CDS Chapter 4 Quiz

Continuity of critical business functions and operations is the first priority in a well-balanced business continuity plan (BCP). True False

False

In a Bring Your Own Device (BYOD) policy, the user acceptance component may include separation of private data from business data. True False

True

Screen locks are a form of endpoint device security control. True False

True

The Gramm-Leach-Bliley Act (GLBA) addresses information security concerns in the financial industry. True False

True

The recovery point objective (RPO) is the maximum amount of data loss that is acceptable. True False

True

The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks. True False

True

What compliance regulation applies specifically to the educational records maintained by schools about students? a. Family Education Rights and Privacy Act (FERPA) b. Health Insurance Portability and Accountability Act (HIPAA) c. Federal Information Security Management Act (FISMA) d. Gramm-Leach-Bliley Act (GLBA)

a. Family Education Rights and Privacy Act (FERPA)

Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that will have the shortest switchover time even though it may be costly. What would be the best option in this situation? a. Hot site b. Warm site c. Cold site d. Primary site

a. Hot site

Which one of the following is an example of a reactive disaster recovery control? a. Moving to a warm site b. Disk mirroring c. Surge suppression d. Antivirus software

a. Moving to a warm site

Fernando is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use? a. Risk Management Guide for Information Technology Systems (NIST SP 800-30) b. CCTA Risk Analysis and Management Method (CRAMM) c. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) d. ISO/IEC 27005, "Information Security Risk Management"

a. Risk Management Guide for Information Technology Systems (NIST SP 800-30)

Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers? a. FFIEC b. FISMA c. HIPAA d. PCI DSS

c. HIPAA

Regarding data center alternatives for disaster recovery, a mobile site is the least expensive option but at the cost of the longest switchover time. True False

False

Removable storage is a software application that allows an organization to monitor and control business data on a personally owned device. True False

False

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals? a. Health Insurance Portability and Accountability Act (HIPAA) b. Payment Card Industry Data Security Standard (PCI DSS) c. Federal Information Security Management Act (FISMA) d. Federal Financial Institutions Examination Council (FFIEC)

b. Payment Card Industry Data Security Standard (PCI DSS)

Ernie is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register? a. Description of the risk b. Expected impact c. Risk survey results d. Mitigation steps

c. Risk survey results

What is NOT one of the three tenets of information security? a. Confidentiality b. Integrity c. Safety d. Availability

c. Safety

As a follow-up to her annual testing, Holly would like to conduct quarterly disaster recovery tests that introduce as much realism as possible but do not require the use of technology resources. What type of test should Holly conduct? a. Checklist test b. Parallel test c. Simulation test d. Structured walk-through

c. Simulation test

Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices? a. Support ownership b. Onboarding/offboarding c. Forensics d. Data ownership

d. Data ownership

Which one of the following is an example of a direct cost that might result from a business disruption? a. Damaged reputation b. Lost market share c. Lost customers d. Facility repair

d. Facility repair

What level of technology infrastructure should you expect to find in a cold site alternative data center facility? a. Hardware and data that mirror the primary site b. Hardware that mirrors the primary site, but no data c. Basic computer hardware d. No technology infrastructure

d. No technology infrastructure