Copyright

Cybersecurity Policy, Governance & Management Chapter Exam

Exam Instructions:

Choose your answers to the questions and click 'Next' to see the next set of questions. You can skip questions if you would like and come back to them later with the yellow "Go To First Skipped Question" button. When you have completed the practice exam, a green submit button will appear. Click it to see your results. Good luck!

Page 1

Question 1 1. Which of these is a recommendation of the PCI DSS standards to protect a network from malicious traffic?

Question 2 2. Which of these is the ideal way to store and transmit cardholder data?

Question 3 3. What year was the Sarbanes-Oxley Act enacted?

Question 4 4. A scandal involving _____ is a prime example of why the Sarbanes-Oxley Act was needed.

Question 5 5. Which of the following situations is considered an appropriate use of medical information under the HIPAA privacy rule?

Page 2

Question 6 6. Which of the following is NOT a permitted disclosure of information under the HIPAA privacy rule?

Question 7 7. When sharing personally identifiable information about a student who is transferring to a new school, which of the following is required?

Question 8 8. Generally speaking, FERPA requires which of the following before you can disclose student information?

Question 9 9. Why was the NIST 800 Series first created?

Question 10 10. The standards and guidelines outlined in the NIST 800 Series are _____ for private companies and organizations.

Page 3

Question 11 11. Who can utilize the ISO/IEC 27000 series?

Question 12 12. Where did the ISO/IEC 27000 series get its start?

Question 13 13. Why was the Federal Information Security Management Act more successful than GISRA?

Question 14 14. How did the lawmakers try to tie agency compliance into GISRA?

Question 15 15. The Gramm-Leach-Bliley Act is the main law governing:

Page 4

Question 16 16. The section of the Gramm-Leach-Bliley Act that requires companies to give individuals the right to opt-out of some information sharing is known as:

Question 17 17. Which of these is an example of an administrative safeguard under the HIPAA Security Rule?

Question 18 18. A technical safeguard of the HIPAA Security Rule might apply to _____ in a medical environment.

Question 19 19. A woman has an emergency at a restaurant and a nurse from her clinic, Mary, recognizes her. Mary accesses the patient's electronic medical records with her personal cell phone. Mary then tells the EMT the patient's name is Josie Jones, she is 60 years old, diagnosed with hypertension, diabetes type 2 and hyperlipidemia. She does this with others around. What did Mary do wrong?

Question 20 20. What can you do to secure patient information?

Page 5

Question 21 21. This member of the cybersecurity policy development team knows his or her stuff and may be called upon to lend expertise on the topic being covered:

Question 22 22. A technical writer on a cybersecurity policy development team may be tasked with all of the following responsibilities EXCEPT which?

Question 23 23. How often are schools required to notify students and families about the guidelines under FERPA that protect their privacy?

Question 24 24. Which of the following statement about the release of information for review by parents or students is FALSE?

Question 25 25. When are medical providers and business associates required to notify the Department of Health and Human Services following a data breach?

Page 6

Question 26 26. The HITECH Act requires patient notification of a data breach in which form?

Question 27 27. Who does PCI DSS requirements apply to?

Question 28 28. Which of the following is NOT a purpose of the Sarbanes-Oxley Act?

Question 29 29. According to the privacy rule of HIPAA, which of the following is a covered entity who must comply with its provisions?

Question 30 30. Which of the following is NOT an educational record?

Cybersecurity Policy, Governance & Management Chapter Exam Instructions

Choose your answers to the questions and click 'Next' to see the next set of questions. You can skip questions if you would like and come back to them later with the yellow "Go To First Skipped Question" button. When you have completed the practice exam, a green submit button will appear. Click it to see your results. Good luck!

Computer Science 332: Cybersecurity Policies and Management  /  Computer Science Courses
Support