ITN 267

The Payment Card Industry Standard includes ________ categories of security requirements.

12

How many representatives are in the U.S. House of Representatives? A. 100 B. 1,000 C.435 D. 400 E. 50

435

The OECD privacy protection guidelines contain ________ privacy principles.

8

The U.S. Supreme Court has ________ justices.

9

There are ________ federal district courts.

94

What is a customer? A. A consumer with a past relationship with a financial institution B. A consumer with no relationship with a financial institution C. A consumer with a continuing relationship with a financial institution D. A consumer who wants to enter into a relationship with a financial institution E. None of the above

A consumer with a continuing relationship with a financial institution

To monitor telephone conversations, an employer must use equipment provided by a phone system service provider and have ________.

A legitimate business reason

What is a mantrap? A. A method to control access to a secure area B. A removable cover that allows access to underground utilities C. A logical access control mechanism D. An administrative safeguard E. None of the above

A method to control access to a secure area

What is a Web beacon? A. Text stored on a computer user's hard drive B. A small, invisible electronic file C. A pop-up advertisement D. Executable code E. A data trail left by a computer user

A small, invisible electronic file

Which of the following is an accidental threat? A. A backdoor into a computer system B. A hacker C. A well-meaning employee who inadvertently deletes a file D. An improperly redacted document E. A poorly written policy

A well-meaning employee who inadvertently deletes a file

A written information security program under the Safeguards Rule must include ________. A. Technical safeguards B. Physical safeguards C. Administrative safeguards D. A designated employee to run the program E. All of the above

All of the above

What are consumer goods? A. Items purchased for personal use B. Items purchased for family use C. Items purchased for household use D. All of the above E. None of the above

All of the above

Which of the following are vulnerability classifications? A. People B. Process C. Technology D. Facility E. All of the above

All the above

What is a Red Flag? A. A crime B. An activity that prevents identity theft C. An activity that might indicate identity theft D. An activity that mitigates identity theft E. None of the above

An activity that might indicate identity theft

What is common law? A. A system of law inherited from England B. A system of law inherited from France C. A system of law that relies upon established legal principles and traditions D. Answers B and C E. Answers A and C

Answers A and C

The Data Quality Principle

Any data collected must be correct.

What article of the U.S. Constitution sets forth the powers of the president? A. Article V B. Article IV C. Article III D. Article II E. Article I

Article II

What information security goal does a DoS attack harm? A. Confidentiality B. Integrity C. Authentication D. Availability E. Privacy

Availability

What are the goals of an information security program? A. Authorization, integrity, and confidentiality B. Availability, authorization, and integrity C. Availability, integrity, and confidentiality D. Availability, integrity, and safeguards E. Access control, confidentiality, and safeguards

Availability, integrity, and confidentiality

What is procedural law? A. Branches of law that deal with property cases B. Branches of law that set forth the structure of the judiciary system C. Branches of law that deal with following precedent D. Branches of law that deal with processes that courts use to decide cases E. None of the above

Branches of law that deal with processes that courts use to decide cases

. What techniques are used to create a list of the Web pages that a computer user visits? A. Adware, malware, and phishing B. Malware, cookies, and Web beacons C. Web beacons, clickstreams, and spyware D. Malware, spyware, and cookies E. Clickstreams, cookies, and Web beacons

Clickstreams, cookies, and Web beacons

What are the classification levels for U.S. national security information? A. Public, Sensitive, Restricted B. Confidential, Secret, Top Secret C. Confidential, Restricted, Top Secret D. Public, Secret, Top Secret E. Public, Sensitive, Secret

Confidential, Secret, Top Secret

A federal agency is granted its authority by ________

Congress

The Use Limitation Principle

Data should be used only for the purposes stated when it was collected.

Which of the following is not a privacy tort? A. Intrusion into seclusion B. Portrayal in a false light C. Appropriation of likeness or identity D. Defamation E. Public disclosure of private facts

Defamation

. Which of the following is not a type of security safeguard? A. Corrective B. Preventive C. Detective D. Physical E. Defective

Defective

First-party cookies

Exchanged between a user's browser and the Web site the user is visiting.

The Payment Card Industry Standards are enforced by the Federal Trade Commission. A. True B. False

False

Compliance is ________, audit is ________. A. Following the rules, verifying that the rules were followed B. Verifying that the rules were followed, following the rules C. Making the rules, enforcing the rules D. Forcing the rules, making the rules E. None of the above

Following the rules, verifying that the rules were followed

Which amendment protects against unreasonable searches and seizures? A. First B. Third C. Fourth D. Fifth E. Seventh

Fourth

Which of the following is an example of a model for implementing safeguards? A. ISO/IEC 27002 B. NIST SP 80-553 C. NIST SP 800-3 D. ISO/IEC 20072 E. ISO/IEC 70022

ISO/IEC 27002

The Federal Trade Commission is which type of federal agency? A. Independent B. Subordinate C. Coordinate D. Executive E. Congressional

Independent

The Collection Limitation Principle

Individuals must know about and consent to the collection of their data.

15. What is used to ensure privacy? A. Biometric data B. Encryption C. Information security D. Monitoring E. Online profiling

Information security

Why is biometric data unique? A. It can be used to identify a person. B. It is data about a person's physical traits. C. It can be used to commit identity theft. D. It can't easily be changed. E. None of the above

It can't easily be changed.

Which safeguard is most likely violated if a system administrator logs into an administrator user account in order to surf the Internet and download music files? A. Need to know B. Access control C. Least privilege principle D. Using best available path E. Separation of duties

Least privilege principle

A technical safeguard is also known as a ________.

