Answer all for a thumbs up!

QUESTION 1 The Gramm-Leach-Bliley Act (GLBA) applies to the financial activities of both consumers and privately held companies. True False QUESTION 2 Sarbanes-Oxley Act (SOX) Section 404 compliance requirements are highly specific. True False QUESTION 3 Under the Federal Information Security Management Act (FISMA), all federal agencies must report security incidents to the U.S. Computer Emergency Readiness Team (US-CERT). True False QUESTION 4 The Federal Trade Commission (FTC) Safeguards Rule requires a financial institution to create a written information security program that must state how the institution collects and uses customer data. True False QUESTION 5 Protected health information (PHI) is any individually identifiable information about a person's health. True False QUESTION 6 Compliance not only includes the actual state of being compliant, but it also includes the steps and processes taken to become compliant. True False QUESTION 7 The Federal Financial Institutions Examination Council (FFIEC) developed the Cybersecurity Assessment Tool, which can be used as a self- assessment tool for identifying a bank or financial institution's cyber security maturity. True False QUESTION 8 Information systems security is about ensuring the confidentiality, integrity, and availability of IT infrastructures and the systems they comprise. O True False QUESTION 9 Under the Health Insurance Portability and Accountability Act (HIPAA), a security incident is any impermissible use or disclosure of unsecured PHI that harms its security or privacy. O True False QUESTION 10 The main goal of the Gramm-Leach-Bliley Act (GLBA) is to protect investors from financial fraud. True False QUESTION 11 What federal government agency is charged with the responsibility of creating information security standards and guidelines for use within the federal government and more broadly across industries? O National Security Administration (NSA) National Institute of Standards and Technology (NIST) Department of Defense (DoD) Federal Communications Commission (FCC) QUESTION 12 Taylor is preparing to submit her company's Payment Card Industry Data Security Standard (PCI DSS)self-assessment questionnaire. The company uses a payment application that is connected to the Internet but does not conduct e-commerce. What self-assessment questionnaire (SAQ) should she use? SAQ A SAQ B SAQ C SAQ D QUESTION 13 Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank X? Customer Covered entity Business associate Consumer QUESTION 14 What entity is responsible for overseeing compliance with Family Educational Rights and Privacy Act (FERPA)? Family Policy Compliance Office (FPCO) Department of Defense (DOD) Federal Communications Commission (FCC) Federal Trade Commission (FTC) QUESTION 15 What type of organizations are required to comply with the Sarbanes-Oxley (SOX) Act? O Non-profit organizations Publicly traded companies Government agencies Privately held companies QUESTION 16 Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank Y? Customer Covered entity Business associate O Consumer QUESTION 17 Under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, what type of safeguards must be implemented by all covered entities, regardless of the circumstances? O Addressable Standard Security O Required QUESTION 18 Tim is implementing a set of controls designed to ensure that financial reports, records, and data are accurately maintained. What information security goal is Tim attempting to achieve? Integrity Accountability Availability Confidentiality QUESTION 19 Alison retrieved data from a company database containing personal information on customers. When she looks at the SSN field, she sees values that look like this: "XXX-XX-9142." What has happened to these records? Encryption Truncation Hashing Masking QUESTION 20 Joe is the CEO of a company that handles medical billing for several regional hospital systems. How would Joe's company be classified under the Health Insurance Portability and Accountability Act (HIPAA)? Covered entity as a health plan Covered entity as a healthcare clearinghouse Covered entity as a provider Business associate of a covered entity