False

A. True

Employers do use certifications to help assess prospects, but the best assessment is the prospect's actual performance. A. True B. False

A. True

FISMA requires federal agencies to secure national security systems (NSSs) using a risk-based approach. A. True B. False

A. True

Information systems security is about ensuring the confidentiality, integrity, and availability of IT infrastructures and the systems they comprise. A. True B. False

A. True

Most certifications require certification holders to pursue additional education each year to keep their certifications current. A. True B. False

A. True

One of the most important parts of a FISMA information security program is that agencies test and evaluate it. A. True B. False

A. True

Privacy is a person's right to control the use and disclosure of his or her own personal information. A. True B. False

A. True

The Infotec Security Certified Program (SCP) certification programs apply mainly to network security topics and are most appropriate for professionals involved in securing network components within the IT infrastructure. A. True B. False

A. True

The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas. A. True B. False

A. True

The purpose of DoD Directive 8570.01 is to reduce the possibility that unqualified personnel can gain access to secure information. A. True B. False

A. True

Today, one of the most common methods for identifying what skills a security professional possesses is his or her level of certification. A. True B. False

A. True

Under FISMA, all federal agencies must report security incidents to the U.S. Computer Emergency Readiness Team. A. True B. False

A. True

Whereas MS programs prepare students to perform information security work, MBA programs prepare students to manage and maintain the people and environment of information security. A. True B. False

A. True

The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree. A. continuing education B. academic excellence C. National Centers of Academic Excellence D. standards

A. continuing education

Health plans, health care clearinghouses, and any health care provider that transmits PHI in an electronic form are known as ________ under HIPAA. A. covered entities B. business associates C. protected health information D. exceptions to the Privacy Rule

A. covered entities

Tier C violations under the HITECH Act are ________. A. violations due to willful neglect that the organization ultimately corrected B. violations of willful neglect that the organization did not correct C. violations due to reasonable cause, but not "willful neglect" D. violations in which the offender didn't realize he or she violated the act and would have handled the matter differently if he or she had

A. violations due to willful neglect that the organization ultimately corrected

________ refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards. A. Continuing education B. Accredited C. Continuing professional education (CPE) D. Certificate of completion

B. Accredited

What name is given to a document that verifies that a student has completed courses and earned a sufficient score on an assessment? A. National Centers of Academic Excellence in Information Assurance Education (CAE/IAE) B. Certificate of completion C. Accredited D. Continuing education diploma

B. Certificate of completion

A breach is a violation of computer security policies or practices. A. True B. False

B. False

A professional certification states that you have taken the course and completed the tasks and assignments. A. True B. False

B. False

DoD Directive 8570.01 is a voluntary certification requirement and has increased the number of personnel who pursue certifications. A. True B. False

B. False

FISMA applies to all privately held companies and their IT systems. A. True B. False

B. False

Federal agencies fall under the legislative branch of the U.S. government. A. True B. False

B. False

In general, security training programs are identical to security education programs with respect to their focus on skills and in their duration. A. True B. False

B. False

The United States has one comprehensive data protection law known as the Personal Information Protection and Electronic Documents Act. A. True B. False

B. False

The most difficult and slowest option for IT security training is studying materials yourself. A. True B. False

B. False

The purpose of continuing education is to provide informal training courses for interested students. A. True B. False

B. False

The standard bachelor's designation is a four-year diploma program. A. True B. False

B. False

Which is Cisco's highest level of certification? A. Master B. Expert C. Architect D. Professional

C. Architect

The ____________ concentration from (ISC)2 contains deeper managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a business continuity planning program. A. CISSP-ISSEP® B. CISSP-ISSAP® C. CISSP-ISSMP® D. CSSLP®

C. CISSP-ISSMP®

The best fits for (ISC)2's _____________ are personnel responsible for developing and implementing processes used to assess risk and for establishing security requirements. A. Certified Secure Software Lifecycle Professional B. Certified Information Systems Security Professional C. Certified Authorization Professional D. Systems Security Certified Practitioner

C. Certified Authorization Professional

The four main credentials of the ________ are Systems Security Certified Practitioner (SSCP®), Certified Information Systems Security Professional (CISSP®), Certified Authorization Professional (CAP®), and Certified Secure Software Lifecycle Professional (CSSLP®). A. GIAC/SANS Institute B. Infotec Security Certified Program C. International Information Systems Security Certification Consortium, Inc. (ISC)2 D. Information Systems Audit and Control Association

