-
Which of the following acknowledges the importance of sound information security practices and controls in the interest of national security?
- FISMA
- GLBA
- HIPAA
- FACTA
- FERPA
-
What organization was tasked to develop standards to apply to federal information systems using a risk-based approach?
- Public Entity Risk Institute
- International Organization for Standardization
- National Institute of Standards and Technology
- International Standards Organization
- American National Standards Institute
-
Pretexting is a technical method of intercepting passwords embedded in text messages.
- True
- False
-
Which of the following organizations was tasked to develop and prescribe standards and guidelines that apply to federal information systems?
- NIST
- FISMA
- Congress
- PCI SSC
- U.S. Department of the Navy
-
What section of SOX requires management and the external auditor to report on the accuracy of internal controls over financial reporting?
- Section 301
- Section 404
- Section 802
- Section 1107
-
SOX explicitly addresses the IT security controls required to ensure accurate financial reporting.
- True
- False
-
Which of the following was established to have oversight of public accounting firms and is responsible for defining the process of SOX compliance audits?
- COSO
- Enron
- PCAOB
- Sarbanes-Oxley
- None of the above
-
Which of the following is not one of the titles within SOX?
- Corporate Responsibility
- Enhanced Financial Disclosures
- Analyst Conflicts of Interest
- Studies and Reports
- Auditor Conflicts of Interest
-
Which one of the following is not considered a principal part of the GLBA?
- Financial Privacy Rule
- Pretexting provisions
- Safeguards Rule
- Information Security Rule
-
Which regulatory department is responsible for the enforcement of HIPAA laws?
- HHS
- FDA
- U.S Department of Agriculture
- U.S. EPA
- FTC
-
Which one of the following is not one of the safeguards provided within the HIPAA Security Rule?
- Administrative
- Operational
- Technical
- Physical
-
In accordance with CIPA, who determines what is considered inappropriate material?
- FCC
- U.S. Department of Education
- The local communities
- U.S. Department of the Interior Library
- State governments
-
The Family Educational Rights and Privacy Act prohibits the use of Social Security numbers as directory information, even the use of the just the last four digits of a SSN.
- True
- False
-
PCI DSS is a legislative act enacted by Congress to ensure that merchants meet baseline security requirements for how they store, process, and transmit payment card data.
- True
- False
-
To comply with the Red Flags Rule, financial institutions and creditors must do which of the following?
- Identify red flags for covered accounts.
- Detect red flags.
- Respond to detected red flags.
- Update the program periodically.
- All of the above
- Answers B and C only
-
Having a photograph or physical description on an identification that is not consistent with the applicant or consumer presenting the identification is an example of what type of red flag category?
- Alerts, notifications, or other warnings received from consumer reporting agencies or service providers.
- The presentation of suspicious documents
- The presentation of suspicious personal identifying information
- The unusual use of or other suspicious activity related to a covered account
-
Regulatory compliance laws do not exist at what different level?
- Local
- State
- Federal
- International.
-
The Family Educational Rights and Privacy Act (FERPA) of 1974 is a U.S. federal law that protects the privacy of student education records and allows parents certain access rights to the student’s educational records, even when a student turns 18 and attends college.
- True
- False
-
Which of the following does not deal with the HIPAA administrative safeguard of the security management process?
- Risk analysis and management
- Sanction policy
- Facility security plan
- Information system activity review
-
Which of the following does not deal with the addressable HIPAA administrative safeguard of workforce security?
- Authorization and/or supervision
- Workforce clearance procedure
- Termination procedures
- Contingency operations
- This law attempts to limit children’s exposure to sexual material.