CIS 438 Midterm Exam

Strayer Information Security Legal Issues CIS 438 Week 5 Midterm Exam
50 Correct Questions with Answers based on Chapters 1-7
Sample Questions:
Question 1
The Enron scandal and similar corporate scandals led to the creation of which of the following?
Answer
Securities and Exchange Commission
Gramm-Leach-Bliley Act
Sarbanes-Oxley Act
Public Company Accounting Oversight Board
Question 2
SOX ______ requires a company’s executive management to report on the effectiveness of the company’s internal controls over financial reporting (ICFR).
Answer
Section 302
Section 404
Section 903
Section 708
Question 3
Which financial disclosure form helps investors understand the financial stability of a company?
Answer
Form 10-K Annual report
Form 10-Q Quarterly report
Form 8-K Current report
All of the above


Download Now
(sent via email)

Question 4
SOX ___________imposes criminal liability for fraudulent financial certifications.
Answer
Section 906
Section 404
Section 302
Section 708
Question 5
______________________ is a very detailed disclosure of a company’s financial condition.
Answer
Form 10-K annual report
Form 10-Q quarterly report
Form 8-K current report
None of the above
Question 6
SOX ______________ requires CEOs and CFOs to certify a company’s SEC reports.
Answer
Section 906
Section 404
Section 302
Section 708
Question 7
The U.S. Securities and Exchange Commission reviews a public company’s Form 10-K at least once every ____________ years.
Answer
five
three
four
two
Question 8
The main goal of ______________ is to protect shareholders and investors from financial fraud.
Answer
Sarbanes-Oxley Act (SOX)
Gramm-Leach-Bliley Act
Securities and Exchange Commission
Public Company Accounting Oversight Board
Question 9
Collection and use of a child’s personal information such as name, e-mail address, or social security number by a Web site operate is governed by:
Answer
COPPA
FERPA
CIPA
HIPAA
Question 10
The ________________________ protects the information of children online.
Answer
Children’s Online Privacy Protection Act (COPPA)
Children’s Internet Protection Act (CIPA)
Family Educational Rights and Privacy Act (FERPA)
Health Insurance Portability and Accountability Act (HIPAA)
Question 11
The _________________ requires schools to protect students’ records.
Answer
Children’s Online Privacy Protection Act (COPPA)
Children’s Internet Protection Act (CIPA)
Family Educational Rights and Privacy Act (FERPA)
Health Insurance Portability and Accountability Act (HIPAA)
Question 12
COPPA requires Web site operators collecting information from children to:
Answer
Obtain a signed acceptable use policy from children
Obtain a signed acceptable use policy from at least one parent
Review all parental permissions annually
Obtain a parental consent
Question 13
________________________ ensures minors can’t accidentally view obscene or objectionable material from school or library computers.
Answer
Children’s Online Privacy Protection Act (COPPA)
Children’s Internet Protection Act (CIPA)
Family Educational Rights and Privacy Act (FERPA)
Health Insurance Portability and Accountability Act (HIPAA)
Question 14
Which of the following is a true statement regarding COPPA and CIPA rules?
Answer
Both define a minor as anyone under the age of 17 years
Both define a minor as anyone under the age of 13 years
COPPA defines a minor as anyone under the age of 13 years while CIPA defines a minor as someone under the age of 17 years
None of the above
Question 15
All of the following are eligibility requirements for the president of the United States except:
Answer
