Question 11 5 pts (TCO 10) Which organization, according to the provisions of HIPAA, is mandated to develop and publish rules to implement the HIPAA administrative simplification requirements? The FDIC The Department of Health and Human Services The Office of the Attorney General The OCS o Question 12 5 pts (TCO 10) Which is the first requirement set forth by the security management process part of HIPAA's administrative safeguards? A penetration test A vulnerability assessment A risk assessment A disaster recovery assessment Question 13 5 pts (TCO 11) Which of the following is not a focus of FISMA? Confidentiality Availability Assurance Authentication Question 14 5 pts (TCO 11) Students have a right to file complaints against a school for disclosing educational records in violation of which federal law? O HIPAA OFERPA FISMA SOX Question 15 5 pts (TCO 12) Which of the following should be an element of a confidentiality policy? Agreement to share information with whomever asks Acknowledgement of the lack of obligation of confidentiality Agreement to not improperly use the information Understanding that company information does not have to be returned at the end of employment Question 16 5 pts (TCO 12) Incident reporting is the responsibility of any employee who discovers an incident. the CEO O the ISO departmental managers. Question 17 5 pts (TCO 1) Which is NOT a goal of an information security policy? To influence behavior To protect employees and customers To make it difficult to be productive To provide a decision-making framework Question 18 5 pts (TCO 2) Which of the following statements is true? A security policy should only include one objective. A security policy should not include any exceptions. A security policy should not include a glossary. A security policy should not list all step-by-step measures that need to be taken. Question 19 5 pts (TCO 3) This classification level is used by the military for items that can be distributed to the public without any threat to national security. Unclassified Top Secret Secret Confidential Question 20 5 pts (TCO 4) The body of an affirmation agreement should address which area? O E-mail Internet Portable computers All of the above