Exam (elaborations)
WGU C725 INFORMATION SECURITY AND ASSURANCE EXAM QUESTIONS AND ANSWERS 2024
- Course
- Institution
WGU C725 INFORMATION SECURITY AND ASSURANCE EXAM QUESTIONS AND ANSWERS 2024
[Show more]
Content preview
WGU C725 INFORMATION SECURITY ANDASSURANCE EXAM
T or F
To qualify for Privacy Shield protection, U.S. companies conducting business in Europe must meet the
seven requirements for the processing of personal information:
1. Informing Individuals About Data Processing
2. Providing Free and Accessible Dispute Resolution
3. Cooperating with the Department of Commerce
4. Maintaining Data Integrity and Purpose Limitation
5. Ensuring Accountability for Data Transferred to Third Parties
6. Transparency Related to Enforcement Actions
7. Ensuring Commitments Are Kept As Long As Data Is Held - ANSWERS-True
A new, comprehensive law covering the protection of personal information in 2016. The General Data
Protection Regulation (GDPR) is scheduled to go into effect on May 25, 2018, and will replace the older
data protection directives on that date. The main purpose of this law is to provide a single, harmonized
law that covers data throughout the European Union. - ANSWERS-European Union General Data
Protection Regulation
T or F
The following PCI DSS are requirements:
,Preserve the stored cardholder data
Limit the physical access to cardholder data
Develop and preserve secure systems and applications
Monitor all access to network resources and cardholder data - ANSWERS-True
T or F
PCI DSS has 12 main requirements.
Install and maintain a firewall configuration to protect cardholder data.
Do not use vendor-supplied defaults for system passwords and other security parameters.
Protect stored cardholder data.
Encrypt transmission of cardholder data across open, public networks.
Protect all systems against malware and regularly update antivirus software or programs.
Develop and maintain secure systems and applications.
Restrict access to cardholder data by business need-to-know.
Identify and authenticate access to system components.
,Restrict physical access to cardholder data.
Track and monitor all access to network resources and cardholder data.
Regularly test security systems and processes.
Maintain a policy that addresses information security for all personnel. - ANSWERS-True
Internal investigations that examine either operational issues or a violation of the organization's policies.
They may be conducted as part of a technical troubleshooting effort or in support of other
administrative processes, such as Human Resources disciplinary procedures. - ANSWERS-Administrative
Investigations
An investigation that examine issues related to the organization's computing infrastructure and have the
primary goal of resolving a particular type of issue. For example, an information technology (IT) team
noticing performance issues on their web servers may conduct an this type of investigation which is
designed to determine the cause of the performance problems. - ANSWERS-Operational Investigations
An investigation typically conducted by law enforcement personnel, investigate the alleged violation of
criminal law. These investigations may result in charging suspects with a crime and the prosecution of
those charges in criminal court. - ANSWERS-Criminal Investigations
An investigation that typically does not involve law enforcement but rather involves internal employees
and outside consultants working on behalf of a legal team. They prepare the evidence necessary to
present a case in civil court resolving a dispute between two parties. - ANSWERS-Civil Investigations
This type of investigation uses the weaker preponderance of the evidence standard. Meeting this
standard simply requires that the evidence demonstrate that the outcome of the case is more likely
than not. For this reason, evidence collection standards for these type of investigations are not as
rigorous as those used in criminal investigations. - ANSWERS-Civil Investigations
, Government agencies may conduct this type of investigation when they believe that an individual or
corporation has violated administrative law. Regulators typically conduct these investigations with a
standard of proof commensurate with the venue where they expect to try their case. These types of
investigations vary widely in scope and procedure and are often conducted by government agents. -
ANSWERS-Regulatory Investigations
In legal proceedings, each side has a duty to preserve evidence related to the case and, through the
discovery process, share information with their adversary in the proceedings. This discovery process
applies to both paper records and electronic records and the electronic discovery (or eDiscovery)
process facilitates the processing of electronic information for disclosure. - ANSWERS-Electronic
Discovery
T or F
The Electronic Discovery Reference Model describes a standard process for conducting eDiscovery with
nine steps:
Information Governance ensures that information is well organized for future eDiscovery efforts.
Identification locates the information that may be responsive to a discovery request when the
organization believes that litigation is likely.
Preservation ensures that potentially discoverable information is protected against alteration or
deletion.
Collection gathers the responsive information centrally for use in the eDiscovery process.
Processing screens the collected information to perform a "rough cut" of irrelevant information,
reducing the amount of information requiring detailed screening.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Teacher101. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $17.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
83637 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now