Must be at least 35 years old
Must be a resident of the United States for at least 14 years at the time of election
Both A and B
Neither A nor B
Question 16
Which of the following is not a true statement?
Answer
State governments existed before the federal government.
State constitutions are nearly identical versions of the U.S. Constitution.
The U.S. Constitution primarily describes the relationship between the federal government and the states.
State constitutions primarily describe the relationship between a state and its citizens.
Question 17
A(n) ____________________________ is a formal request for a higher authority to review the decision of a lower court.
Answer
pleading
holding
appeal
writ of certiorari
Question 18
All of the following are true statements about the American legal system except:
Answer
Defined by the U.S. Constitution
Each branch has a separate sphere of authority (balances)
Each branch of government is subject to review by the other branches (checks)
Decisions by each branch of government may be overturned by administrative agency courts
Question 19
Which of the following is a true statement about the Court of Appeals?
Answer
It’s a court of appellate jurisdiction.
It does not review the facts of a case or additional evidence.
Both A and B
Neither A nor B
Question 20
Civil law provides for the:
Answer
Punishment and incarceration for those who commit crimes against other individuals
Resolution of disputes between individuals only
Resolution of disputes between private individuals, state governments, and the federal government
Resolution of disputes between federal agencies only
Question 21
Which of the following has the power to declare war, establish a post office, maintain an army, make money, and regulate commerce?
Answer
Congress
President
Supreme Court
Administrative agencies
Question 22
Which Gramm-Leach-Bliley Act rule requires federal bank regulatory agencies, the SEC, and the FTC to issue security standards for the institutions that they regulate?
Answer
Privacy Rule
Safeguards Rule
Pretexting Rule
Red Flags Rule
Question 23
All of the following are examples of consumer financial information except:
Answer
Social security numbers
Address and telephone numbers
Employment history
Biometric data
Question 24
The purpose of the Gramm-Leach-Bliley Act __________________ is to fight identity theft.
Answer
Privacy Rule
Safeguards Rule
Pretexting Rule
Red Flags Rule
Question 25
The _______________________, also known as the Currency and Foreign Transactions Reporting Act, was created to fight drug trafficking, money laundering, and other crimes.
Answer
National Bank Act of 1864
Gramm-Leach-Bliley Act
Bank Secrecy Act of 1970
Bank Holding Company Act of 1956
Question 26
Which of the following was enacted by Congress in response to growth in identity theft crime?
Answer
Fair and Accurate Credit Transaction Act (FACTA) of 2003
Federal Trade Commission (FTC)
Gramm-Leach-Bliley Act (GLBA)
Federal Reserve System
Question 27
The mission of the _____________________is to protect consumers and to make sure that business is competitive by eliminating practices harmful to business.
Answer
Federal Trade Commission (FTC)
Federal Financial Institutions Examination Council (FFIEC)
National Credit Union Administration (NCUA)
Office of Thrift Supervision
Question 28
All of the following are examples of consumer financial institutions except:
Answer
Savings and loans associations
Credit unions
Insurance companies
Federal Reserve System
Question 29
What is a small string of text that a Web site stores on a user’s computer?
Answer
Cookie
Adware
Spyware
Malware