Logical control

The ________ established the national banking system in the United States.

National Bank Act of 1864

What customer option must be included in a privacy practices notice? A. Disclosure B. Opt-out C. Opt-in D. Notice E. None of the above

Opt-out

The Openness Principle

People can contact the entity collecting their data. People can discover where their personal data is collected and stored.

The Individual Participation Principle

People must know if data about them has been collected. People also must have access to their collected information.

which of the following is nonpublic personal information? A. Personally identifiable financial information provided by a customer to a financial institution B. Personally identifiable financial information provided by a financial institution to a customer C. Personally identifiable financial information provided by a financial institution to an affiliate D. Personally identifiable financial information provided by an affiliate to a financial institution E. Personally identifiable financial information provided by an affiliate to a customer

Personally identifiable financial information provided by a customer to a financial institution

Which of the following isn't a threat classification? A. Human B. Natural C. Process D. Technology and Operational E. Physical and Environmental

Process

An organization obtains an insurance policy against cybercrime. What type of risk response is this? A. Risk mitigation B. Residual risk C. Risk elimination D. Risk transfer E. Risk management

Risk transfer

An employee can add other employees to the payroll database. The same person also can change all employee salaries and print payroll checks for all employees. What safeguard should you implement to make sure that this employee doesn't engage in wrongdoing? A. Need to know B. Access control lists C. Technical safeguards D. Mandatory vacation E. Separation of duties

Separation of duties

Third-party cookies

Set by one Web site but readable by another site. Third-party cookies are set when the Web page a user visits has content on it that is hosted by another server.

Pretexting is also called ________.

Social engineering

The doctrine of precedent is also known as ________.

Stare decisis

What does a seal program verify? A. That an organization meets recognized privacy principles B. That an organization misfits recognized security principles C. That a third party is trusted D. That a Web site does not use cookies

That an organization meets recognized privacy principles

Which U.S. Constitution clause describes Congress' authority to regulate trade between states? A. The Supremacy Clause B. The Necessary and Proper Clause C. The Limitation of Powers Clause D. The Commerce Clause E. The Impeachment Clause

The Commerce Clause

What is the organization that promotes uniform reports among federal banking institutions? A. The Fed B. The FFIEC C. The FTC D. The NCUA E. The SEC

The FFIEC

Which of the following is not a federal bank regulatory agency? A. The FDIC B. The NCUA C. The FTC D. The OCC E. The Fed

The FTC

What is the central bank of the United States? A. The FDIC B. The Fed C. The NCUA D. The OCC E. The CFPB

The Fed or Federal Reserve System

Which federal agency regulates national banks? A. The Office of the Comptroller of the Currency B. The Federal Reserve System C. The Federal Deposit Insurance Corporation D. The Consumer Financial Protection Bureau E. The Federal Trade Commission

The Office of the Comptroller of the Currency

Which rule is not a GLBA consumer protection provision? A. The Safeguards Rule B. The Red Flags Rule C. The Privacy Rule D. The Pretexting Rule E. None of the above

The Red Flags Rule

What is the source of legal authority for the U.S. government? A. The United States Code B. The common law C. Supreme Court decisions D. The U.S. Constitution E. The Declaration of Independence

The U.S. Constitution

What is the U.S. federal court of last resort? A. The U.S. Supremacy Court B The U.S. District Court C. The Ninth Circuit Court of Appeals D. The Federal Court of Appeals E. The U.S. Supreme Court

The U.S. Supreme Court

The Security Safeguards Principle

The collected data must be protected from unauthorized access

The Accountability Principle

The entity collecting data must be held accountable for following the privacy principles

What is the window of vulnerability? A. The period between the discovery of a vulner-ability and mitigation of the vulnerability B. The period between the discovery of a vulner-ability and exploiting the vulnerability C. The period between exploiting a vulnerability and mitigating the vulnerability D. The period between exploiting a vulnerability and eliminating the vulnerability E. A broken window

The period between the discovery of a vulner-ability and mitigation of the vulnerability

What is judicial review? A. The power of courts to review the decisions of other courts B. The power of courts to review laws C. The power of the president to review the decisions of the courts D. The power of Congress to review the decisions of the courts E. A variety show featuring people in wigs and black robes

The power of courts to review laws

What is appellate jurisdiction? A. The power of some courts to review the decisions of others B. The power of courts to resolve disputes between individuals C. The process by which courts conduct civil trials D. The process by which courts conduct criminal trials E. The power of courts to declare a law unconstitutional

The power of some courts to review the decisions of others

The Purpose Specification Principle

The purpose for data collection should be stated to individuals before their data is collected.

Which principle means that an individual should be told the reason for data collection before the data is collected? A. The collection limitation principle B. The purpose specification principle C. The use limitation principle D. The openness principle E. The accountability principle

The purpose specification principle

Employer monitoring of employees in the workplace is generally allowed. A. True B. False

True

Privacy refers to a person's right to control personal data. A. True B. False

True

Which of the following is not a people-based privacy threat? A. Social engineering B. Web beacons C. Shoulder surfing D. Dumpster diving E. Social networks

Web beacons

It's hard to safeguard against which of the following types of vulnerabilities? A. Information leakage B. Flooding C. Buffer overflow D. Zero-day E. Hardware failure

Zero-day

Web beacon

a small, invisible electronic file that is placed on a Web page or in an e-mail message.

Radio Frequency Identification (RFID)

a technology that uses radio waves to transmit data to a receiver. RFID technology is wireless. f RFID technology is to allow "tagged" items to be identified and tracked.

clickstream

the data trail that an Internet user leaves while browsing.