Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CSC 6530 SECOND-TERM > IS3350 CHAPTER 8 > Flashcards

IS3350 CHAPTER 8 Flashcards

1
Q

A federal government official who independently evaluates the performance of federal agencies. These are independent officials and called ___?

A

INSPECTOR GENERAL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Information technology systems that hold military, defense, and intelligence information is called ___?

A

NATIONAL SECURITY SYSTEMS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A review of how a federal agency’s IT systems process personal information. The E-Government Act of 2002 requires Federal agencies to conduct these assessments and is called ___?

A

PRIVACY IMPACT ASSESSMENT (PIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Any information about a person that a federal agency maintains. This term is also defined by the Privacy Act of 1974 and is called a ___?

A

RECORD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A federal agency’s notice about agency record-keeping systems that can retrieve records through the use of a personal identifies. The Privacy Act of 1974 requires federal agencies to provide these notices. This is called ___?

A

SYSTEM OF RECORDS NOTICE (SORN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Which regulation controls the export of military or defense applications and technology?
  2. ITAR
  3. EAR
  4. OFAC
  5. FDIC
  6. none of the above
A

ITAR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. What information must a federal agency include in a privacy impact assessment?
A

State what information is to be collected;
Why the information is being collected;
The intended use of the information;
How the agency will share the information;
Whether people have the opportunity to consent to specific uses of the info;
How the information will be secured;
Whether the info collected will be a system of records as defined by the Privacy Act of 1974

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. The information collected in a PIA and a SORN is based upon what principles?
  2. NIST standards
  3. OMB standards
  4. Fair information privacy practices
  5. OTAR regulations
  6. None of the above
A

Fair information privacy practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Which assessment must be completed any time a federal agency collects personal information that can be retrieved via a personal identifier?
  2. PIA
  3. SORN
  4. ACORN
  5. OFAC
  6. None of the above
A

SORN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which agency has primary oversight responsibilities under FISMA?
  2. DoD
  3. CIA
  4. NIST
  5. CNSS
  6. None of the above
A

None of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Federal agencies must report information security incidents to ____?
A

US-CERT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. Federal agencies must test their information security controls every six months.
    TRUE OR FALSE
A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. What are federal information security challenges?
  2. A culture of merely complying with reporting requirement
  3. Lack of an enterprise approach
  4. Lack of coordination within the federal government
  5. All the above
  6. None of the above
A
  1. A culture of merely complying with reporting requirement
  2. Lack of an enterprise approach
  3. Lack of coordination within the federal government

ALL THE ABOVE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. What is the name of the FISMA data-collection tool?
A

CyberScope

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Which type of NIST guidance follows a formal creation process?
  2. Special Publications
  3. Federal Information Processing Standards
  4. Guidelines for Information Security
  5. Fair information practice principles
  6. None of the above
A

Federal Information Processing Standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. How many steps are there in the NIST Risk Management Framework?
  2. Six
  3. Five
  4. Four
  5. Three
  6. None of the above
A

Six

17
Q
  1. Which level of impact for a FIPS security category best describes significant damage to organizational assets?
  2. Low
  3. Moderate
  4. High
  5. Severe
  6. None of the above
A

Moderate

18
Q
  1. FedCIRC is the federal information security incident center.
    TRUE OR FALSE
A

FALSE

19
Q
  1. How quickly must a federal agency report an unauthorized access incident?
  2. Monthly
  3. Weekly
  4. Daily
  5. Within two hours of discovery
  6. Within one hour of discovery
A

Within one hour of discovery

20
Q
  1. How many categories of security controls are designated in FIPS 200?
  2. 20
  3. 19
  4. 18
  5. 17
  6. None of the above
A

17

21
Q
  1. The following info is defined as ___?
    * State what information is to be collected;
    * Why the information is being collected;
    * The intended use of the information;
    * How the agency will share the information;
    * Whether people have the opportunity to consent to specific uses of the info;
    * How the information will be secured;
    * Whether the info collected will be a system of records as defined by the Privacy Act of 1974
A

What information a federal agency must include in a privacy impact assessment.

CSC 6530 SECOND-TERM (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions