Test #4
What do the letters of the C-I-A triad stand for?
confidentiality, integrity, availability
Information regulated under the Sarbanes-Oxley Act is ________.
corporate financial information
Under the Health Insurance Portability and Accountability Act (HIPAA), an organization that performs a health care activity on behalf of a covered entity is known as a(n) ________.
health care clearinghouse
The Federal Information Security Management Act (FISMA) requires each federal agency to create an agency-wide information security program that includes training employees, contractors, and any other users of their IT systems. This is referred to as ________.
security awareness training
Which is Cisco's highest level of certification?
Architect
The (ISC)2 _____________ certification focuses on developing and implementing processes used to assess risk and for establishing security requirements.
Certified Authorization Professional (CAP)
________ is information that is publicly available about all students at a school.
Directory information
Students who have had their Family Educational Rights and Privacy Act (FERPA) rights violated are allowed to sue a school for that violation.
False
The Children's Internet Protection Act (CIPA) defines a minor as anyone under the age of 13.
False
The hertz is a measure of magnetic flux.
False
The main goal of the Gramm-Leach-Bliley Act (GLBA) is to protect investors from financial fraud.
False
________ is an international security standard that documents a comprehensive set of controls that represent information systems best practices.
ISO 17799
The ________ is the committee of the ITU responsible for ensuring the efficient and effective production of standards covering all fields of telecommunications for all nations.
ITU Telecommunication Sector (ITU-T)
The ________ is the main United Nations agency responsible for managing and promoting information and technology issues.
International Telecommunication Union (ITU)
The purpose of the ________ is to "make the Internet work better." It focuses on the engineering aspects of Internet communication and attempts to avoid policy and business questions. It is an open organization, and it has no membership requirements.
Internet Engineering Task Force (IETF)
Generically, this is data that can be used to individually identify a person, including Social Security number, driver's license number, financial account data, and health data.
Personally identifiable information (PII)
____________ is a person's right to control the use and disclosure of his or her own personal information.
Privacy
A certification is an official statement that validates the fact that a person has satisfied specific requirements.
True
International Electrotechnical Commission (IEC) standards address emerging power needs and how they affect other functional areas.
True
The Gramm-Leach-Bliley Act (GLBA) applies to the financial activities of both consumers and privately held companies.
True
The IEEE 802 LAN/MAN standards family relate to information security.
True
The ITU Telecommunication Sector (ITU-T) developed and published the X.25, X.75, and X.509 communication recommendations.
True
The SANS Institute provides training that prepares students for Global Information Assurance Certification (GIAC) certifications.
True
Under the Children's Internet Protection Act (CIPA), a library or school must be able to disable the technology protection measure (TPM) for any adult.
True
Cascading Style Sheets (CSS), Common Gateway Interface (CGI), and Hypertext Markup Language (HTML) are standards developed or endorsed by the ____________.
World Wide Web Consortium (W3C)
The stated purpose of the ___________ is to develop protocols and guidelines that unify the World Wide Web and ensure its long-term growth.
World Wide Web Consortium (W3C)
The regulating agency for the Sarbanes-Oxley Act is the ________.
Securities and Exchange Commission
________ is a document produced by the Internet Engineering Task Force (IETF) that contains standards as well as other specifications or descriptive contents.
A Request for Comments (RFC)
Which is the highest level of Check Point certification for network security?
CCMA
The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues.
False
The International Electrotechnical Commission (IEC) develops and publishes international standards for technologies related to electrical and electronic devices and processes.
True
The International Electrotechnical Commission (IEC) is an international nonprofit organization that focuses on developing and distributing standards that relate to electricity and electronics.
True
The purpose of DoD Directive 8570.01 is to reduce the possibility that unqualified personnel can gain access to secure information.
True
The Federal Information Security Management Act (FISMA) requires each federal agency to create an agency-wide information security program that includes a plan to fix weaknesses in the program. This is referred to as ________.
remedial actions
What is the National Institute of Standards and Technology (NIST)?
A federal agency within the U.S. Department of Commerce whose mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life"
The ________ is a U.S. standards organization whose goal is to empower its members and constituents to strengthen the U.S. marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.
American National Standards Institute (ANSI)
The ____________ concentration from (ISC)2 contains managerial elements such as project management, risk management, setting up and delivering a security awareness program, and managing a business continuity planning program.
CISSP-ISSMP
The regulating agency for the Children's Internet Protection Act is the ________
Department of Health and Human Services
The International Telecommunication Union (ITU) is the predominant organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes.
False
The United States has one comprehensive data protection law known as the Personal Information Protection and Electronic Documents Act.
False