Information Security Chapter 4

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What compliance regulation applies specifically to the educational records maintained by schools about students? a. FERPA b. HIPAA c. FISMA d. GLBA

a. FERPA

Which one of the following is an example of a reactive disaster recovery control? a. moving to a warmer site b. disk mirroring c. surge suppression d. antivirus software

a. moving to a warmer site

Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining? a. recovery time objective (RTO) b. recovery point objective (RPO) c. business recovery requirements d. technical recovery requirements

a. recovery time objective (RTO)

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals? a. HIPPA b. PCI DSS c. FISMA d. FFIEC

PCI DSS

The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation? a. 11 b. 13 c. 15 d. 18

b. 13

What is NOT a commonly used endpoint security technique? a. full network encryption b. network firewall c. remote wiping d. application control

b. netwrok firewall

Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers? a. FFIEC b. FISMA c. HIPAA d. PIC DSS

c. HIPAA

Which one of the following is the best example of an authorization control? a. biometric device b. digital certificate c. access control list d. one time password

c. access control list

Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort? a. disaster recovery plan (DRP) b. business impact analysis (BIA) c. business continuity plan (BCP) d. service level agreement (SLA)

c. business continuity plan (BCP)

Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register? a. Description of the risk b. expected risk c. risk survey results d. mitigation steps

c. risk survey results

As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct? a. checklist test b. parallel test c. simulation test d. structured walk through

c. simulation test

What is the first step in a disaster recovery effort? a. respond to the disaster b. follow the disaster recovery plan (DRP) c. communicate with all affected parties d. ensure that everyone is safe

d. ensue that everyone is safe

Which one of the following is an example of a direct cost that might result from a business disruption? a. damaged reputation b. lost market share c. lost customers d. facility repair

d. facility repair

What level of technology infrastructure should you expect to find in a cold site alternative data center facility? a. hardware and data that mirror the primary site b. hardware that mirrors the primary site, but no data c. basis computer hardware d. no technology infrastructure

d. no technology infrastructure


Ensembles d'études connexes

Module 11: Building Solutions: Database, System, and Application Development Tools

View Set

Chapter 15: Oligopoly and Antitrust Policy

View Set

chap 39: oxygenation/respiratory

View Set

Patient Care - Patient interactions, patient and medical record management

View Set

ARTH- 452E The Skyscraper Exam #2

View Set

JUST 4640: CH 9 - Identification Procedures (Assessment)

View Set