SEC 440 FINAL

jonho2012
sec440final.docx

Flag this Question

Question 1

5 pts

(TCO 1) HIPAA security regulations primarily apply to

transportation organizations.

financial organizations.

education organizations.

healthcare organizations.

Flag this Question

Question 2

5 pts

(TCO 2) Objectives, purpose, policy, exceptions, and disciplinary actions are the

summary of a policy.

goal of a policy.

outline of a policy.

rules of a policy.

Flag this Question

Question 3

5 pts

(TCO 3) Which is defined as the structure for determining the clearance level of an individual, which must match the classification of data, in order to be granted access?

For Your Eyes Only

Top Secret

Secret

Mandatory Access Control

Flag this Question

Question 4

5 pts

(TCO 4) Which of the following is NOT a type of background check?

Criminal history

License verification

Family history

Civil records

Flag this Question

Question 5

5 pts

(TCO 5) Which of the following is NOT a component of a good security incident reporting program?

Training users to recognize suspicious incidents

Updating antivirus software signature files

Establishing your incident response team

Establishing a system for reporting incidents

Flag this Question

Question 6

5 pts

(TCO 4) Which of the following is NOT a type of employment agreement?

Monitoring and auditing agreement

Employee information security agreement

Affirmation agreement

Acceptable use agreement

Flag this Question

Question 7

5 pts

(TCO 6) When it comes to disposal of difficult drives that contain company information

it’s okay to just dump them in the trash.

all you need to do is reformat the drive.

zeroization is the recommended practice.

all that is needed to do is format the master boot record.

Flag this Question

Question 8

5 pts

(TCO 7) This access control method is characterized by the information owner being responsible for assigning privileges to appropriate users.

MAC

RBAC

DAC

PAC

Flag this Question

Question 9

5 pts

(TCO 8) If employees using a company-provided application system find what they think is a loophole that allows access to confidential data, they should

alert their manager and the ISO immediately.

verify and test the alleged loophole before alerting anyone.

not say anything, unless they are a member of the Incident Response team.

alert their manager whenever they happen to have a chance to do so.

Flag this Question

Question 10

5 pts

(TCO 9) A threat assessment is a(n)

identification of types of threats an organization might be exposed to.

systematic rating of threats based upon level of risk and probability.

potential level of impact.

likelihood of a threat materializing.

Flag this Question

Question 11

5 pts

(TCO 10) Which organization, according to the provisions of HIPAA, is mandated to develop and publish rules to implement the HIPAA administrative simplification requirements?

The FDIC

The Department of Health and Human Services

The Office of the Attorney General

The OCS

Flag this Question

Question 12

5 pts

(TCO 10) Which is the first requirement set forth by the security management process part of HIPAA’s administrative safeguards?

A penetration test

A vulnerability assessment

A risk assessment

A disaster recovery assessment

Flag this Question

Question 13

5 pts

(TCO 11) Which of the following concerns federal agencies?

FISMA

FERPA

SOX

GLBA

Flag this Question

Question 14

5 pts

(TCO 11) Students have a right to file complaints against a school for disclosing educational records in violation of which federal law?

HIPAA

FERPA

FISMA

SOX

Flag this Question

Question 15

5 pts

(TCO 12) Which of the following is true about small businesses?

Small businesses can fall under a federal mandate that governs how they handle protected information.

Small businesses are too small to fall under any federal mandates.

All small businesses are regulated by the Small Business Security Act when it comes to safeguarding protected information.

All of the above

Flag this Question

Question 16

5 pts

(TCO 12) Incident reporting is the responsibility of

any employee who discovers an incident.

the CEO.

the ISO.

departmental managers.

Flag this Question

Question 17

5 pts

(TCO 1) Keeping the policy documents separate from the procedures, standards, and guidelines is

combining policies and procedures.

the preferred approach to organizing information security policies, procedures, standards and guidelines.

not the preferred approach to organizing information security policies, procedures, standards, and guidelines.

combining standards and guidelines.

Flag this Question

Question 18

5 pts

(TCO 2) A guideline can best be defined as a

requirement.

suggestion.

series of directions.

law.

Flag this Question

Question 19

5 pts

(TCO 3) This classification level is used by business organizations for data that are used internally by an organization for the purpose of conducting company business.

Sensitive

Top Secret

Secret

Restricted

Flag this Question

Question 20

5 pts

(TCO 4) There is a growing trend of replacing traditional acceptable use agreements with

employee information security affirmation agreements.

employee internet security affirmation agreements.

security policies.

employee manuals.

Flag this Question

Question 21

40 pts

(TCO 1) Explain the steps to achieving acceptance of an information security policy within an organization

HTML Editor

Keyboard Shortcuts

12pt

Paragraph

0 words

Flag this Question

Question 22

40 pts

(TCO 7) Define and provide examples for each of the following terms: (1) deny all security posture, (2) need to know security posture, and (3) least privilege security posture.

HTML Editor

Keyboard Shortcuts

12pt

Paragraph

0 words

Flag this Question

Question 23

40 pts

(TCO 9) Evaluate the relationship between GLBA and ISO 17799.

HTML Editor

Keyboard Shortcuts

12pt

Paragraph

0 words

Flag this Question

Question 24

40 pts

(TCO 11) How do COSO and CobiT® vary from ISO 17799?

HTML Editor

Keyboard Shortcuts

12pt

Paragraph

p

0 words