Question
QUESTION 1 This regulation applies to how institutions handle the privacy of your student records at the University. a. FERPA b. HIPAA c. GLBA d.
QUESTION 1
This regulation applies to how institutions handle the privacy of your student records at the University.
|
| a. | FERPA |
|
| b. | HIPAA |
|
| c. | GLBA |
|
| d. | CIPA |
1 point
QUESTION 2
This Act applies to security and privacy expectations of healthcare organizations.
|
| a. | FISMA |
|
| b. | FERPA |
|
| c. | GLBA |
|
| d. | HIPAA |
1 points
QUESTION 3
Which of the following is not a source that would be used to assess an organziations vulnerabilities?
|
| a. | Prior events |
|
| b. | Acutuary tables |
|
| c. | System Logs |
|
| d. | Audits |
1 points
QUESTION 4
Which of the following is not considered a method by which we would harden a server againsts attacks?
|
| a. | Change default passwords |
|
| b. | Reverse engineer a patch to look for vulnerabilities |
|
| c. | Enable a firewall |
|
| d. | Remove unused services |
1 points
QUESTION 5
Historically, a web server attached to the public Internet has a probability of being successfully attacked .90 in each year. To which of the following quantitative elements would this most likely relate?
|
| a. | ARO |
|
| b. | SLE |
|
| c. | EF |
|
| d. | ALE |
1 points
QUESTION 6
This Act applies to financial oganizations
|
| a. | FISMA |
|
| b. | Sabanes-Oxley (SOX) |
|
| c. | GLBA |
|
| d. | FERPA |
1 points
QUESTION 7
A method that shows a list of project tasks that must be completed on time so that the project is not delayed.
|
| a. | Gannt Chart |
|
| b. | Milestone Plan Chart |
|
| c. | Risk Management Plan |
|
| d. | Critical Path Chart |
1 points
QUESTION 8
The area inside the firewall is considered to be the
|
| a. | User Domain |
|
| b. | Workstation Domain |
|
| c. | LAN Domain |
|
| d. | Secured Domain |
1 points
QUESTION 9
Discuss the difference between a qualitative risk assessment and a quantitative risk assessment. When would you recommend using a quantitative risk assessment over a qualitative risk assessment?
QUESTION 10
A document used to track the progress of remediating identified risk.
|
| a. | Risk Assessment |
|
| b. | POA&M |
|
| c. | Risk Profile |
|
| d. | Vulnerability Assessment |
|
|
|
|
1 points
QUESTION 11
If a hacker hacks in to a hospital and changes a patients blood type on his patient healthcare record, which of the following security services was the one that was principally violated?
|
| a. | Integrity |
|
| b. | Authentication |
|
| c. | Availability |
|
| d. | Confidentiality |
1 points
QUESTION 12
What are valid contents of a risk management plan?
|
| a. | Scope |
|
| b. | POA&M |
|
| c. | Objectives |
|
| d. | Recommendations |
|
| e. | All of the above |
1 points
QUESTION 13
Which of the following is not a U.S. Government risk management initiative or program?
|
| a. | ITIL |
|
| b. | DHS NCCIC |
|
| c. | MITREs CVE List |
|
| d. | US-CERT |
1 points
QUESTION 14
The possibility that a negative event will occur is known as a/an:
|
| a. | exploit |
|
| b. | risk |
|
| c. | threat |
|
| d. | vulnerablity |
1 points
QUESTION 15
A weak password, or a firewall that has been improperly configured, is considered a/an:
|
| a. | threat |
|
| b. | vulnerability |
|
| c. | exploit |
|
| d. | risk |
1 points
QUESTION 16
You are a very small company that sells healthcare insurance plans. You estimate that the breach of your customer database will cost you $200,000, and that this might happen once in 5 years. A vendor wants to sell you a Data Loss Prevention (DLP) solution that would cost $50,000 per year. Which of the following is the best course of action?
|
| a. | Spend whatever it takes to ensure that this data is safe. |
|
| b. | Accept the risk, |
|
| c. | Spend the $50,000 to mitigate the risk |
|
| d. | Spend $25,000 on cyber insurance to transfer the risk |
1 points
QUESTION 17
NISTs Special Publication 800-30 describes what
|
| a. | How to perform a risk assessment |
|
| b. | A framework of good practices |
|
| c. | Certification and accreditation practices |
|
| d. | Maturity levels associated with CMMI |
1 points
QUESTION 18
A risk handling technique in which the organization chooses to simply do nothing, as the cost of the risk being actualized is lower than the cost of the security control, is known as
|
| a. | Acceptance |
|
| b. | Avoidance |
|
| c. | Mitigation |
|
| d. | Transfer |
1 points
QUESTION 19
Which of the following is an example of an intangible asset?
|
| a. | Server software |
|
| b. | Sales database |
|
| c. | Good will or the branding that is associated with a well-liked product |
|
| d. | Server hardware |
1 points
QUESTION 20
Which of the following is the formula used to calculate the risk that remains after you apply controls?
|
| a. | ALE=SLExARO |
|
| b. | Risk=Threat X Vulnerability |
|
| c. | Residual Risk = Total Risk - Controls |
|
| d. | Total Risk=Thrat X Vulnerability X Assest Value |
1 points
QUESTION 21
A policy that has been implemented that requires two different individuals perform different functions. An example is with a Certificate Authority that issues digital certificates where one role can only identify-proof the person the requesting the certificate and issue a request, and a different person can actually issue the digital certificate.
|
| a. | Job Rotation |
|
| b. | Need to Know |
|
| c. | Acceptable Use |
|
| d. | Separation of Duties |
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Database And Expert Systems Applications Dexa 2022 Workshops 33rd International Conference Dexa 2022 Vienna Austria August 22 24 2022 In Computer And Information Science 33
Authors: Gabriele Kotsis ,A Min Tjoa ,Ismail Khalil ,Bernhard Moser ,Alfred Taudes ,Atif Mashkoor ,Johannes Sametinger ,Jorge Martinez-Gil ,Florian Sobieczky ,Lukas Fischer ,Rudolf Ramler ,Maqbool Khan ,Gerald Czech
1st Edition