C. International Information Systems Security Certification Consortium, Inc. (ISC)2

Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______. A. OPM B. NIST C. NSA D. Computer Security Act of 1987

C. NSA

The regulating agency for the Federal Information Systems Management Act is the ________. A. FTC B. U.S. Department of Education C. Office of Management and Budget D. Securities and Exchange Commission

C. Office of Management and Budget

____________ is a person's right to control the use and disclosure of his or her own personal information. A. Security B. Disclosure C. Privacy D. Integrity

C. Privacy

Under HIPAA, an organization that performs a health care activity on behalf of a covered entity is known as a(n) ________. A. privately held company B. covered entity C. business associate D. agency

C. business associate

What name is given to patient health information that is computer based? A. personally identifiable information (PII) B. privately held information C. electronic protected health information (EPHI) D. directory information

C. electronic protected health information (EPHI)

The standard bachelor's degree is a __________ program. A. two-year B. three-year C. four-year D. six-year

C. four-year

The ________ is a regulation that covered entities may disclose only the amount of protected health information absolutely necessary to carry out a particular function. A. nonpublic personal information (NPI) B. directory information C. minimum necessary rule D. electronic protected health information (EPHI)

C. minimum necessary rule

FISMA requires each federal agency to create an agency-wide information security program that includes training employees, contractors, and any other users of their IT systems. This is referred to as ________. A. testing and evaluation B. remedial action C. security awareness training D. subordinate plans

C. security awareness training

Which of the following is the definition of continuing professional education (CPE)? A. A document that verifies that a student has completed courses and earned a sufficient score on an assessment. B. Educational institutions that meet specific federal information assurance educational guidelines. C. Refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards. D. A standard unit of credit that equals 50 minutes of instruction.

D. A standard unit of credit that equals 50 minutes of instruction.

________ is information that is publicly available about all students at a school. A. Minimum necessary rule B. Nonpublic personal information (NPI) C. Personally identifiable information (PII) D. Directory information

D. Directory information

The regulating agency for the Children's Internet Protection Act is the ________. A. Department of Health and Human Services B. U.S. Department of Education C. Securities and Exchange Commission D. FCC

D. FCC

Which regulating agency has oversight for the Children's Internet Protection Act? A. Department of Health and Human Services B. U.S. Department of Education C. Office for Civil Rights D. FCC

D. FCC

____________ creates standards that federal agencies use to classify their data and IT systems. A. FERPA B. FISMA C. GLBA D. NIST

D. NIST

The ____________________ is responsible for FISMA compliance. A. FTC B. Securities and Exchange Commission C. Department of Health and Human Services D. Office of Management and Budget (OMB)

D. Office of Management and Budget (OMB)

The regulating agency for the Sarbanes-Oxley Act is the ________. A. FTC B. U.S. Department of Education C. Office of Management and Budget D. Securities and Exchange Commission

D. Securities and Exchange Commission

(ISC)2 offers the ________ credential, which is ideal for those who are working toward or already hold positions as senior network security engineers, senior security systems analysts, or senior security administrators. It covers the seven domains of best practices for information security. A. Certified Information Systems Security Professional B. Certified Secure Software Lifecycle Professional C. Certified Authorization Professional D. Systems Security Certified Practitioner

D. Systems Security Certified Practitioner

In the legal system, ________ is the act of following laws, rules, and regulations that apply to organizations. A. disclosure B. responsibility C. control D. compliance

D. compliance

An educational program that is generally associated with a college or university that provides formal courses that do not lead to degrees is the definition of ________. A. continuing professional education (CPE) B. accreditation C. certificate of completion D. continuing education

D. continuing education

Information regulated under the Sarbanes-Oxley Act is ________. A. protected health information B. federal information systems C. consumer financial information D. corporate financial information

D. corporate financial information

With university doctoral programs, completing the degree requirements takes ________. A. two years B. three years C. five years D. no standard time frame

D. no standard time frame


Conjuntos de estudio relacionados

Grade 10 - Chemistry - Atomic Structure Basic

View Set

Environmental Science H // Chapter 3

View Set

APA Manual Ch.7 Reference Examples

View Set

Advanced Marketing - Fall Final Exam

View Set