ECE Fund of Cybersecurity and Info Security: Ch 12 and 15
Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) model. What other two layers of the model will her component need to interact with? Network and Session Application and Transport Session and Transport Application and Session
Application and Session
Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank X? Customer Covered entity Consumer Business associate
Consumer
What type of organizations are required to comply with the Sarbanes-Oxley (SOX) Act? Government agencies Privately held companies Publicly traded companies Non-profit organizations
Publicly traded companies
The Baldrige National Quality Program is part of the National Institute of Standards and Technology (NIST). True or False
True
The Federal Trade Commission (FTC) Safeguards Rule requires a financial institution to create a written information security program that must state how the institution collects and uses customer data. True or False
True
All request for comments (RFC) originate from the Internet Engineering Task Force (IETF). True or False
False
Federal agencies fall under the legislative branch of the U.S. government. True or False
False
Special Publications (SPs) are standards created by the National Institute of Standards and Technology (NIST). True or False
False
The Family Educational Rights and Privacy Act (FERPA) requires that specific information security controls be implemented to protect student records. True or False
False
Erin is a system administrator for a federal government agency. What law contains guidance on how she may operate a federal information system? Federal Information Security Management Act (FISMA) Gramm-Leach-Bliley Act (GLBA) Family Educational Rights and Privacy Act (FERPA) Sarbanes-Oxley (SOX) Act
Federal Information Security Management Act (FISMA)
Which unit of measure represents frequency and is expressed as the number of cycles per second? Gauss Weber Hertz Joule
Hertz
Which organization promotes technology issues as an agency of the United Nations? American National Standards Institute (ANSI) International Telecommunication Union (ITU) Internet Assigned Numbers Authority (IANA) Institute of Electrical and Electronics Engineers (IEEE)
International Telecommunication Union (ITU)
Alison retrieved data from a company database containing personal information on customers. When she looks at the SSN field, she sees values that look like this: "XXX-XX-9142." What has happened to these records? Truncation Encryption Hashing Masking
Masking
What federal agency is charged with the mission of promoting "U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life?" National Institute of Standards and Technology (NIST) Federal Communications Commission (FCC) Federal Trade Commission (FTC) National Aeronautics and Space Administration (NASA)
National Institute of Standards and Technology (NIST)
Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, what type of safeguards must be implemented by all covered entities, regardless of the circumstances? Standard Addressable Required Security
Required
What is NOT an area where the Internet Architecture Board (IAB) provides oversight on behalf of the Internet Engineering Task Force (IETF)? Architecture for Internet protocols and procedures Confirmation of IETF chairs Subject matter expertise on routing and switching Editorial and publication procedures for requests for comments (RFCs)
Subject matter expertise on routing and switching
The International Electrotechnical Commission (IEC) is the predominant organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes. True or False
True
The National Institute of Standards and Technology (NIST) is the main United Nations agency responsible for managing and promoting information and technology issues. True or False
False
Which document is the initial stage of a standard under the Internet Engineering Task Force (IETF) process? Draft Standard (DS) Best Current Practice (BCP) Proposed Standard (PS) Standard (STD)
Proposed Standard (PS)
Taylor is preparing to submit her company's Payment Card Industry Data Security Standard (PCI DSS) self-assessment questionnaire. The company uses a payment application that is connected to the Internet but does not conduct e-commerce. What self-assessment questionnaire (SAQ) should she use? SAQ D SAQ C SAQ A SAQ B
SAQ C