Review Questions
-
1. Joe is authoring a document that explains to system administrators one way that they might comply with the organization’s requirement to encrypt all laptops. What type of document is Joe writing?
- Policy
- Guideline
- Procedure
- Standard
-
2. Which one of the following statements is not true about compensating controls under PCI DSS?
- Controls used to fulfill one PCI DSS requirement may be used to compensate for the absence of a control needed to meet another requirement.
- Controls must meet the intent of the original requirement.
- Controls must meet the rigor of the original requirement.
- Compensating controls must provide a similar level of defense as the original requirement.
-
3. What law creates cybersecurity obligations for healthcare providers and others in the health industry?
- HIPAA
- FERPA
- GLBA
- PCI DSS
-
4. Which one of the following is not one of the five core security functions defined by the NIST Cybersecurity Framework?
- Identify
- Contain
- Respond...