Final (Chapters 13 - 15)
The regulating agency for the Family Educational Rights and Privacy Act is the ________. A. Department of Health and Human Services B. U.S. Department of Education C. Securities and Exchange Commission D. FTC
B. U.S. Department of Education
Information regulated under the Gramm-Leach-Bliley Act is ________. A. corporate financial information B. consumer financial information C. federal information systems D. protected health information
B. consumer financial information
CompTIA's Security+ certification provides ________. A. four main credentials, each addressing a different security professional role B. entry-level information security certification of choice for IT professionals C. several credentials that focus on both general and Web-related security D. more than 20 individual credentials that span several information security job disciplines
B. entry-level information security certification of choice for IT professionals
What term is used to describe any personally identifiable financial information that a consumer provides to a financial institution? A. covered entity B. nonpublic personal information (NPI) C. personally identifiable information (PII) D. directory information
B. nonpublic personal information (NPI)
"There are so many demands on your time, it is often difficult to justify setting aside time to study. Also, you may find that self-study takes more time than you planned." This is a disadvantage to choosing the self-study option that can be labeled ________. A. resource selection B. procrastination C. lack of interaction D. quality issues
B. procrastination
The four main areas in NIST SP 800-50 are awareness, training, education, and __________________. A. academic excellence B. professional development C. certification D. responsibility
B. professional development
FISMA requires each federal agency to create an agency-wide information security program that includes a plan to fix weaknesses in the program. This is referred to as ________. A. testing and evaluation B. remedial action C. incident response D. subordinate plans
B. remedial action
A master's degree program goes beyond the level of a bachelor's degree program and generally consists of ___________ year(s) of study beyond a bachelor's degree. A. one B. two C. three D. four
B. two
One type of degree that many institutions offer is the associate's degree. This degree is the most accessible because it generally represents a _________ program. A. one-year B. two-year C. three-year D. four-year
B. two-year
Which is the highest level of Check Point certification for network security? A. CCMA B. CCSPA C. CCSA D. CCSE
A. CCMA
The ____________ concentration from (ISC)2 is the road map for incorporating security into projects, applications, business processes, and all information systems. A. CISSP-ISSEP® B. CISSP-ISSAP® C. CISSP-ISSMP® D. CSSLP®
A. CISSP-ISSEP®
(ISC)2 offers the ________________ credential, which is one of the few credentials that address developing secure software. It evaluates professionals for the knowledge and skills necessary to develop and deploy secure applications. A. Certified Secure Software Lifecycle Professional B. Certified Information Systems Security Professional C. Certified Authorization Professional D. Systems Security Certified Practitioner
A. Certified Secure Software Lifecycle Professional
The regulating agency for the Gramm-Leach-Bliley Act is the ________. A. FTC B. U.S. Department of Education C. Office of Management and Budget D. Securities and Exchange Commission
A. FTC
The ________________ ,enacted as part of the American Recovery and Reinvestment Act of 2009, was designed to promote the widespread adoption and standardization of health information technology. A. HITECH Act B. Federal Information Systems Management Act C. Sarbanes-Oxley Act D. Office for Civil Rights
A. HITECH Act
What name is given to educational institutions that meet specific federal information assurance educational guidelines? A. National Centers of Academic Excellence in Information Assurance Education (CAE/IAE) B. accredited institutions C. continuing education centers D. National Centers of Academic Excellence in Research (CAE/R)
A. National Centers of Academic Excellence in Information Assurance Education (CAE/IAE)
A certificate of completion is a document that is given to a student upon completion of the program and is signed by the instructor. A. True B. False
A. True
An information security safeguard is also called an information security control. A. True B. False
A. True
Certifications that require additional education generally specify the number of credits each certificate requires. A. True B. False
A. True
Employers do use certifications to help assess prospects, but the best assessment is the prospect's actual performance. A. True B. False
A. True
FISMA requires federal agencies to secure national security systems (NSSs) using a risk-based approach. A. True B. False
A. True
Information systems security is about ensuring the confidentiality, integrity, and availability of IT infrastructures and the systems they comprise. A. True B. False
A. True
Most certifications require certification holders to pursue additional education each year to keep their certifications current. A. True B. False
A. True
