ECE Fund of Cybersecurity and Info Security: Ch 12 and 15

Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) model. What other two layers of the model will her component need to interact with? Network and Session Application and Transport Session and Transport Application and Session

Application and Session

Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank X? Customer Covered entity Consumer Business associate

Consumer

What type of organizations are required to comply with the Sarbanes-Oxley (SOX) Act? Government agencies Privately held companies Publicly traded companies Non-profit organizations

Publicly traded companies

The Baldrige National Quality Program is part of the National Institute of Standards and Technology (NIST). True or False

True

The Federal Trade Commission (FTC) Safeguards Rule requires a financial institution to create a written information security program that must state how the institution collects and uses customer data. True or False

True

All request for comments (RFC) originate from the Internet Engineering Task Force (IETF). True or False

False

Federal agencies fall under the legislative branch of the U.S. government. True or False

False

Special Publications (SPs) are standards created by the National Institute of Standards and Technology (NIST). True or False

False

The Family Educational Rights and Privacy Act (FERPA) requires that specific information security controls be implemented to protect student records. True or False

False

Erin is a system administrator for a federal government agency. What law contains guidance on how she may operate a federal information system? Federal Information Security Management Act (FISMA) Gramm-Leach-Bliley Act (GLBA) Family Educational Rights and Privacy Act (FERPA) Sarbanes-Oxley (SOX) Act

Federal Information Security Management Act (FISMA)

Which unit of measure represents frequency and is expressed as the number of cycles per second? Gauss Weber Hertz Joule

Hertz

Which organization promotes technology issues as an agency of the United Nations? American National Standards Institute (ANSI) International Telecommunication Union (ITU) Internet Assigned Numbers Authority (IANA) Institute of Electrical and Electronics Engineers (IEEE)

International Telecommunication Union (ITU)

Alison retrieved data from a company database containing personal information on customers. When she looks at the SSN field, she sees values that look like this: "XXX-XX-9142." What has happened to these records? Truncation Encryption Hashing Masking

Masking

What federal agency is charged with the mission of promoting "U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life?" National Institute of Standards and Technology (NIST) Federal Communications Commission (FCC) Federal Trade Commission (FTC) National Aeronautics and Space Administration (NASA)

National Institute of Standards and Technology (NIST)

Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, what type of safeguards must be implemented by all covered entities, regardless of the circumstances? Standard Addressable Required Security

Required

What is NOT an area where the Internet Architecture Board (IAB) provides oversight on behalf of the Internet Engineering Task Force (IETF)? Architecture for Internet protocols and procedures Confirmation of IETF chairs Subject matter expertise on routing and switching Editorial and publication procedures for requests for comments (RFCs)

Subject matter expertise on routing and switching

The International Electrotechnical Commission (IEC) is the predominant organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes. True or False

True

The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues. True or False

False

Which document is the initial stage of a standard under the Internet Engineering Task Force (IETF) process? Draft Standard (DS) Best Current Practice (BCP) Proposed Standard (PS) Standard (STD)

Proposed Standard (PS)

Taylor is preparing to submit her company's Payment Card Industry Data Security Standard (PCI DSS) self-assessment questionnaire. The company uses a payment application that is connected to the Internet but does not conduct e-commerce. What self-assessment questionnaire (SAQ) should she use? SAQ D SAQ C SAQ A SAQ B

SAQ C