1. (TCO 2) Which of the following is not an example of a poor security practice?
ID: 661958 • Letter: 1
Question
There is a lack of security policies, procedures, or training within the user's organization.
An employee does not allow a person he or she is talking with to enter a secured area before showing proper credentials.
An employee creates one good password and then uses it for all of his or her accounts. Question 2.2. (TCO 2) An attacker watches people as they enter a building that requires a key card. The attacker waits until she sees someone who appears to be in a rush and has his hands full. She then intercepts the person, makes quick small talk, offers to help him hold what's in his hands while he swipes in, and follows behind. This is an example of _____. (Points : 3) spear phishing
pharming
piggybacking
man trapping Question 3.3. (TCO 2) What is PKIX? (Points : 3) One of the standards used in implementing a public-key infrastructure
A method of private cryptography used by the military
A method of encrypting e-mail from the IRS
The method of encryption that uses a 40 bit encryption key Question 4.4. (TCO 2) Pretty good privacy (or PGP) is _____. (Points : 3) a privacy group that fights against the government
a common encryption method for e-mail
a password-management system
a method of securing an operating-system kernel Question 5.5. (TCO 8) A principal reference for rules governing the export of encryption can be found in the _____. (Points : 3) Bureau of Industry and Security
U.S. Department of Commerce
Export Administration Regulations
State Department Question 6.6. (TCO 8) What is the Gramm-Leach-Bliley Act? (Points : 3) It implements the principle that a signature, contract, or other record may not be deleted.
It denies legal effect, validity, or enforceability solely because it is in electronic form.
It addresses a myriad of legal privacy issues that resulted from the increasing use of computers and other technology specific to telecommunications.
It makes it a violation of federal law to knowingly use another's identity.
It is a major piece of legislation affecting the financial industry and containing significant privacy provisions for individuals. Question 7.7. (TCO 8) What do you call a law that is based on previous events or precedents? (Points : 3) Statutory law
Administrative law
Common law
Blue law Question 8.8. (TCO 8) A school principal allows student information to be accessed by a marketing company in exchange for goods and services for the school. The principal may have violated which law? (Points : 3) Privacy Act of 1974
FOIA
FERPA
FACTA Question 9.9. (TCO 8) Without a patient's approval, his medical records are shared with a third party who is not a medical professional. Which law may have been violated? (Points : 3) FERPA
FOIA
HIPAA
The Medical Records Security and Safety Act Question 10.10. (TCO 8) Which act requires credit agencies to perform timely investigations on inaccuracies reported by consumers? (Points : 3) FCRA
PCI DSS
FACTA
GBLA
Explanation / Answer
1.An employee does not allow a person he or she is talking with to enter a secured area before showing proper credentials.
2. piggybacking
3. One of the standards used in implementing a public-key infrastructure
4. a common encryption method for e-mail
5. Export Administration Regulations
6. It is a major piece of legislation affecting the financial industry and containing significant privacy provisions for individuals.
7. Common law
8. Privacy Act of 1974
9. The Medical Records Security and Safety Act
10.FCRA