Page 1
Question 1.1. (TCO 1) A security policy must be accepted by
(Points : 5)
management.
end-users.
customers.
all members of
an organization.
Question 2.2. (TCO 2) What element of a security policy does
the following phrase belong to? “This policy is established to achieve
compliance with applicable statutes, regulations, and mandates regarding the
management of information resources.” (Points : 5)
The statement
of authority
The policy
statement
The policy
objectives
The policy
audience
Question 3.3. (TCO 3) Which is the process of accumulating
data regarding a specific logical or physical environment? (Points : 5)
Footprinting
Scanning
Enumeration
All of the
above
Question 4.4. (TCO 4) Which of the following information
about a person can be used to influence a hiring decision? (Points : 5)
Educational
credentials
Negative credit
history
Relevant
certifications
All of the
above
Question 5.5. (TCO 5) Why is it sometimes better to isolate
critical equipment than it is to apply additional protective measures, in order
to protect against exposure to greater hazards or risks from unauthorized
access? (Points : 5)
Management
requests it.
There is less
risk involved.
It can be less costly.
Regulators
prefer it.
Question 6.6. (TCO 5) A security perimeter is (Points : 5)
the widest
imaginary circle around a facility.
a barrier of
protection.
the field
around which security alarms can monitor activity.
None of the
above
Question 7.7. (TCO 6) Logging, as it pertains to media
removal, is only needed when (Points : 5)
the media are
paper based.
it is
outsourced.
it is handled in-house.
It is always
needed.
Question 8.8. (TCO 7) Prohibiting access to information not
required for one’s work is the (Points : 5)
access need
concept.
need-to-monitor
concept.
need-to-know
concept.
required information process concept.
Question 9.9. (TCO 8) Output validation is (Points : 5)
verifying that
a piece of code does not have any inherent vulnerabilities.
making sure
that employees know what information to enter in a new system.
testing an
application system by entering all kinds of character strings in the provided
fields.
testing what
information an application system returns when information is entered.
Question 10.10. (TCO 9) This test subjects a system or
device to real-world attacks. (Points : 5)
Audit
Penetration
test
Assessment
Interview
Question 11.11. (TCO 10) As it pertains to HIPAA, which is a
covered entity? (Points : 5)
A medical
patient protected by HIPAA
A healthcare
provider who must be compliant with HIPAA
A healthcare
provider who does NOT have to be compliant with HIPAA
A medical
patient NOT protected by HIPAA
Question 12.12. (TCO 10) Which of the following standards
includes monitoring failed log-ons? (Points : 5)
Access Control
Audit Controls
Device and
Media Controls
Integrity
Controls
Question 13.13. (TCO 11) Which government agency is in
charge of developing technical security standards and guidelines for
unclassified federal systems, according to FISMA? (Points : 5)
The OMB
NIST
The OCS
The NSA
Question 14.14. (TCO 11) Transmitting ePHI in e-mail is not
recommended because (Points : 5)
e-mail is
usually in clear text.
e-mail can be
forwarded.
Both A and B
Neither A nor B
Question 15.15. (TCO 12) Attaching an unauthorized wireless
network to the corporate network is considered (Points : 5)
a major breach
in network security and a violation of the security policy.
a major breach
in network security but not a violation of the security policy.
a violation of
the security policy but not a major breach in network security.
neither a major breach in network security
nor a violation of the security policy.
Question 16.16. (TCO 12) A strong password is at least how
many characters? (Points : 5)
5
6
7
8
Question 17.17. (TCO 1) A policy that secures and protects
assets from foreseeable harm and provides flexibility for the unforeseen is
(Points : 5)
accurately
reflecting the current technology environment.
complying with
applicable government policy.
the best goal
for a new policy.
approved by
management and understood by everyone.
Question 18.18. (TCO 2) Which of the following should you
strive for in the policy statement, in order to have a well-written policy?
(Points : 5)
Contain areas
that address every aspect of operations and information and every area
affecting the organization’s information assets.
Spell check the
document to avoid typographical errors.
Include
applicable standards, guidelines, and procedures within the policy document.
Describe
everything in layman’s terms so that it is clear the policy is a statement of
everyone’s intent.
Question 19.19. (TCO 3) When it comes to information
security, what is labeling the primary vehicle for? (Points : 5)
Communicating
the sensitivity level
Communicating
the access controls
Enforcing the
access controls
Auditing the
access controls
Question 20.20. (TCO 5) In the context of information
security, environmental security would refer to all of the following except
(Points : 5)
design and
construction of facilities.
configuration
of wireless access points.
where equipment
is stored.
how and where
people move.
Page 2
Question 1. 1. (TCO 3) Explain and contrast the core
information security concepts of confidentiality, integrity, and availability.
(Points : 40)
Question 2. 2. (TCO 8) Describe the steps a system
development team could take to make sure security features are designed into
newly developed systems, and explain why this is important to an organization.
(Points : 40)
Question 3. 3. (TCO 10) Describe and explain the HIPAA
Security Rule. (Points : 40)
Question 4. 4. (TCO 12) What should every small business do
to ensure that it is secure? (Points : 40)
