Saint leo COM504 Module 4 Exam 2 (Score 100%)

QuestionQuestion 1 (2.5 points)__________ are tools that filter offensive content.Question 1 options:Spam blockersTechnology protection measures (TPM)Network databasesProxy serversSaveQuestion 2 (2.5 points)To be COPPA-compliant, a privacy policy must provide “assurance that participation is not conditioned on data collection.” Which of the following statements offer the best explanation of this criterion?Question 2 options:A Web site can’t require children to submit contact details in order to be allowed to use the site. Web sites are not allowed to collect more information than necessary for a child to participate in an activity.The Web site must state whether collected information is shared with a third party.Web sites must state how the information will be used. It must be specific.This includes the name, mailing address, telephone number, and e-mail address of all operators collecting or using the information collected on the Web site.SaveQuestion 3 (2.5 points)Some people believe that COPPA requirements violate freedom of speech without censorship guaranteed by the __________ Amendment.Question 3 options:FirstSecondFourthSeventhSaveQuestion 4 (2.5 points)The __________ protects the personal information of children online.Question 4 options:Family Educational Rights and Privacy Act (FERPA)Health Insurance Portability and Accountability Act (HIPAA)Children’s Internet Protection Act (CIPA)Children’s Online Privacy Protection Act (COPPA)SaveQuestion 5 (2.5 points)Collection and use of a child’s personal information such as name, e-mail address, or social security number by a Web site operator is governed by:Question 5 options:FERPAHIPAACIPACOPPASaveQuestion 6 (2.5 points)Which of the follow is not one of the rights that parents are guaranteed under COPPA?Question 6 options:Parents also can request that a Web site operator delete data held on their children.The Web site must re-notify parents whenever it changes its data collection and use procedures.Parents must be allowed to review information collected from their children.Parents will be notified by a Web site if it is collecting an e-mail address to respond to a one-time request from a child.SaveQuestion 7 (2.5 points)In which of the following circumstances would a library need to disable a TPM?Question 7 options:At the request of an adult to view content for research or other lawful purposeAt the request of a child with a document of written consent from his/her parentAt the request of anyone over the age of 17At the request of any school officialSaveQuestion 8 (2.5 points)Which of the following best defines a technology protection measure (TPM)?Question 8 options:It is any technology that can block or filter the objectionable content.It is technology that provides monitoring protocols that track a child’s online activities.It is technology that offers age-verification protocols that restrict online access to adults.It is technology that accepts Internet requests from clients, retrieves the pages, and serves them to the client.SaveQuestion 9 (2.5 points)__________ was created by Congress to make health insurance portable.Question 9 options:CIPAHIPAAHITECH ActFERPASaveQuestion 10 (2.5 points)Regarding pre-existing conditions, HIPAA:Question 10 options:only allows employer-provided health plans to look back six months for pre-existing conditions.neither A nor Bin most instances limits the amount of time health plans can require an individual to “sit out” of coverage to no more than 12 months.both A and BSaveQuestion 11 (2.5 points)The U.S. Securities and Exchange Commission reviews a public company’s Form 10-K at least once every __________ years.Question 11 options:fourtwothreefiveSaveQuestion 12 (2.5 points)The main goal of the __________ is to protect shareholders and investors from financial fraud.Question 12 options:Sarbanes-Oxley Act (SOX)Gramm-Leach-Bliley ActSecurities and Exchange CommissionPublic Company Accounting Oversight BoardSaveQuestion 13 (2.5 points)Which of the following parties is not among those who would share an individual’s health information?Question 13 options:Government agencies like Medicaid or MedicareInsurance companiesTreatment providersPotential employersSaveQuestion 14 (2.5 points)All of the following are types of information included on a Form 10-K except:Question 14 options:financial statements.explanation of how the company is organized and operates.auditor’s report.lists of employees and subcontractors.SaveQuestion 15 (2.5 points)The HIPAA __________ dictates how covered entities must protect the privacy of personal health information.Question 15 options:Privacy RuleRed Flag RuleInformation Security RuleHealth Information Protection RuleSaveQuestion 16 (2.5 points)The __________ enforces trade sanctions and embargoes and prohibits trade with certain people in other countries.Question 16 options:Department of Defense (DoD)Department of CommerceOffice of Management and Budget (OMB)Office of Foreign Assets Control (OFAC)SaveQuestion 17 (2.5 points)__________ restrict(s) the transmission of certain types of information to non-U.S. citizens or non-permanent residents who are located in the United States.Question 17 options:Import control regulationsSocial media sitesExport control regulationsThe Office of International Information TransferenceSaveQuestion 18 (2.5 points)Which of the following was not one of the outcomes of the Enron scandal?Question 18 options:Public companies are required to file one comprehensive financial disclosure statement with the SEC.The SEC began to require that the accuracy of financial statements be certified in a number of different ways.The SEC began to require more information to be reported on its financial statements.Investors started to significantly lose confidence in large public companies.SaveQuestion 19 (2.5 points)__________ are the processes and procedures that a company uses to provide reasonable assurance that its financial reports are reliable.Question 19 options:Internal controlsRisk assessmentDisclosure controlsExternal controlsSaveQuestion 20 (2.5 points)What was the first federal law to address federal computer security?Question 20 options:Computer Security Act (CSA)The E-Privacy ActFederal Information Security Management Act (FISMA)Sarbanes-Oxley Act (SOX)SaveQuestion 21 (2.5 points)The __________ was created by Congress to protect data collected by the government.Question 21 options:Federal Information and Security Management Act (FISMA)Computer Security Act (CSA)E-Government Act of 2002Privacy Act of 1974SaveQuestion 22 (2.5 points)Which of the following items is not part of the in “SP 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach” that NIST uses to create a risk management framework (RMF) approach to FISMA compliance?Question 22 options:Implement security controls in IT systemsSelect minimum security controlsCategorize IT systemsMonitor security controls only when necessarySaveQuestion 23 (2.5 points)Under the __________, federal agencies must (1) review their IT systems for privacy risks, (2) post privacy policies on their Web sites, (3) post machine-readable privacy policies on their Web sites, and (4) report privacy activities to the OMB.Question 23 options:Privacy Act of 1974Federal Information and Security Management Act (FISMA)E-Government Act of 2002Computer Security Act (CSA)SaveQuestion 24 (2.5 points)__________ must be in place for securing networks, facilities, and systems or groups of IT systems. They are intended for technologies or system components that are a part of the larger information security program.Question 24 options:Security awareness trainingSubordinate plansPolicies and proceduresTesting and evaluationSaveQuestion 25 (2.5 points)FISMA requires federal agencies to secure national security systems using a risk-based approach, but this does not apply to __________ information.Question 25 options:personally identifiableintellectual propertysensitiveclassifiedSaveQuestion 26 (2.5 points)FERPA has four main requirements: Annual notification, access to education records, amendment of education records, and disclosure of education records.Question 26 options:TrueFalseSaveQuestion 27 (2.5 points)Medical identity thieves exclusively consist of computer hackers or members of organized crime rings.Question 27 options:TrueFalseSaveQuestion 28 (2.5 points)Covered entities must respond to a person’s request to access PHI within a specific period. The rule requires covered entities to respond in 60 days.Question 28 options:TrueFalseSaveQuestion 29 (2.5 points)An Internet safety policy must educate minors about appropriate online behavior. This includes how to use social networking Web sites and chatrooms safely. The policy must include information on how to recognize cyberbullying. It also must tell minors how to respond to cyberbullying.Question 29 options:TrueFalseSaveQuestion 30 (2.5 points)The Federal Communications Commission (FCC) mandates that a TPM should be 100 percent effective. This effectiveness is determined by the CIPA and the FCC.Question 30 options:TrueFalseSaveQuestion 31 (2.5 points)Covered entities must keep records of how they disclose a person’s PHI. Under the Privacy Rule, a person has the right to receive an accounting of how the covered entity has used or disclosed the person’s PHI.Question 31 options:TrueFalseSaveQuestion 32 (2.5 points)Many SOX provisions require companies to verify the accuracy of their financial information. Because IT systems hold many types of financial information, companies and auditors quickly realized that these systems were in scope for SOX compliance. That meant that how those systems are used and the controls used to safeguard those systems had to be reviewed.Question 32 options:TrueFalseSaveQuestion 33 (2.5 points)One of the main functions of the PCAOB is to set standards for how auditors review public companies. It has created standards related to auditing, ethics, independence, and quality control.Question 33 options:TrueFalseSaveQuestion 34 (2.5 points)In situations when a covered entity may use or disclose PHI to the extent that it’s required by law, the covered entity may only do so in response to a subpoena issued by a grand jury.Question 34 options:TrueFalseSaveQuestion 35 (2.5 points)The following is an example of an incidental disclosure: a customer at a pharmacy hears the pharmacist quietly discussing a medication with another customer.Question 35 options:TrueFalseSaveQuestion 36 (2.5 points)In 1987, Congress passed the Computer Security Act (CSA). This was the first law to address federal computer security. Under the CSA, every federal agency had to inventory its IT systems. Agencies also had to create security plans for those systems and review their plans every year.Question 36 options:TrueFalseSaveQuestion 37 (2.5 points)FISMA merges a number of different laws. All of these laws address different information security issues. Because no one law was comprehensive, Congress heard many reports that information security efforts at the federal level were not effective. Congress intended FISMA to be a strong law to fix this problem.Question 37 options:TrueFalseSaveQuestion 38 (2.5 points)In 1992, COSO issued guidance on internal controls. The COSO framework says that internal controls are effective when they give the management of a company reasonable assurance that: (1) it understands how the entity’s operational objectives are being achieved, (2) its published financial statements are being prepared reliably, and (3) it’s complying with applicable laws and regulations.Question 38 options:TrueFalseSaveQuestion 39 (2.5 points)NIST created a FISMA Implementation Project to help it meet its FISMA duties. The project helped it create FISMA-related standards and guidelines in a timely manner. The project had two phases. In the first phase, NIST developed standards and guidelines to help agencies meet basic FISMA requirements. The documents developed in this phase helped agencies create their information security programs.Question 39 options:TrueFalseSaveQuestion 40 (2.5 points)An access control model is an information security control; there is one main type of access control model, which is mandatory access control (MAC). In this model, data owners don’t have the ability to decide who can access certain files or data. This model is based on a security label system. Users of the system have a security label. Data and files in the system also have a security label. A user can access only data with the same (or lower) security label.Question 40 options:TrueFalse