Section 3

Question 1

Which tool is used for vulnerability assessment?

Answer 1

Qualys

Question 2

Which standards apply to any financial entity policies?

Answer 2

Gramm-Leach-Bliley

Question 3

What company audits other companies for licensing requirements?

Answer 3

BSA (business software alliance)

Question 4

Which term is synonymous with symmetric cryptography?

Answer 4

secret key cryptography

Question 5

Which term is synonymous with asymmetric cryptography?

Answer 5

public key cryptography

Question 6

what are hash functions used for

Answer 6

determining whether the message has changed
-verify integrity of data

Question 7

Symmetric cryptography

Answer 7

uses a single key to both encrypt the plaintext and decrypt the ciphertext

Question 8

examples of symmetric cryptography

Answer 8

DES, 3DES, AES

Question 9

asymmetric cryptography

Answer 9

uses public and private key
- public key encrypts data and anyone can access it
- private key decrypts

Question 10

Examples of asymmetric cryptography

Answer 10

RSA, ECC, DSA
protocols: PGP, SSL/TSL

Question 11

examples of hash functions

Answer 11

MD5, SHA

Question 12

regulatory compliance

Answer 12

Adherence to laws specific to industry in which you’re operating

Question 13

industry compliance

Answer 13

Regulations not mandated by law but can have severe impacts upon ability to conduct business

Question 14

PCI DSS

Answer 14

processing credit card transactions

Question 15

Steps for compliance

Answer 15

• monitoring
• reviewing
• documenting
• reporting

Question 16

Federal Information Security Management Act (FISMA)

Answer 16

• Organization implement information security controls that use a risk-based approach
• provides a framework for ensuring the effectiveness of information security controls in government.

Question 17

Federal Risk and Authorization Management (FedRAMP)

Answer 17

defines rules for government agencies contracting with cloud providers

Question 18

Sarbanes-Oxley Act (SOX)

Answer 18

Regulates financial data, operation, and assets for publicly held companies

Question 19

Gramm-Leach-Bliley Act (GLBA)

Answer 19

Protect information and financial data belonging to customers of financial institutions

Question 20

Children’s Internet Protection Act (CIPA)

Answer 20

Requires schools and libraries to prevent children from accessing obscene or harmful content over the internet

Question 21

Children’s Online Privacy Protection Act (COPPA)

Answer 21

Protects privacy of minors under 13 by restricting organization from collecting their PII

Question 22

Family Educational Rights and Privacy Act (FERPA)

Answer 22

protects students’ records

Question 23

General Data Protection Regulation (GDPR)

Answer 23

• EU
• data protection and privacy for all individuals

Question 24

NIST Framework

Answer 24

□ Categorize data
□ Select controls
□ Implement controls
□ Assess controls
□ Authorize use of system
□ Monitor controls

Question 25

IaaS

Answer 25

access to virtual servers and storage
- AWS, google cloud

Question 26

PaaS

Answer 26

provides prebuilt servers

Question 27

SaaS

Answer 27

access to specific app

Question 28

What is the disadvantage of logging?

Answer 28

resources/ takes up storage

Question 29

Which act regulates federal departments in the United States?

Answer 29

FISMA

Question 30

Which act regulates customer privacy in the finance industry?

Answer 30

GLBA

Question 31

Which act regulates reporting of publicly traded companies?

Answer 31

SOX

Question 32

Which algorithm supports encryption for email?

Answer 32

PGP