HUGE ITN 267 FINAL EXAM || A+ Verified Solutions.
___________________________ must be in place for securing networks, facilities, and systems
or groups of IT systems. They are intended for technologies or system components that are a part
of the larger information security program. correct answers Subordinate Plans
The term cyberwar specifically refers to conflicts between nations and their militaries. This is the
main distinction between cyberwar and other types of information system attacks that are
reported in the news media. (T or F) correct answers True
__________________ restrict the transmission of certain types of information to non-U.S.
citizens or non-permanent residents who are located in the United States. correct answers Export
control regulations
Which of the following are types of export control regulations? correct answers ITAR & EAR
One of the most important parts of a FISMA information security program is that agencies test
and evaluate it. FISMA requires each agency to perform "periodic testing and evaluation of the
effectiveness of information security policies, procedures, and practices." Agencies must test
every IT system—no matter the risk level— at least once a year (T or F) correct answers True
NIST created a FISMA Implementation Project to help it meet its FISMA duties. The project
helped it create FISMA-related standards and guidelines in a timely manner. The project had two
phases. In the first phase, NIST developed standards and guidelines to help agencies meet basic
FISMA requirements. The documents developed in this phase helped agencies create their
information security programs. (T or F) correct answers True
An inspector general (IG) is an official who reviews the actions of a federal agency. An IG
examines the agency's activities to make sure that it's operating efficiently and following good
governance practices. (T or F) correct answers True
Each agency must report yearly to the OMB on its FISMA compliance activities. An agency also
must send a copy of their yearly report to each of these agencies with the exception of: correct
answers Senate Committee on Foreign Relations
Congress created the _____________ in response to the September 11, 2001, terrorist attacks.
correct answers FISMA
FISMA requires the Department of Commerce to create information security standards and
guidelines. To which of the following organizations did the Department of Commerce delegate
this responsibility? correct answers NIST
Which of the following items is not part of the in "SP 800-37, Revision 1, Guide for Applying
the Risk Management Framework to Federal Information Systems: A Security Life Cycle
Approach" that NIST uses to create a risk management framework (RMF) approach to FISMA
compliance? correct answers Monitor security controls only when necessary
,The __________________________enforces trade sanctions and embargoes. correct answers
OFAC
Which of the following statements best captures the role and responsibility of NIST? correct
answers NIST creates the standards and guidelines for non-national security systems to help
agencies meet their FISMA obligations.
Under FISMA, the government must have a federal incident response (IR) center. The OMB is
responsible for this. Under FISMA, the IR center must: 1) give technical support to agencies
about information security incidents; 2) share information about security incidents; 3) protect
agencies from learning about current and potential threats and vulnerabilities; and 4) consult with
NIST and agencies with national security systems about information security incidents. (T or F)
correct answers False
From 2006 to 2012, the number of incidents reported by federal agencies to the USCERT
increased by 782 percent. (T or F) correct answers True
There's a growing trend in states such as California and North Carolina to specify the types of
information that should be included in a breach notice. Such content should be sure to fit the
following criteria: describe the incident in general terms; describe the type of personal
information that was involved in the breach; describe how the entity is going to protect the
personal information from additional unauthorized access; and advise the person being notified
to review his or her account statements and purchase access to his/her credit report from a
recommended list of vendors. (T or F) correct answers False
What was the first state to have a breach notification law? correct answers California
Which of the following statements summarizes why a breach notification is hard for entities?
correct answers States have different laws about what constitutes a breach.
