Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 14: Information Security

Full screen (f)
exit full mode
Question
Which of the following must an organization's management do if HIPAA applies to its activities?

A) assign a person or persons to be responsible for HIPAA compliance
B) decide whether or not to comply with HIPAA
C) take out HIPAA compliance insurance
D) all of the above
Use Space or
up arrow
down arrow
to flip the card.
Question
Why is it difficult for companies to manage their e-mail on their own private subnets?

A) Individuals within organizations can make copies and save them.
B) Individuals can forward copies to others.
C) Individuals do not completely remove them from their storage devices.
D) all of the above
Question
Putting plans in place to ensure that employees and business processes can continue when faced with any major unanticipated disruption is called:

A) Business Contingency Planning.
B) Disaster Recovery Planning.
C) Business Continuance Planning.
D) Business Continuity Planning.
Question
Which of the following is not one of the common policy areas generally included in an information security policy?

A) Access Control Policies (e.g., password controls)
B) External Access Policies (e.g., accessing the Web and Internet)
C) Usage of Social Security Number Policies. (e.g., whether it is an identifier)
D) Acceptable Use Policies (e.g., usage of organization's computer resources)
Question
What effect does The PATRIOT Act passed by Congress have on the U.S.government's ability to access an individual's personal information?

A) significantly strengthens
B) significantly weakens
C) has no effect
D) none of the above
Question
What is the best term to describe those who break into computers to steal information,wipe out hard drives,or do others harm?

A) cyber terrorists
B) computer felons
C) hackers
D) crackers
Question
What are sources to use to calculate a single loss expectancy as part of a risk assessment?

A) historical experiences of the organization
B) industry averages
C) recent incidents only (typically the past 6 months)
D) both A and B
Question
What is just beginning to be addressed in organizations' acceptable-use policies?

A) usage of social media
B) usage of emails
C) usage of external websites
D) none of the above
Question
Which organizational position is directly responsible for the balancing of an organization's security risks with the costs to avoid them?

A) the CEO
B) the CFO
C) the CSO
D) the CIO
Question
What are some of the benefits to organizations with written privacy policies?

A) justification for quickly removing employees who behave improperly.
B) compliance with one part of SOX.
C) better ability to be insured.
D) all of the above
Question
Hackers can be differentiated from crackers by:

A) the types of targets they select.
B) the tools that they use.
C) their level of malicious intent.
D) whether they are internal or external to the target organization.
Question
Determining a Return Benefit for a specific security action is based on which of the following?

A) annualized Expected Losses and Annualized Cost of Actions
B) benefits of remote PC access
C) electronic records management
D) none of the above
Question
Which of the following is not one of the rules that the GLBA gives federal agencies and states the ability to enforce?

A) Financial Privacy Rule
B) Credit Information Rule
C) Safeguards Rule
D) none of the above
Question
Which type of employee does not need to be aware of basic types of information security technologies?

A) business managers
B) managers who only work on IT applications
C) the CSO
D) none of the above
Question
What is the approximate total business loss (in U.S.dollars)resulting from the largest reported customer data security breach to date involving retailers or financial institutions as of 2010?

A) 876,000
B) 4.2 million
C) 16.7 million
D) 1 billion
Question
Research has shown that an organization's inability to return to normal business activities after a major disruption is a key predictor of:

A) business survival.
B) business renewal.
C) business growth.
D) business start.
Question
What are some means to deal with key information security management issues?

A) Managers must determine what their real information assets are and assign values and priorities for them.
B) Managers must determine how long the organization can function without a specific information asset.
C) Departmental managers and the owners of the information assets need to develop and implement the security procedures to protect all major information assets.
D) all of the above
Question
Which of the following is one of the areas in which controls are assessed by auditors using the COSO framework?

A) Risk Assessment
B) monitoring
C) Control Environment.
D) all of the above
Question
When a web site mimics a legitimate site for the purpose of misleading or defrauding an Internet user,it is called:

A) identity theft.
B) illegal spam e-mail
C) spoofing.
D) phishing.
Question
Which of the following is a typical statement included in an organization's acceptable use policy?

A) The organization's computing resources (hardware, software, network services) are company property.
B) An employee does not have privacy rights to their usage of these computing resources.
C) Specific types of computing behavior are prohibited by federal or state laws.
D) all of the above.
Question
A worm is a virus that has the ability to copy itself from machine to machine,usually over a network.
Question
Electronic Records management (ERM)practices became a more important information security management issue in the U.S.in 2006 when new legislation established new rules for timely information gathering in response to potential litigation.
Question
Which statement about computer crimes is not true?