One of the most important parts of a FISMA information security program is that agencies test and evaluate it. A. True B. False
A. True
Privacy is a person's right to control the use and disclosure of his or her own personal information. A. True B. False
A. True
The Infotec Security Certified Program (SCP) certification programs apply mainly to network security topics and are most appropriate for professionals involved in securing network components within the IT infrastructure. A. True B. False
A. True
The main purpose of security training courses is to rapidly train students in one or more skills, or to cover essential knowledge in one or more specific areas. A. True B. False
A. True
The purpose of DoD Directive 8570.01 is to reduce the possibility that unqualified personnel can gain access to secure information. A. True B. False
A. True
Today, one of the most common methods for identifying what skills a security professional possesses is his or her level of certification. A. True B. False
A. True
Under FISMA, all federal agencies must report security incidents to the U.S. Computer Emergency Readiness Team. A. True B. False
A. True
Whereas MS programs prepare students to perform information security work, MBA programs prepare students to manage and maintain the people and environment of information security. A. True B. False
A. True
The purpose of ________ is to provide formal training courses that lead to a certificate or professional certification and not a degree. A. continuing education B. academic excellence C. National Centers of Academic Excellence D. standards
A. continuing education
Health plans, health care clearinghouses, and any health care provider that transmits PHI in an electronic form are known as ________ under HIPAA. A. covered entities B. business associates C. protected health information D. exceptions to the Privacy Rule
A. covered entities
Tier C violations under the HITECH Act are ________. A. violations due to willful neglect that the organization ultimately corrected B. violations of willful neglect that the organization did not correct C. violations due to reasonable cause, but not "willful neglect" D. violations in which the offender didn't realize he or she violated the act and would have handled the matter differently if he or she had
A. violations due to willful neglect that the organization ultimately corrected
________ refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards. A. Continuing education B. Accredited C. Continuing professional education (CPE) D. Certificate of completion
B. Accredited
What name is given to a document that verifies that a student has completed courses and earned a sufficient score on an assessment? A. National Centers of Academic Excellence in Information Assurance Education (CAE/IAE) B. Certificate of completion C. Accredited D. Continuing education diploma
B. Certificate of completion
A breach is a violation of computer security policies or practices. A. True B. False
B. False
A professional certification states that you have taken the course and completed the tasks and assignments. A. True B. False
B. False
DoD Directive 8570.01 is a voluntary certification requirement and has increased the number of personnel who pursue certifications. A. True B. False
B. False
FISMA applies to all privately held companies and their IT systems. A. True B. False
B. False
Federal agencies fall under the legislative branch of the U.S. government. A. True B. False
B. False
In general, security training programs are identical to security education programs with respect to their focus on skills and in their duration. A. True B. False
B. False
The United States has one comprehensive data protection law known as the Personal Information Protection and Electronic Documents Act. A. True B. False
B. False
The most difficult and slowest option for IT security training is studying materials yourself. A. True B. False
B. False
The purpose of continuing education is to provide informal training courses for interested students. A. True B. False
B. False
The standard bachelor's designation is a four-year diploma program. A. True B. False
B. False
Which is Cisco's highest level of certification? A. Master B. Expert C. Architect D. Professional
C. Architect
The ____________ concentration from (ISC)2 contains deeper managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a business continuity planning program. A. CISSP-ISSEP® B. CISSP-ISSAP® C. CISSP-ISSMP® D. CSSLP®
C. CISSP-ISSMP®
The best fits for (ISC)2's _____________ are personnel responsible for developing and implementing processes used to assess risk and for establishing security requirements. A. Certified Secure Software Lifecycle Professional B. Certified Information Systems Security Professional C. Certified Authorization Professional D. Systems Security Certified Practitioner
C. Certified Authorization Professional
The four main credentials of the ________ are Systems Security Certified Practitioner (SSCP®), Certified Information Systems Security Professional (CISSP®), Certified Authorization Professional (CAP®), and Certified Secure Software Lifecycle Professional (CSSLP®). A. GIAC/SANS Institute B. Infotec Security Certified Program C. International Information Systems Security Certification Consortium, Inc. (ISC)2 D. Information Systems Audit and Control Association