Some states require entities doing business within the state to follow basic information security
practices, while other states are more aggressive and require entities to use specific security
practices, such as encryption. (T or F) correct answers True
Which of the follow does not count as personal information, as designated by California's
Database Security Breach Notification Act? correct answers student ID
In 2007 Minnesota created the Plastic Card Security Act, which is the first state law that
attempted to codify certain parts of the PCI DSS. It forbids businesses from storing cardholder
information for more than 48 hours after the credit card transaction is approved. Which of the
following lists of information can't be stored? correct answers card verification number, PIN
number, and contents of the card magnetic stripe
After the ChoicePoint breach, 46 states, including the District of Columbia, have created breach
notification laws. Although, most states used the California law as a model, there are some
,differences. Which of the following is not one of the differences? correct answers maximum
requirements for encryption
Georgia's notification law is unique because it applies to information brokers, which are entities
that sell personal data to other entities, as well as government agencies. (T or F) correct answers
False
Massachusetts' "Standards for the Protection of Personal Information of Residents of the
Commonwealth" was released in September 2008 and is known for being "unique" in terms of its
data protection standard. Which of the following statements best captures that uniqueness?
correct answers It attempts to regulate businesses outside of Massachusetts by requiring
businesses to encrypt the personal data of Massachusetts residents.
Nevada law defines data storage devices as computers, cell phones, and external computer hard
drives, but it excludes backup storage media. This portion of the law helps protect data if the
storage media is lost or stolen. (T or F) correct answers False
Congress can create laws in areas where the________________ allows it. correct answers U.S.
Constitution
Nevada's Security of Personal Information Law requires protection of personal information in a
number of ways and applies to which of the following? correct answers data collectors
What is considered to be personal information by most states? correct answers social security
numbers & account numbers
The California Database Security Breach Notification Act applies to state agencies, non-profit
organizations, and private organizations and businesses. (T or F) correct answers True
When it created its breach notification law in 2007, Massachusetts established itself as the state
with the nation's most flexible data protection laws. (T or F) correct answers False
A legal owner of property has the right to use that property in any way they want to, and the
power to give those rights to another. This is called _____________. correct answers property
interest
Which of the following is not a reason that patents are encouraged? correct answers Patents
guarantee financial prosperity for all inventors.
______________ patents are used for inventions and discoveries related to machines,
manufactured products, processes, and compositions of matter. correct answers Utility
Intellectual property law defines a protected period wherein the creator or author of a work or
invention is the only person who can use or reproduce it. This allows authors and inventors to
profit from their creative efforts, which encourages people to write new books or create new
inventions. (T or F) correct answers True
, Infringement cases occur when there's an infringing use of a similar trademark that's confusing
or deceptive to the customer, such as when a trademark is used to promote different goods. An
example would be Coca-Cola minivan or a Kleenex motorcycle. (T or F) correct answers False
_____________________ is the area of law that protects a person's creative ideas, inventions,
and innovations. correct answers Intellectual Property Law
Unlike ______________, trade secrets aren't registered. A person or business doesn't have to
meet any registration or procedural formalities for protection. correct answers Patents
The bad faith registration of a domain name that's a registered trademark or trade name of
another entity is referred to as: correct answers cybersquatting
_____________ are used to protect words, logos, and symbols that identify a product or services.
correct answers Trademarks
To establish a trade secret, the information that's to be protected must meet the following criteria:
have value; be unknown; be unascertainable; and be protected. (T or F) correct answers True
_______________ patents protect the visual appearance of a product. correct answers Design
The strongest type of a trademark is a descriptive trademark. A trademark is descriptive when it
describes the underlying product that it represents. (T or F) correct answers False
An infringer is a person who owns a patent but doesn't intend to make, use, or sell the invention.
The term refers to a person who is overly aggressive and opportunistic. (T or F) correct answers
False
Works of the U.S. government, such as the United States Code, are included under public
domain, which refers to the body of works that are free for public use and well as works where
the copyright has expired. (T or F) correct answers True
Plant patents are granted to inventors who invent or discover new: correct answers varieties of
plants
A ______________ protects the formulas, processes, methods, and information that give a
business a competitive edge. correct answers trade secret
Which of the following is not a reason an examiner might reject a trademark? correct answers
The proposed trademark may disparage or falsely suggest a connection with persons who have
been dead less than 100 years.
What is not required for an invention or discovery to be patentable? correct answers must be
environmentally sustainable