A) Crackers have successfully used hacking techniques to wipe out hard drives, steal information, and disrupt government activities.
B) Hackers have helped to point out security vulnerabilities in computer software.
C) Data and application encryption are not considered robust security approaches.
D) Common civilian targets include power grids and financial networks.
Question
The Sarbanes-Oxley act requires officers of publicly traded companies in the U.S.to certify that:

A) the organization has a CIO.
B) they are responsible for establishing and maintaining internal financial controls.
C) the organization has a CSO.
D) all email over one year old has been securely deleted.
Question
Due to several recent laws regarding information security,it is a good practice to provide existing civil and criminal laws rather than have a company-specific information security policy.
Question
BCP shortcomings recently identified during crises include:

A) backup IT sites are too close to data centers
B) plans are needed for alternative workplaces for human resources
C) evacuation plans should be practiced
D) all of the above
Question
Which of the following is the recommended means for disseminating an organization's information security policy?

A) hardcopy distributions to all employees, not just new employees
B) email distributions
C) posting the policy on the organization's intranet
D) all of the above
Question
Primary sources of thefts of intellectual property rights,trade secrets,and research and development knowledge are employees.
Question
Which position is responsible for continually assessing an organization's information security risks and developing and implementing effective countermeasures?

A) CSO or CISO
B) CEO
C) COSO
D) all of the above
Question
Creating a BCP in the U.S.requires:

A) inventorying all desktop PCs, but not laptops.
B) keeping files on magnetic tape.
C) identifying interdependencies between critical business processes and business units.
D) following Federal Rules of Civil Procedure.
Question
A denial of service attack is implemented by simultaneously sending a large number of messages to a target computer to create a computer or communications overload,so that legitimate users cannot obtain access.
Question
The goal of the IS manager responsible for information security is to eliminate all information risk.
Question
What should an ERM manager (or an ERM committee)be responsible for?

A) defining what constitutes an electronic transaction
B) classifying specific records based upon their importance, regulatory requirements, and duration.
C) formulating and managing SOX compliance
D) all of the above
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/33
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 14: Information Security
1
Which of the following must an organization's management do if HIPAA applies to its activities?

A) assign a person or persons to be responsible for HIPAA compliance
B) decide whether or not to comply with HIPAA
C) take out HIPAA compliance insurance
D) all of the above
A
2
Why is it difficult for companies to manage their e-mail on their own private subnets?

A) Individuals within organizations can make copies and save them.
B) Individuals can forward copies to others.
C) Individuals do not completely remove them from their storage devices.
D) all of the above
D
3
Putting plans in place to ensure that employees and business processes can continue when faced with any major unanticipated disruption is called:

A) Business Contingency Planning.
B) Disaster Recovery Planning.
C) Business Continuance Planning.
D) Business Continuity Planning.
D
4
Which of the following is not one of the common policy areas generally included in an information security policy?

A) Access Control Policies (e.g., password controls)
B) External Access Policies (e.g., accessing the Web and Internet)
C) Usage of Social Security Number Policies. (e.g., whether it is an identifier)
D) Acceptable Use Policies (e.g., usage of organization's computer resources)
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
5
What effect does The PATRIOT Act passed by Congress have on the U.S.government's ability to access an individual's personal information?

A) significantly strengthens
B) significantly weakens
C) has no effect
D) none of the above
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
6
What is the best term to describe those who break into computers to steal information,wipe out hard drives,or do others harm?

A) cyber terrorists
B) computer felons
C) hackers
D) crackers
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
7
What are sources to use to calculate a single loss expectancy as part of a risk assessment?

A) historical experiences of the organization
B) industry averages
C) recent incidents only (typically the past 6 months)
D) both A and B
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
8
What is just beginning to be addressed in organizations' acceptable-use policies?

A) usage of social media
B) usage of emails
C) usage of external websites
D) none of the above
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
9
Which organizational position is directly responsible for the balancing of an organization's security risks with the costs to avoid them?

A) the CEO
B) the CFO
C) the CSO
D) the CIO
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
10
What are some of the benefits to organizations with written privacy policies?

