1. Which of the following elements ensures a policy is enforceable?Options:A. Compliance can be measured.B. Appropriate sanctions are applied when the policy is violated.C. Appropriate administrative, technical, and physical controls are put in place to support the policy.D. the above.2. Which of the following is an example of an information asset?Options:A. Business plansB. Employee recordsC. Company reputationD. All the above3. Endorsed is one of the seven policy characteristics. Which of the following statements best describes endorsed?A. The policy is supported by management.B. The policy is accepted by the organization’s employees.C.  The policy is mandatory; compliance is measured; and appropriate sanctions are applied.D.  The policy is regulated by the government.4. Which of the following statement about standards and guidelines is true?A. Standards are mandatory, whereas guidelines are not.B. Guidelines are mandatory, whereas standards are not.C.  Both standards and guidelines are mandatory.D.  Neither standards nor guidelines are mandatory.5. Which of the following grants users and systems a predetermined level of access?A. AccountabilityB. AuthenticationC.  AuthorizationD. Assurance6. What is the purpose of the policy definition section?A. To explain terms, abbreviations, and acronyms used in the policyB. To refer the reader to additional informationC. To provide the policy version numberD. To provide information about policy exceptions7. Which of the following statement about standards and guidelines is true?A. Standards are mandatory, whereas guidelines are not.B. Guidelines are mandatory, whereas standards are not.C.  Both standards and guidelines are mandatory.D.  Neither standards nor guidelines are mandatory.8. Which of the following best describes a procedure?A. Specifications for implementation of a policyB. Instructions on how a policy is carried outC.  Aggregate of implementation standards and security controlsD.  Teaching tools that help people conform to a policy9. Which of the following is the topmost object in the policy hierarchy?A. StandardsB. BaselinesC.  GuidelinesD.  Guiding principles10. Which of the following is a network of the national standards institutes of 146 countries?A. ISOB. NISTC. FIPSD. IEC11. Which of the following is a behavioral control that can be used to safeguard against the loss of integrity?A. Rotation of dutiesB. Log analysisC.  Code testingD.  Digital signatures12. Which of the following is a characteristic of the parallel approach to information security?A. Compliance is discretionary.B. Security is the responsibility of the IT department.C.  Little or no organizational accountability exists.D.  All the above.13. Which of the following is the objective of risk assessment?A. Identify the inherent risk.B. Determine the impact of a threat.C.  Calculate the likelihood of a threat occurrence.D.  All the above.14. Which of the following statements best describes strategic risk?A. Risk that relates to monetary lossB. Risk that relates to adverse business decisionsC.  Risk that relates to a loss from failed or inadequate systems and processesD.  Risk that relates to violation of laws, regulations, or policy15. Which of the following statements best describes the Biba security model?A. No read up and write upB. No write up and no write downC. No read up and no write downD. No read down and no write up16. : Which of the following is the heist classification level under the private sector classification system?A. SecretB. ProtectedC.  ConfidentialD.  Top secret17. Which of the following best describes the purpose of security awareness?A. To teach skills that would allow a person to perform a certain functionB. To focus attention on securityC.  To integrate all the security skills and competencies into a common body of knowledgeD.  To involve management in the process18.  Which of the following regulations explicitly specifies the topics that should be covered in a security awareness training?A. FACTAB. HIPAAC.  FCRAD.  DPPA19. : Which of the following is a type of access control that is defined by a policy and cannot be changed by the information owner?A. Mandatory access controlB. Discretionary access controlC. Role-based access controlD. Rule-based access control20. : Which of the following is an access control that is based on a specific job roles or functions?A. Mandatory access controlB. Discretionary access controlC.  Role-based access controlD.  Rule-based access control21. : Which of the following is used to associate a public key with an identity?A. EncryptionB. Digital hashC.  Digital certificateD.  Digital signature22. : Identification of compliance requirements is done during which of the following phases of the SDLC?A. InitiationB. DevelopmentC.  ImplementationD.  Operational23. Which of the following is the most common web application vulnerability?A. Failure to validate outputB. Failure to validate inputC.  Dynamic data validationD.  Static data validation24. Which of the following are components of PKI?A. Certification AuthorityB. Registration AuthorityC.  Client nodesD.  All the above25. : Which of the following best describes the purpose of the detection and investigation portion of the incident response plan?A. To describe the steps that need to be taken to prevent the incident from spreadingB. To establish processes and knowledge base to accurately detect and assess precursors and indicatorsC. To describe incident declaration and notificationD. To describe the steps to eliminate the components of the incident26. : Which of the following is the total length of time an essential business function can be unavailable without causing significant harm to the organization?A. Maximum tolerable downtimeB. Maximum tolerable uptimeC.  Recovery time objectiveD.  Recovery point objective27. Which of the following plans focuses on the initial response and includes plan activation, notification, evacuation, and communication?A. Response plansB. Contingency plansC.  Recovery plansD.  Resumption plans28. : Which of the following agencies regulates financial institutions not covered by other agencies?A. Federal Trade Commission (FTC)B. Commodity Futures Trading Commission (CFTC)C.  National Credit Union Administration (NCUA)D.  Federal Deposit Insurance Corporation (FDIC)29. The Federal Reserve Board is responsible for regulating which of the following?A. Bank holding companies and member banks of the Federal Reserve SystemB. National banks, federal saving associations, and federal branches of foreign banksC. Federally charted credit unionsD. State-chartered banks30. : Which of the following statements best describes a healthcare clearing house?A. A person or organization that provides patient or medical servicesB. An entity that provides payment for medical servicesC.  An entity that processes nonstandard health information it receives from another entityD.  A person or entity that creates, receives, maintains, transmits, accesses, or has the potential to access ePHI31. Which of the following best describes HIPAA administrative safeguards?A. Retention, availability, and update requirements related to supporting documentationB. The use of technical security measures to protect ePHI dataC.  Standards for business associate contracts and other arrangementD.  Documented policies and procedures for managing day-to-day operations and access to ePHI32. : Which of the following statements best describes the HIPAA breach notification rules?A. Covered entities are required to notify individuals for any ePHI breach within 60 days after the discovery of the breach.B. Covered entities are required to notify individuals for breach of unsecured ePHI within 60 days after the discovery of the breach.C.  Covered entities are required to notify individuals for any ePHI breach within 30 days after the discovery of the breach.D.  Covered entities are required to notify individuals for breach of unsecured ePHI within 30 days after the discovery of the breach.33. : Which of the following is the goal of integrity control standard?A. Implementing technical controls that protect ePHI from improper alteration or destructionB. Restrict access to ePHI only to users and processes that have been specifically authorizedC. Implementing of hardware, software, and mechanisms that record and examine activity in information systems that contain ePHID. Verification that a person or process seeking to access ePHI is the one claimed34. Which of the following is not one of the classification levels for national security information?A. SecretB. ProtectedC.  ConfidentialD.  Sensitive but Unclassified35. Which of the following is an evidence-based examination that compares current practices against internal or external criteria?A. TestingB. AuditC.  AssuranceD.  Assessment

Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount!
Use Discount Code "Newclient" for a 15% Discount!

NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.