Chapter 15 Quiz
The Sarbanes-Oxley (SOX) Act was created to protect shareholders by requiring publicly traded companies to validate controls securing financial data. True False
False
A hybrid firewall combines several different functions in a single appliance. True False
True
Data analytics enables you to understand what is happening on a network. True False
True
Governance is generally used to demonstrate to management, customers, and auditors that your information security program is operating as outlined in your policies, procedures, and practices. True False
True
Some firewalls can be partitioned into multiple virtual firewalls, each with its own security policy, interfaces, and configuration. True False
True
The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student information. True False
True
The Payment Card Industry Data Security Standard (PCI DSS) ensures the confidentiality, integrity, and availability of cardholder data and transaction-processing functions. True False
True
Strong encryption supports: availability. confidentiality. governance. integrity.
confidentiality
What is an encryption standard that was designed to scale upward with longer keys? Advanced Encryption Standard (AES) Triple Data Encryption Standard (3DES) Data Encryption Standard (DES) IP Multimedia Subsystem (IMS)
Advanced Encryption Standard (AES)
Which of the following is NOT an example of a vanishing network perimeter? Coffee shop Demilitarized zone (DMZ) Hotel Wi-Fi café
Demilitarized zone (DMZ)
Which term describes a technology that performs deep-content inspection within a scope defined by a central management console? IP Multimedia Subsystem (IMS) Information Technology Infrastructure Library (ITIL) Governance, risk, and compliance (GRC) Data leakage prevention (DLP)
Data leakage prevention (DLP)
________ is the concept that data is subject to the laws of a country in which it is stored, and is becoming a challenge for businesses as their operations move to the cloud. Governance, risk, and compliance The Internet of Things Data sovereignty Data leakage prevention
Data sovereignty
Availability deals with keeping information, networks, and systems secure from unauthorized access. True False
False
Which of the following is BEST described as processes and procedures intended to help ensure that employees will follow security policies? Access controls Compliance Governance Integrity
Governance
Juan is a network engineer. His manager has tasked him with gathering concrete metrics on network security and operations. Juan selects the most popular performance metrics methodology. What is it? Data analytics A bandwidth utilization tool Advanced Encryption Standard (AES) Information Technology Infrastructure Library (ITIL)
Information Technology Infrastructure Library (ITIL)
A major online retailer was recently hacked, and the secure banking data and other personal information of tens of thousands of users were stolen. Who or what is the most likely culprit? Competitor Ethical hacker Organized crime group Script kiddie
Organized crime group
802.1x authentication requires connecting systems to authenticate using public key infrastructure (PKI) machine certificates. True False
True
The Safeguards Rule within the Gramm-Leach-Bliley Act (GLBA) requires financial institutions to develop and comply with a comprehensive information security policy that includes safeguards for the handling of sensitive customer information. True False
True
With a cloud-based firewall, the firewall functions are performed in the cloud. True False
True
All of the following are true about data leakage prevention (DLP), EXCEPT: it identifies, monitors, and protects data in use, data in motion, and data at rest. it performs deep-content inspection. it is usually deployed at multiple locations within an environment. it cannot scan social media accounts.
it cannot scan social media accounts.
