CIS 438 Midterm Exam

Strayer Information Security Legal Issues CIS 438 Week 5 Midterm Exam
50 Correct Questions with Answers based on Chapters 1-7
Sample Questions:
Question 1
The Enron scandal and similar corporate scandals led to the creation of which of the following?
Securities and Exchange Commission
Gramm-Leach-Bliley Act
Sarbanes-Oxley Act
Public Company Accounting Oversight Board
Question 2
SOX ______ requires a company’s executive management to report on the effectiveness of the company’s internal controls over financial reporting (ICFR).
Section 302
Section 404
Section 903
Section 708
Question 3
Which financial disclosure form helps investors understand the financial stability of a company?
Form 10-K Annual report
Form 10-Q Quarterly report
Form 8-K Current report
All of the above

Download Now
(sent via email)

Question 4
SOX ___________imposes criminal liability for fraudulent financial certifications.
Section 906
Section 404
Section 302
Section 708
Question 5
______________________ is a very detailed disclosure of a company’s financial condition.
Form 10-K annual report
Form 10-Q quarterly report
Form 8-K current report
None of the above
Question 6
SOX ______________ requires CEOs and CFOs to certify a company’s SEC reports.
Section 906
Section 404
Section 302
Section 708
Question 7
The U.S. Securities and Exchange Commission reviews a public company’s Form 10-K at least once every ____________ years.
Question 8
The main goal of ______________ is to protect shareholders and investors from financial fraud.
Sarbanes-Oxley Act (SOX)
Gramm-Leach-Bliley Act
Securities and Exchange Commission
Public Company Accounting Oversight Board
Question 9
Collection and use of a child’s personal information such as name, e-mail address, or social security number by a Web site operate is governed by:
Question 10
The ________________________ protects the information of children online.
Children’s Online Privacy Protection Act (COPPA)
Children’s Internet Protection Act (CIPA)
Family Educational Rights and Privacy Act (FERPA)
Health Insurance Portability and Accountability Act (HIPAA)
Question 11
The _________________ requires schools to protect students’ records.
Children’s Online Privacy Protection Act (COPPA)
Children’s Internet Protection Act (CIPA)
Family Educational Rights and Privacy Act (FERPA)
Health Insurance Portability and Accountability Act (HIPAA)
Question 12
COPPA requires Web site operators collecting information from children to:
Obtain a signed acceptable use policy from children
Obtain a signed acceptable use policy from at least one parent
Review all parental permissions annually
Obtain a parental consent
Question 13
________________________ ensures minors can’t accidentally view obscene or objectionable material from school or library computers.
Children’s Online Privacy Protection Act (COPPA)
Children’s Internet Protection Act (CIPA)
Family Educational Rights and Privacy Act (FERPA)
Health Insurance Portability and Accountability Act (HIPAA)
Question 14
Which of the following is a true statement regarding COPPA and CIPA rules?
Both define a minor as anyone under the age of 17 years
Both define a minor as anyone under the age of 13 years
COPPA defines a minor as anyone under the age of 13 years while CIPA defines a minor as someone under the age of 17 years
None of the above
Question 15
All of the following are eligibility requirements for the president of the United States except:
Must be at least 35 years old
Must be a resident of the United States for at least 14 years at the time of election
Both A and B
Neither A nor B
Question 16
Which of the following is not a true statement?
State governments existed before the federal government.
State constitutions are nearly identical versions of the U.S. Constitution.
The U.S. Constitution primarily describes the relationship between the federal government and the states.
State constitutions primarily describe the relationship between a state and its citizens.
Question 17
A(n) ____________________________ is a formal request for a higher authority to review the decision of a lower court.
writ of certiorari
Question 18
All of the following are true statements about the American legal system except:
Defined by the U.S. Constitution
Each branch has a separate sphere of authority (balances)
Each branch of government is subject to review by the other branches (checks)
Decisions by each branch of government may be overturned by administrative agency courts
Question 19
Which of the following is a true statement about the Court of Appeals?
It’s a court of appellate jurisdiction.
It does not review the facts of a case or additional evidence.
Both A and B
Neither A nor B
Question 20
Civil law provides for the:
Punishment and incarceration for those who commit crimes against other individuals
Resolution of disputes between individuals only
Resolution of disputes between private individuals, state governments, and the federal government
Resolution of disputes between federal agencies only
Question 21
Which of the following has the power to declare war, establish a post office, maintain an army, make money, and regulate commerce?
Supreme Court
Administrative agencies
Question 22
Which Gramm-Leach-Bliley Act rule requires federal bank regulatory agencies, the SEC, and the FTC to issue security standards for the institutions that they regulate?
Privacy Rule
Safeguards Rule
Pretexting Rule
Red Flags Rule
Question 23
All of the following are examples of consumer financial information except:
Social security numbers
Address and telephone numbers
Employment history
Biometric data
Question 24
The purpose of the Gramm-Leach-Bliley Act __________________ is to fight identity theft.
Privacy Rule
Safeguards Rule
Pretexting Rule
Red Flags Rule
Question 25
The _______________________, also known as the Currency and Foreign Transactions Reporting Act, was created to fight drug trafficking, money laundering, and other crimes.
National Bank Act of 1864
Gramm-Leach-Bliley Act
Bank Secrecy Act of 1970
Bank Holding Company Act of 1956
Question 26
Which of the following was enacted by Congress in response to growth in identity theft crime?
Fair and Accurate Credit Transaction Act (FACTA) of 2003
Federal Trade Commission (FTC)
Gramm-Leach-Bliley Act (GLBA)
Federal Reserve System
Question 27
The mission of the _____________________is to protect consumers and to make sure that business is competitive by eliminating practices harmful to business.
Federal Trade Commission (FTC)
Federal Financial Institutions Examination Council (FFIEC)
National Credit Union Administration (NCUA)
Office of Thrift Supervision
Question 28
All of the following are examples of consumer financial institutions except:
Savings and loans associations
Credit unions
Insurance companies
Federal Reserve System
Question 29
What is a small string of text that a Web site stores on a user’s computer?