A) justification for quickly removing employees who behave improperly.
B) compliance with one part of SOX.
C) better ability to be insured.
D) all of the above
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
11
Hackers can be differentiated from crackers by:

A) the types of targets they select.
B) the tools that they use.
C) their level of malicious intent.
D) whether they are internal or external to the target organization.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
12
Determining a Return Benefit for a specific security action is based on which of the following?

A) annualized Expected Losses and Annualized Cost of Actions
B) benefits of remote PC access
C) electronic records management
D) none of the above
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
13
Which of the following is not one of the rules that the GLBA gives federal agencies and states the ability to enforce?

A) Financial Privacy Rule
B) Credit Information Rule
C) Safeguards Rule
D) none of the above
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
14
Which type of employee does not need to be aware of basic types of information security technologies?

A) business managers
B) managers who only work on IT applications
C) the CSO
D) none of the above
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
15
What is the approximate total business loss (in U.S.dollars)resulting from the largest reported customer data security breach to date involving retailers or financial institutions as of 2010?

A) 876,000
B) 4.2 million
C) 16.7 million
D) 1 billion
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
16
Research has shown that an organization's inability to return to normal business activities after a major disruption is a key predictor of:

A) business survival.
B) business renewal.
C) business growth.
D) business start.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
17
What are some means to deal with key information security management issues?

A) Managers must determine what their real information assets are and assign values and priorities for them.
B) Managers must determine how long the organization can function without a specific information asset.
C) Departmental managers and the owners of the information assets need to develop and implement the security procedures to protect all major information assets.
D) all of the above
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
18
Which of the following is one of the areas in which controls are assessed by auditors using the COSO framework?

A) Risk Assessment
B) monitoring
C) Control Environment.
D) all of the above
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
19
When a web site mimics a legitimate site for the purpose of misleading or defrauding an Internet user,it is called:

A) identity theft.
B) illegal spam e-mail
C) spoofing.
D) phishing.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
20
Which of the following is a typical statement included in an organization's acceptable use policy?

A) The organization's computing resources (hardware, software, network services) are company property.
B) An employee does not have privacy rights to their usage of these computing resources.
C) Specific types of computing behavior are prohibited by federal or state laws.
D) all of the above.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
21
A worm is a virus that has the ability to copy itself from machine to machine,usually over a network.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
22
Electronic Records management (ERM)practices became a more important information security management issue in the U.S.in 2006 when new legislation established new rules for timely information gathering in response to potential litigation.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
23
Which statement about computer crimes is not true?

A) Crackers have successfully used hacking techniques to wipe out hard drives, steal information, and disrupt government activities.
B) Hackers have helped to point out security vulnerabilities in computer software.
C) Data and application encryption are not considered robust security approaches.
D) Common civilian targets include power grids and financial networks.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
24
The Sarbanes-Oxley act requires officers of publicly traded companies in the U.S.to certify that:

A) the organization has a CIO.
B) they are responsible for establishing and maintaining internal financial controls.
C) the organization has a CSO.
D) all email over one year old has been securely deleted.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
25
Due to several recent laws regarding information security,it is a good practice to provide existing civil and criminal laws rather than have a company-specific information security policy.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
26
BCP shortcomings recently identified during crises include:

A) backup IT sites are too close to data centers
B) plans are needed for alternative workplaces for human resources
C) evacuation plans should be practiced
D) all of the above
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
27
Which of the following is the recommended means for disseminating an organization's information security policy?

A) hardcopy distributions to all employees, not just new employees
B) email distributions
C) posting the policy on the organization's intranet
D) all of the above
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
28
Primary sources of thefts of intellectual property rights,trade secrets,and research and development knowledge are employees.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
29
Which position is responsible for continually assessing an organization's information security risks and developing and implementing effective countermeasures?

A) CSO or CISO
B) CEO
C) COSO
D) all of the above
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
30
Creating a BCP in the U.S.requires:

A) inventorying all desktop PCs, but not laptops.
B) keeping files on magnetic tape.
C) identifying interdependencies between critical business processes and business units.
D) following Federal Rules of Civil Procedure.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
31
A denial of service attack is implemented by simultaneously sending a large number of messages to a target computer to create a computer or communications overload,so that legitimate users cannot obtain access.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
32
The goal of the IS manager responsible for information security is to eliminate all information risk.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
33
What should an ERM manager (or an ERM committee)be responsible for?

A) defining what constitutes an electronic transaction
B) classifying specific records based upon their importance, regulatory requirements, and duration.
C) formulating and managing SOX compliance
D) all of the above
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree