QUESTION 1 This regulation applies to how institutions handle the privacy of you
ID: 3917643 • Letter: Q
Question
QUESTION 1
This regulation applies to how institutions handle the privacy of your student records at the University.
a.
FERPA
b.
HIPAA
c.
GLBA
d.
CIPA
1 point
QUESTION 2
This Act applies to security and privacy expectations of healthcare organizations.
a.
FISMA
b.
FERPA
c.
GLBA
d.
HIPAA
1 points
QUESTION 3
Which of the following is not a source that would be used to assess an organziation’s vulnerabilities?
a.
Prior events
b.
Acutuary tables
c.
System Logs
d.
Audits
1 points
QUESTION 4
Which of the following is not considered a method by which we would harden a server againsts attacks?
a.
Change default passwords
b.
Reverse engineer a patch to look for vulnerabilities
c.
Enable a firewall
d.
Remove unused services
1 points
QUESTION 5
Historically, a web server attached to the public Internet has a probability of being successfully attacked .90 in each year. To which of the following quantitative elements would this most likely relate?
a.
ARO
b.
SLE
c.
EF
d.
ALE
1 points
QUESTION 6
This Act applies to financial oganizations
a.
FISMA
b.
Sabanes-Oxley (SOX)
c.
GLBA
d.
FERPA
1 points
QUESTION 7
A method that shows a list of project tasks that must be completed on time so that the project is not delayed.
a.
Gannt Chart
b.
Milestone Plan Chart
c.
Risk Management Plan
d.
Critical Path Chart
1 points
QUESTION 8
The area inside the firewall is considered to be the
a.
User Domain
b.
Workstation Domain
c.
LAN Domain
d.
Secured Domain
1 points
QUESTION 9
Discuss the difference between a qualitative risk assessment and a quantitative risk assessment. When would you recommend using a quantitative risk assessment over a qualitative risk assessment?
QUESTION 10
A document used to track the progress of remediating identified risk.
a.
Risk Assessment
b.
POA&M
c.
Risk Profile
d.
Vulnerability Assessment
1 points
QUESTION 11
If a hacker hacks in to a hospital and changes a patient’s blood type on his patient healthcare record, which of the following security services was the one that was principally violated?
a.
Integrity
b.
Authentication
c.
Availability
d.
Confidentiality
1 points
QUESTION 12
What are valid contents of a risk management plan?
a.
Scope
b.
POA&M
c.
Objectives
d.
Recommendations
e.
All of the above
1 points
QUESTION 13
Which of the following is not a U.S. Government risk management initiative or program?
a.
ITIL
b.
DHS’ NCCIC
c.
MITRE’s CVE List
d.
US-CERT
1 points
QUESTION 14
The possibility that a negative event will occur is known as a/an:
a.
exploit
b.
risk
c.
threat
d.
vulnerablity
1 points
QUESTION 15
A weak password, or a firewall that has been improperly configured, is considered a/an:
a.
threat
b.
vulnerability
c.
exploit
d.
risk
1 points
QUESTION 16
You are a very small company that sells healthcare insurance plans. You estimate that the breach of your customer database will cost you $200,000, and that this might happen once in 5 years. A vendor wants to sell you a Data Loss Prevention (DLP) solution that would cost $50,000 per year. Which of the following is the best course of action?
a.
Spend whatever it takes to ensure that this data is safe.
b.
Accept the risk,
c.
Spend the $50,000 to mitigate the risk
d.
Spend $25,000 on cyber insurance to transfer the risk
1 points
QUESTION 17
NIST’s Special Publication 800-30 describes what
a.
How to perform a risk assessment
b.
A framework of good practices
c.
Certification and accreditation practices
d.
Maturity levels associated with CMMI
1 points
QUESTION 18
A risk handling technique in which the organization chooses to simply do nothing, as the cost of the risk being actualized is lower than the cost of the security control, is known as
a.
Acceptance
b.
Avoidance
c.
Mitigation
d.
Transfer
1 points
QUESTION 19
Which of the following is an example of an intangible asset?
a.
Server software
b.
Sales database
c.
“Good will” or the branding that is associated with a well-liked product
d.
Server hardware
1 points
QUESTION 20
Which of the following is the formula used to calculate the risk that remains after you apply controls?
a.
ALE=SLExARO
b.
Risk=Threat X Vulnerability
c.
Residual Risk = Total Risk - Controls
d.
Total Risk=Thrat X Vulnerability X Assest Value
1 points
QUESTION 21
A policy that has been implemented that requires two different individuals perform different functions. An example is with a Certificate Authority that issues digital certificates where one role can only identify-proof the person the requesting the certificate and issue a request, and a different person can actually issue the digital certificate.
a.
Job Rotation
b.
Need to Know
c.
Acceptable Use
d.
Separation of Duties
a.
FERPA
b.
HIPAA
c.
GLBA
d.
CIPA
Explanation / Answer
Question 1:-
a. FERPA
Family Educational Rights and Privacy Act is the regulation to store the students records in the university's they follow.
Question 2:-
d. HIPAA
Health Insurance Portability and Accountability Act
Question 3:-
b.ActuaryTable
It is the table which stores the information about the probability of time span of persons life which is no way related to Organisation assessment.
Question 4:-
b. Reverse engineer a patch to look for vulnerabilities
It is a process to identify the vulnability source not to harden the server
Question 5:-
d.ALE
Question 6:-
c.GLBA
It is the act for the financial organisations to protect the clients financial information
Question 7:-
b. Milestone Plan Chart
It is one which tells the status of the project by seeing the stages it completed and the needed to be done.
Question 8:-
c. LAN Domain
As per the chegg Policy I am allowed to answer these many only. Kindly understand and repost the remaining
Related Questions
drjack9650@gmail.com
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.