Download Now
(sent via email)

Question 30
Which of the following U.S. Constitution amendments contribute to the right of privacy?
First, Second, and Third Amendments
First and Sixth Amendments
First, Third, and Fourth Amendments
First, Second, and Fourth Amendments
Question 31
A ______________ is the official schedule of a court and the events in cases pending before a court.
Question 32
Which Act established the public’s right to request information from federal agencies?
Privacy Act of 1974
Electronic Communications Privacy Act
Freedom of Information Act
Mail Privacy Statute
Question 33
What is the source of legal authority for the U.S. government?
The First Amendment
Laws enacted by state Supreme Courts
The Fourth Amendment
The U.S. Constitution
Question 34
Which of the following is a true statement regarding privacy?
Privacy is an individual’s right to control the use and disclosure of personal information.
Privacy and security are the same thing.
Private personal information may become public under the Freedom of Information Act.
None of the above
Question 35
__________________ is a body of law developed because of legal tradition and court cases.
Common law
Privacy law
Public law
Administrative law
Question 36
All of the following are characteristics of HIPAA except:
Requires that employers offer health coverage
Used to fight health insurance fraud and eliminate waste
Simplifies how health insurance is administered
Protects the privacy and security of personally identifiable health information
Question 37
Regarding pre-existing conditions, HIPAA:
Only allows employer-provided health plans to look back only six months for pre-existing conditions
In most instances limits the amount of time health plans can require an individual to “sit out” of coverage to no more than 12 months
A and B
Neither A nor B
Question 38
___________________ allows employees and their families to continue health coverage when they lose or change a job.
Department of Health and Human Services (HHS)
Question 39
COBRA benefits generally last a maximum of:
18 months
6 months
1 year
2 years
Question 40
With respect to protected health information, HIPAA:
Forbids the creation of any state laws protecting health information
Requires state laws to mirror HIPAA rules
Is automatically the controlling law in the event of a conflict with a state law
Prohibits state laws that are contrary to HIPAA
Question 41
All of the following are examples of protected health information (PHI) except:
Past, present, or future health information
Information regarding physical or mental health
Payments for health care
Publically available information regarding insurance companies
Question 42
The HIPAA _________________ dictates how covered entities must protect the privacy of personal health information.
Information Security Rule
Health Information Protection Rule
Privacy Rule
Red Flag Rule
Question 43
The main goal of information security is to protect:
Non-public personally identifiable information
Confidentiality, integrity, and availability
Personal health data and biometrics
Financial data of public entities
Question 44
What is the process of applying safeguards to avoid a negative impact?
Risk mitigation
Risk transfer
Risk analysis
Risk avoidance
Question 45
What is considered personally identifiable information?
Social security number
Driver’s license number
Biometric data
All of the above
Question 46
All of the following are ways to protect confidentiality except:
Access controls
Shoulder surfing
Question 47
What is the window of vulnerability?
The period of time when antivirus software must be updated
The period of time when an attacker may launch a DoS attack
The time between a malware attack and discovery by security personnel
The time between exploit discovery and an installed security patch
Question 48
_________________________ involves tricking other people into breaking security procedures and sharing sensitive information.
Shoulder surfing
E-mail spam
Social engineering
Question 49
Anything that can cause harm to an information system is a:
None of the above
Question 50
Threats fall into which of the following categories?
Technology and operational
Physical and environmental
All of the above

Download Now
(sent via email)

Discussion five/one:
Assess if NIST is too large and attempts to cover too many topics.
Decide if NIST should separate into different entities for different
major areas, such as IT governance, risk management, information
security, and others.

The NIST website has an org chart which shows the different areas of
responsibility. The Office of Information Systems Management is one of six
areas under the Associate Director for Management Resources. I also found
the org chart for the OISM Organization and it looks like they have a good
division of responsibilities.
I do know from experience and where I work separating major areas is
beneficial. I work in the audit and compliance area, another team is
responsible for information security and then another team handles risk

Assess if the various NIST documents covering risk management
topics and concepts are too spread out and should be more
consolidated to provide better guidance to organizations when
they are establishing risk management programs.

In addition to the NIST supporting documentation listed in our text (p22o), I
found two other publications that are applicable to risk management.
SP 800-30 Guide for Conducting Risk Assessments
SP 800-39 Managing Information Security Risk: Organization, Mission, and
Information System View
I don’t think the documents are too spread out, each step in the RMF has
supporting documents which makes implementation of RMF easier to follow.
Consolidation could make the process cumbersome.

Discussion five/two:
From the e-Activity, describe the main elements of FISMA in the
management and governance of federal information systems.

1.provide security protections using risk as a measuring stick while also
calculating the amount of harm that can occur if security is compromised.
2.the agency must follow all information security procedures already defined in
the law and must integrate information security management into the goal of
the specific agency.
3.each agency must ensure that senior agency officials document and report all
assessed risk annually to the OMB.

From the e-Activity, examine how FISMA and NIST work together
to provide guidance and direction to organizations and agencies.

NIST developed guidance and a Risk Management Framework which includes
NIST’s FISMA related security standards and guidelines to promote
development of a complete risk-based information security program by federal
agencies. NIST works with federal agencies to improve their understanding and
implementation of FISMA to protect their information and information systems.
They also publish standards and guidelines which provide the foundation for
strong information security programs at government agencies.