C. International Information Systems Security Certification Consortium, Inc. (ISC)2
Obtaining the coveted CAE/IAE or CAE/R designation means the curriculum and research institutions meet or exceed the standards defined by the _______. A. OPM B. NIST C. NSA D. Computer Security Act of 1987
C. NSA
The regulating agency for the Federal Information Systems Management Act is the ________. A. FTC B. U.S. Department of Education C. Office of Management and Budget D. Securities and Exchange Commission
C. Office of Management and Budget
____________ is a person's right to control the use and disclosure of his or her own personal information. A. Security B. Disclosure C. Privacy D. Integrity
C. Privacy
Under HIPAA, an organization that performs a health care activity on behalf of a covered entity is known as a(n) ________. A. privately held company B. covered entity C. business associate D. agency
C. business associate
What name is given to patient health information that is computer based? A. personally identifiable information (PII) B. privately held information C. electronic protected health information (EPHI) D. directory information
C. electronic protected health information (EPHI)
The standard bachelor's degree is a __________ program. A. two-year B. three-year C. four-year D. six-year
C. four-year
The ________ is a regulation that covered entities may disclose only the amount of protected health information absolutely necessary to carry out a particular function. A. nonpublic personal information (NPI) B. directory information C. minimum necessary rule D. electronic protected health information (EPHI)
C. minimum necessary rule
FISMA requires each federal agency to create an agency-wide information security program that includes training employees, contractors, and any other users of their IT systems. This is referred to as ________. A. testing and evaluation B. remedial action C. security awareness training D. subordinate plans
C. security awareness training
Which of the following is the definition of continuing professional education (CPE)? A. A document that verifies that a student has completed courses and earned a sufficient score on an assessment. B. Educational institutions that meet specific federal information assurance educational guidelines. C. Refers to an educational institution that has successfully undergone evaluation by an external body to determine whether the institution meets applicable standards. D. A standard unit of credit that equals 50 minutes of instruction.
D. A standard unit of credit that equals 50 minutes of instruction.
________ is information that is publicly available about all students at a school. A. Minimum necessary rule B. Nonpublic personal information (NPI) C. Personally identifiable information (PII) D. Directory information
D. Directory information
The regulating agency for the Children's Internet Protection Act is the ________. A. Department of Health and Human Services B. U.S. Department of Education C. Securities and Exchange Commission D. FCC
D. FCC
Which regulating agency has oversight for the Children's Internet Protection Act? A. Department of Health and Human Services B. U.S. Department of Education C. Office for Civil Rights D. FCC
D. FCC
____________ creates standards that federal agencies use to classify their data and IT systems. A. FERPA B. FISMA C. GLBA D. NIST
D. NIST
The ____________________ is responsible for FISMA compliance. A. FTC B. Securities and Exchange Commission C. Department of Health and Human Services D. Office of Management and Budget (OMB)
D. Office of Management and Budget (OMB)
The regulating agency for the Sarbanes-Oxley Act is the ________. A. FTC B. U.S. Department of Education C. Office of Management and Budget D. Securities and Exchange Commission
D. Securities and Exchange Commission
(ISC)2 offers the ________ credential, which is ideal for those who are working toward or already hold positions as senior network security engineers, senior security systems analysts, or senior security administrators. It covers the seven domains of best practices for information security. A. Certified Information Systems Security Professional B. Certified Secure Software Lifecycle Professional C. Certified Authorization Professional D. Systems Security Certified Practitioner
D. Systems Security Certified Practitioner
In the legal system, ________ is the act of following laws, rules, and regulations that apply to organizations. A. disclosure B. responsibility C. control D. compliance
D. compliance
An educational program that is generally associated with a college or university that provides formal courses that do not lead to degrees is the definition of ________. A. continuing professional education (CPE) B. accreditation C. certificate of completion D. continuing education
D. continuing education
Information regulated under the Sarbanes-Oxley Act is ________. A. protected health information B. federal information systems C. consumer financial information D. corporate financial information
D. corporate financial information
With university doctoral programs, completing the degree requirements takes ________. A. two years B. three years C. five years D. no standard time frame
D. no standard time frame