IS5403 3WEEK SQL

  1. A group of regulations implemented by the European Union (EU) to protect personal data of EU citizens.   GDPR (General Data Protection Regulation)
  2. A security attack is defined as which of the following?   Malicious threat
  3.   A security attack is defined as which of the following?  An event that has been identified by correlation and analytics tools a malicious activity.
  4. An attack or security event that has been reviewed by IBM security analysts or the world at large and deemed worthy of deeper investigation.  Incident/Security Incident
  5. An event on a system or network detected by a security device or application. So this can be any normal activity from entering a password. That’s a security event. IT can be a firewall rule check. That’s a security event. IT’s not the same as an attack   Security event
  6. An identified or identifiable natural person.  Data subject
  7. Any information relating to a data subject    Personal Data
  8. Any operation performed on personal data (includes storage, access) anywhere in the world   Processing
  9. are more procedural. These are how the servers configured. What are the rules for how often you patch a system? Who’s responsible for monitoring the logs and reviewing them? How your staff are trained and wat activities they perform. These are operational or procedural controls.  Operational Controls
  10. are tooling or software or features and functions that restrict or control the security of the data or the processes. So you can think of encryption, you think of logging, you can think of password software, all of these are examples of technical controls.   Technical Controls
  11. designed to focus on protecting your environment and your systems from theft, from damage, from disruption and from misdirection. Comes in three categories: physical controls, technical controls, and operational controls.   Security
  12. determines the purpose and means of processing personal data   Controller
  13. General specifications, not specific to any industry. Important, but not legally required. ISO 27001 as an example, or SOC   Foundational Compliance
  14. HIPAA Administrative safeguards include which two (2) of the following?  Workface training and management, and security personnel
  15. HIPAA Administrative safeguards include which two (2) of the following?   Workforce training and management, and Security Personnel
  16. HIPAA Administrative safeguards include which two (2) of the following?  – Security Personnel
    – Workforce Training and Management
  17. HIPAA Physical safeguards include which two (2) of the following?   Facility Access and Control, and Workstation and Device Security
  18. HIPAA Physical safeguards include which two (2) of the following?   – Workstation and Device Security
    – Facility Access and Control
  19. If you are a mature organization which CIS Controls Implementation Group would you use?  Implementation Group 3
  20. In which CIS control category will you find Incident Response and Management?  Organizational
  21. In which CIS control category will you find Incident Response and Management?  Organizational
  22. is the subset of the security events. It is a security event that has been identified by correlation and analytics tools as a malicious activity that is attempting to collect, disrupt, deny, degrade or destroy information system resources or the information itself.   Attack/Security Attack
  23. One PCI Requirement is using an approved scanning vendor to scan at what frequency?  Quarterly
  24. One PCI Requirement is using an approved scanning vendor to scan at what frequency? Quarterly
  25. PCI includes 264 requirements grouped under how many main requirements?   12
  26. PCI includes 264 requirements grouped under how many main requirements?  12
  27. PCI uses which three (3) of the following Card Holder Data Environment categories to determine scope?   People, processes, and technology
  28. PCI uses which three (3) of the following Card Holder Data Environment categories to determine scope?   – Technology
    – Processes
    – People
  29. processes personal data on behalf of the controller    Processor
  30. Regulations or standards specific to an industry or dealing with a specific type of data. Often legal requirements.  Industry Compliance
  31. strongly focused on data. How information is used, who that information is shared with, or if that information is used to track users. Who has access to the data? How is it stored? How is it transferred?  Privacy
  32. tests that security measures are in place. Which and how many depend on the specific compliance. Often will cover additional non-security requirements such as business practices, vendor agreements, organizational controls, etc. There are generally two types of compliance. Foundational and Industry.  Compliance
  33. The HIPAA security rule requires covered entites to maintain which two (2) reasonable safeguards for protecting e-PHI?  – Physical
    – Technical
  34. The HIPAA security rule requires covered entities to maintain which two (2) reasonable safeguards for protecting e-PHI   Physical, and Technical
  35. The HIPAA Security Rule requires covered entities to maintain which three (3) reasonable safeguards for protecting e-PHI?    physical, administrative, technical
  36. The HIPAA Security Rule requires covered entities to maintain which three (3) reasonable safeguards for protecting e-PHI?   – Administrative
    – Physical
    – Technical
  37. these are for the servers in the data centers. So how do you physically keep your systems that you’re operating your applications on contained, right? How do you ensure the physical security of the hardware?  Physical Control
  38. Under GDPR who determines the purpose and means of processing of personal data?  Controller
  39. Under GDPR who determines the purpose and means of processing of personal data?   Controller
  40. Under the International Organization for Standardization (ISO) which standard focuses on Privacy?   ISO 27018
  41. Under the International Organization for Standardization (ISO) which standard focuses on Privacy?   X – ISO 27001
    X – ISO 27003
  42. What is an auditor looking for when they test control the control for implementation over an entire offering with no gaps?   Completeness
  43. What is an auditor looking for when they test the control for implementation over an entire offering with no gaps?  consistency?
  44. What year did the European Union start enforcing GDPR?    2018
  45. What year did the GDPR come into effect?   2018
  46. Which is NOT one of the security controls?   Testing
  47. Which is NOT one of the security controls?  Testing
  48. Which is the foundational principal that everyone will get during a SOC audit? Security
  49. Which is the foundational principle that everyone will get during a SOC audit?   Security
  50. Which of the bad guys are described as “They are “in” an organization but are human and make mistakes”?  Inadvertent Actor
  51. Which of the bad guys are described as “They are “in” an organization but are human and make mistakes“?   Inadvertant Actor
  52. Which order does a typical compliance process follow? Establish scope, readiness assessment, gap remediation, testing/auditing, management reporting
  53. Which SOC report is closest to an ISO report?   Type 1
  54. Which three (3) of these obligations are part of the 5 key GDPR obligations?   Accountability of Compliance, Consent, Rights of EU Data Subject
  55. Which three (3) of these obligations are part of the 5 key GDPR obligations? Check all that apply   – Consent
    – Accountability of Compliance
    – Rights of EU Data Subject
  56. Who is the governing entity for HIPAA?   Department of Health and Human Services’
  57. Who is the governing entity for HIPAA?   US Department of Health and Human Services Office of Civil Rights

Other Links:

Statistics Quiz

Networking Quiz

See other websites for quiz:

Check on QUIZLET

Check on CHEGG

Post Views: 190

Leave a Reply

Your email address will not be published. Required fields are marked *