IS 3350 IS3350 Final Exam Answers (ITT TECH University)
IS3350 Final Exam (ITT TECH)
1. The main goal of Information Security is to protect information _____________.
2. _____________ is the rule that requires that two or more employees must split critical taskfunctions so that no employee knows all of the steps of the critical task.
3. When a person or system takes advantage of a vulnerability to cause harm, it is called a/an __________.
4. Organizations respond to risks by doing _____________.
5. ________ are the first level of information governance.
6. Which of the following programs retrieves files and data from a computer network?
7. Individuals use a blog as a personal online journal. Which of the following is the source of the word “blog”?
8. Which of the following implies that a person has the right to specify how his/her personally identifiable information data is collected, used, and shared?
9. Which of the following acts establishes the public’s right to request information from federal agencies?
10. Which of the following is a small string of non-executable text that a Web site stores on a user’s computer, containing information about the individuals visit to the Web site, such as user name and password?
11. The President must be a natural-born U.S. citizen and must be at least ___________ years old.
12. Which of the following is a body of law developed through legal tradition and court cases?
13. Which of the following law trials is concerned with claims between individuals?
14. According to the Federal Administrative Procedure Act, which of the following is a governmental authority besides Congress and the courts?
15. Which of the following is an evaluation and verification of the fact that certain regulatory objectives are met?
16. Which of the following types of organizations are covered under GLBA?
17. Under GLBA, which of the following is personally identifiable financial information that a consumer gives to a financial institution?
18. Which of the following is a specialized type of identity theft where thieves steal a person’s name and other parts of their medical identity to get medical services or goods?
19. HIPAA required the Department of Health and Human Services to make rules regarding the privacy of individually identifiable health information and to create security standards to protect this information. These are known as privacy and __________.
20. As HIPAA sets the standard for PHI security and privacy protection, states may not create laws and rules that provide additional protection.
21. Web site operators can use several methods to distinguish children from adults. These include the use of parental controls within the web browser, and requiring input from the user, such as __________.
22. According to FERPA, which of the following can be a name, a social security number, biometric data, or any data used to identify a person?
23. Which of the following companies is traded and the investors own a portion of the company in the form of stock?
24. Which legal requirement of SOX allows the investor to make an informed decision?
25. Which of the following oversees that SOX provision objectives are met to insure compliance with the required security controls?
26. FISMA requires the Department of Commerce to create information security standards and guidelines. Which of the following organizations did the Department of Commerce delegate this responsibility?
27. FISMA requires federal agencies to secure national security systems using a risk-based approach, but this does not apply to ____________ information.
28. Which of the following is a legal concept having the following features:
It protects an entity from legal liability.
It is written into the law.
Entities that encrypt the personal information that they own or maintain do not have to follow the notification requirements of this concept if they have a data breach.
29. Under the Department of Commerce rules, exporters must have an export license for items and technologies that are on the _________.
30. Under most State laws, data collectors must use encryption technologies adopted by a standards setting body and reference the Federal Information Processing Standards. Which of the following issue these standards?
31. Which of the following is a system of linked hypertext documents and other media that are connected through the inter-connected networks?
32. A legal owner of intellectual property has the right to use it in any way they want to, and the power to give those rights to another. In the case of created material such as books or music, this is called _____________.
33. Which of the following has the longest protection period—as long as the owner continues to use it in commerce?
34. Utility patents are granted for ___________ years, while design patents are granted for _________ years.
35. The law gives copyright holders the following broad rights that include the right:
• To reproduce the copyrighted work
• To prepare derivative works based upon the copyrighted work
• To distribute copies or phonorecords of the copyrighted work to the public
• To publicly display the copyrighted work
Which of the following should be included in this list?
36. An End User License Agreement (EULA) is a contract where the end user has an opportunity to negotiate the terms of the contract and in order to use the underlying product or service, the user must accept all the terms of the contract. This type of contract is called a Contract of _____________.
37. __________ recognizes that parties contract electronically because of speed and other economic efficiencies. It covers U.S. business and commercial transactions and requires that courts and contracting parties give electronic signature the same effect as a handwritten signature.
38. Nigerian fraud highlights jurisdiction issues in cybercrime cases. _______ is a trick in which the target is persuaded to advance sums of money in the hope of realizing a significantly larger gain.
39. In criminal cases, defendants must enter their plea to the charges. Defendants can enter a plea of guilty, not guilty, or they can enter a plea of _____________ Latin for “I do not wish to contend.
40. In negligence tort cases, the plaintiff must prove that the defendant owed __________, because a person is obligated to avoid acts or omissions that can harm others.
41. Information security governance refers to the responsibility of the executive management to provide strategic direction, oversight, and accountability for the security of its data and information technology resources. This is usually documented in high-level ____________.
42. Which of the following does an organization usually develop with inputs from information security managers generally because they have overall organizational responsibility for implementing information security.
43. ___________ are step-by-step checklists that explain how to meet security goals.
44. Which of the following can an organization use to give information security adviceand recommend actions that an employee can apply on their own?
45. Military and civilian organizations have different requirements for authenticationto enforce their information security policy. Generally the military will use multi-factor authentication which can include something you know, something you have,and something you __________.
46. Which among the following is a part of contingency planning?
47. Obtaining insurance against a loss is an example of risk __________.
48. What is a security event that has actually occurred?
49. Which of the following is a step in the process of computer forensics investigation?
50. Which of the following types of evidence do defense attorneys use in criminal cases to show that their client is innocent?
We Also Recommend
"Applying Skills Learned" Please respond to the following- From the e-Activity, explain what you learned about the Website you selected
(TCO 3) Managers are often required to make decisions about the future based