Download Now
(sent via email)

Question 30
Which of the following U.S. Constitution amendments contribute to the right of privacy?
Answer
First, Second, and Third Amendments
First and Sixth Amendments
First, Third, and Fourth Amendments
First, Second, and Fourth Amendments
Question 31
A ______________ is the official schedule of a court and the events in cases pending before a court.
Answer
docket
pleading
brief
service
Question 32
Which Act established the public’s right to request information from federal agencies?
Answer
Privacy Act of 1974
Electronic Communications Privacy Act
Freedom of Information Act
Mail Privacy Statute
Question 33
What is the source of legal authority for the U.S. government?
Answer
The First Amendment
Laws enacted by state Supreme Courts
The Fourth Amendment
The U.S. Constitution
Question 34
Which of the following is a true statement regarding privacy?
Answer
Privacy is an individual’s right to control the use and disclosure of personal information.
Privacy and security are the same thing.
Private personal information may become public under the Freedom of Information Act.
None of the above
Question 35
__________________ is a body of law developed because of legal tradition and court cases.
Answer
Common law
Privacy law
Public law
Administrative law
Question 36
All of the following are characteristics of HIPAA except:
Answer
Requires that employers offer health coverage
Used to fight health insurance fraud and eliminate waste
Simplifies how health insurance is administered
Protects the privacy and security of personally identifiable health information
Question 37
Regarding pre-existing conditions, HIPAA:
Answer
Only allows employer-provided health plans to look back only six months for pre-existing conditions
In most instances limits the amount of time health plans can require an individual to “sit out” of coverage to no more than 12 months
A and B
Neither A nor B
Question 38
___________________ allows employees and their families to continue health coverage when they lose or change a job.
Answer
HITECH
Department of Health and Human Services (HHS)
COBRA
HIPAA
Question 39
COBRA benefits generally last a maximum of:
Answer
18 months
6 months
1 year
2 years
Question 40
With respect to protected health information, HIPAA:
Answer
Forbids the creation of any state laws protecting health information
Requires state laws to mirror HIPAA rules
Is automatically the controlling law in the event of a conflict with a state law
Prohibits state laws that are contrary to HIPAA
Question 41
All of the following are examples of protected health information (PHI) except:
Answer
Past, present, or future health information
Information regarding physical or mental health
Payments for health care
Publically available information regarding insurance companies
Question 42
The HIPAA _________________ dictates how covered entities must protect the privacy of personal health information.
Answer
Information Security Rule
Health Information Protection Rule
Privacy Rule
Red Flag Rule
Question 43
The main goal of information security is to protect:
Answer
Non-public personally identifiable information
Confidentiality, integrity, and availability
Personal health data and biometrics
Financial data of public entities
Question 44
What is the process of applying safeguards to avoid a negative impact?
Answer
Risk mitigation
Risk transfer
Risk analysis
Risk avoidance
Question 45
What is considered personally identifiable information?
Answer
Social security number
Driver’s license number
Biometric data
All of the above
Question 46
All of the following are ways to protect confidentiality except:
Answer
Encryption
Access controls
Passwords
Shoulder surfing
Question 47
What is the window of vulnerability?
Answer
The period of time when antivirus software must be updated
The period of time when an attacker may launch a DoS attack
The time between a malware attack and discovery by security personnel
The time between exploit discovery and an installed security patch
Question 48
_________________________ involves tricking other people into breaking security procedures and sharing sensitive information.
Answer
Shoulder surfing
E-mail spam
Social engineering
Integrity
Question 49
Anything that can cause harm to an information system is a:
Answer
Threat
Exploit
Vulnerability
None of the above
Question 50
Threats fall into which of the following categories?
Answer
Natural
Technology and operational
Physical and environmental
All of the above


Download Now
(sent via email)

Discussion five/one:
Assess if NIST is too large and attempts to cover too many topics.
Decide if NIST should separate into different entities for different
major areas, such as IT governance, risk management, information
security, and others.

The NIST website has an org chart which shows the different areas of
responsibility. The Office of Information Systems Management is one of six
areas under the Associate Director for Management Resources. I also found
the org chart for the OISM Organization and it looks like they have a good
division of responsibilities.
I do know from experience and where I work separating major areas is
beneficial. I work in the audit and compliance area, another team is
responsible for information security and then another team handles risk
evaluations.

Assess if the various NIST documents covering risk management
topics and concepts are too spread out and should be more
consolidated to provide better guidance to organizations when
they are establishing risk management programs.

In addition to the NIST supporting documentation listed in our text (p22o), I
found two other publications that are applicable to risk management.
SP 800-30 Guide for Conducting Risk Assessments
SP 800-39 Managing Information Security Risk: Organization, Mission, and
Information System View
I don’t think the documents are too spread out, each step in the RMF has
supporting documents which makes implementation of RMF easier to follow.
Consolidation could make the process cumbersome.

Discussion five/two:
From the e-Activity, describe the main elements of FISMA in the
management and governance of federal information systems.

1.provide security protections using risk as a measuring stick while also
calculating the amount of harm that can occur if security is compromised.
2.the agency must follow all information security procedures already defined in
the law and must integrate information security management into the goal of
the specific agency.
3.each agency must ensure that senior agency officials document and report all
assessed risk annually to the OMB.

From the e-Activity, examine how FISMA and NIST work together
to provide guidance and direction to organizations and agencies.

NIST developed guidance and a Risk Management Framework which includes
NIST’s FISMA related security standards and guidelines to promote
development of a complete risk-based information security program by federal
agencies. NIST works with federal agencies to improve their understanding and
implementation of FISMA to protect their information and information systems.
They also publish standards and guidelines which provide the foundation for
strong information security programs at government agencies.