- All Exams Instant Download
Which is the preferred response?
A vendor has been collecting data under an old contract, not aligned with the practices of the organization. Which is the preferred response?A . Destroy the data B. Update the contract to bring the vendor into alignment. C. Continue the terms of the existing contract until it expires. D. Terminate...
You have been asked to verify compliance as well as to evaluate all current security controls and security measures, including data encryption methods, authentication controls and the safest methods for transferring data into and out of the facility. As you prepare to begin your analysis, you fnd yourself considering an intriguing question: Can these people be sure that I am who I say I am?
SCENARIO It should be the most secure location housing data in all of Europe, if not the world. The Global Finance Data Collective (GFDC) stores fnancial information and other types of client data from large banks, insurance companies, multinational corporations and governmental agencies. After a long climb on a mountain...
Which of the following provides a mechanism that allows an end-user to use a single sign-on (SSO) for multiple services?
Which of the following provides a mechanism that allows an end-user to use a single sign-on (SSO) for multiple services?A . The Open ID Federation. B. PCI Data Security Standards Council C. International Organization for Standardization. D. Personal Information Protection and Electronic Documents Act.View AnswerAnswer: A
What is the main function of the Amnesic Incognito Live System or TAILS device?
What is the main function of the Amnesic Incognito Live System or TAILS device?A . It allows the user to run a self-contained computer from a USB device. B. It accesses systems with a credential that leaves no discernable tracks. C. It encrypts data stored on any computer on a...
Which is NOT a suitable action to apply to data when the retention period ends?
Which is NOT a suitable action to apply to data when the retention period ends?A . Aggregation. B. De-identifcation. C. Deletion. D. Retagging.View AnswerAnswer: C
Which of the following is considered a client-side IT risk?
Which of the following is considered a client-side IT risk?A . Security policies focus solely on internal corporate obligations. B. An organization increases the number of applications on its server. C. An employee stores his personal information on his company laptop. D. IDs used to avoid the use of personal...
Under the Family Educational Rights and Privacy Act (FERPA), releasing personally identifable information from a student's educational record requires written permission from the parent or eligible student in order for information to be?
Under the Family Educational Rights and Privacy Act (FERPA), releasing personally identifable information from a student's educational record requires written permission from the parent or eligible student in order for information to be?A . Released to a prospective employer. B. Released to schools to which a student is transferring. C....
What must be done to destroy data stored on "write once read many" (WORM) media?
What must be done to destroy data stored on "write once read many" (WORM) media?A . The data must be made inaccessible by encryption. B. The erase function must be used to remove all data. C. The media must be physically destroyed. D. The media must be reformatted.View AnswerAnswer: C
Which of the following is considered a records management best practice?
Which of the following is considered a records management best practice?A . Archiving expired data records and fles. B. Storing decryption keys with their associated backup systems. C. Implementing consistent handling practices across all record types. D. Using classifcation to determine access rules and retention policy.View AnswerAnswer: D
Which of the following statements describes an acceptable disclosure practice?
Which of the following statements describes an acceptable disclosure practice?A . An organization's privacy policy discloses how data will be used among groups within the organization itself. B. With regard to limitation of use, internal disclosure policies override contractual agreements with third parties. C. Intermediaries processing sensitive data on behalf...
