IS5403 WEEK3 QUIZ

  1. A security attack is defined as which of the following?  Malicious threat
  2. HIPAA Administrative safeguards include which two (2) of the following?  – Security Personnel
    – Workforce Training and Management
  3. HIPAA Physical safeguards include which two (2) of the following?  – Workstation and Device Security
    – Facility Access and Control
  4. If you are a mature organization which CIS Controls Implementation Group would you use?  Implementation Group 3
  5. In which CIS control category will you find Incident Response and Management?  Organizational
  6. One PCI Requirement is using an approved scanning vendor to scan at what frequency?  Quarterly
  7. PCI includes 264 requirements grouped under how many main requirements?  12
  8. PCI uses which three (3) of the following Card Holder Data Environment categories to determine scope?   – Technology
    – Processes
    – People
  9. The HIPAA security rule requires covered entites to maintain which two (2) reasonable safeguards for protecting e-PHI?  – Physical
    – Technical
  10. The HIPAA Security Rule requires covered entities to maintain which three (3) reasonable safeguards for protecting e-PHI?  – Administrative
    – Physical
    – Technical
  11. Under GDPR who determines the purpose and means of processing of personal data?  Controller
  12. Under the International Organization for Standardization (ISO) which standard focuses on Privacy?  X – ISO 27001
    X – ISO 27003
  13. What is an auditor looking for when they test control the control for implementation over an entire offering with no gaps?  Completeness
  14. What year did the GDPR come into effect?  2018
  15. Which is NOT one of the security controls?  Testing
  16. Which is the foundational principle that everyone will get during a SOC audit?  Security
  17. Which of the bad guys are described as “They are “in” an organization but are human and make mistakes”?   Inadvertant Actor
  18. Which SOC report is closest to an ISO report?   X – Type 2
    X – Type 2 and Type 1
  19. Which three (3) of these obligations are part of the 5 key GDPR obligations? Check all that apply  – Consent
    – Accountability of Compliance
    – Rights of EU Data Subject 
  20. Who is the governing entity for HIPAA?  Department of Health and Human Services’

Other Links:

Statistics Quiz

Networking Quiz

See other websites for quiz:

Check on QUIZLET

Check on CHEGG

Post Views: 190

Leave a Reply

Your email address will not be published. Required fields are marked *