ExamGecko
Login
Home / ISC / HCISPP / List of questions
Ask Question

ISC HCISPP Practice Test - Questions Answers

List of questions

Question 1

Report Export Collapse

During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.

What is the best approach for the CISO?

During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.

What is the best approach for the CISO?

Document the system as high risk
Document the system as high risk
Perform a vulnerability assessment
Perform a vulnerability assessment
Perform a quantitative threat assessment
Perform a quantitative threat assessment
Notate the information and move on
Notate the information and move on
Suggested answer: B
asked 18/09/2024
Rohit Kumar
40 questions

Question 2

Report Export Collapse

A health care provider is considering Internet access for their employees and patients. Which of the following is the organization's MOST secure solution for protection of data?

Public Key Infrastructure (PKI) and digital signatures
Public Key Infrastructure (PKI) and digital signatures
Trusted server certificates and passphrases
Trusted server certificates and passphrases
User ID and password
User ID and password
Asymmetric encryption and User ID
Asymmetric encryption and User ID
Suggested answer: A
asked 18/09/2024
Ankur Patel
42 questions

Question 3

Report Export Collapse

Which of the BEST internationally recognized standard for evaluating security products and systems?

Payment Card Industry Data Security Standards (PCI-DSS)
Payment Card Industry Data Security Standards (PCI-DSS)
Common Criteria (CC)
Common Criteria (CC)
Health Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability and Accountability Act (HIPAA)
Sarbanes-Oxley (SOX)
Sarbanes-Oxley (SOX)
Suggested answer: B
asked 18/09/2024
Chris Houck
33 questions

Question 4

Report Export Collapse

The threat modeling identifies a man-in-the-middle (MITM) exposure. Which countermeasure should the information system security officer (ISSO) select to mitigate the risk of a protected Health information (PHI) data leak?

Auditing
Auditing
Anonymization
Anonymization
Privacy monitoring
Privacy monitoring
Data retention
Data retention
Suggested answer: B
asked 18/09/2024
Bill May
45 questions

Question 5

Report Export Collapse

Which of the following is considered the last line defense in regard to a Governance, Risk managements, and compliance (GRC) program?

Internal audit
Internal audit
Internal controls
Internal controls
Board review
Board review
Risk management
Risk management
Suggested answer: B
asked 18/09/2024
Lawrence Bargers
32 questions

Question 6

Report Export Collapse

Which of the following is the BEST example of weak management commitment to the protection of security assets and resources?

poor governance over security processes and procedures
poor governance over security processes and procedures
immature security controls and procedures
immature security controls and procedures
variances against regulatory requirements
variances against regulatory requirements
unanticipated increases in security incidents and threats
unanticipated increases in security incidents and threats
Suggested answer: A
asked 18/09/2024
Joe Mon
27 questions

Question 7

Report Export Collapse

Which of the following is the BEST reason for the use of security metrics?

They ensure that the organization meets its security objectives.
They ensure that the organization meets its security objectives.
They provide an appropriate framework for Information Technology (IT) governance.
They provide an appropriate framework for Information Technology (IT) governance.
They speed up the process of quantitative risk assessment.
They speed up the process of quantitative risk assessment.
They quantify the effectiveness of security processes.
They quantify the effectiveness of security processes.
Suggested answer: B
asked 18/09/2024
Mohammad Musa
39 questions

Question 8

Report Export Collapse

Which of the following is the BEST reason for writing an information security policy?

To support information security governance
To support information security governance
To reduce the number of audit findings
To reduce the number of audit findings
To deter attackers
To deter attackers
To implement effective information security controls
To implement effective information security controls
Suggested answer: A
asked 18/09/2024
Abdullah Mousa
45 questions

Question 9

Report Export Collapse

A covered healthcare provider which a direct treatment relationship with an individual need not:

provide the notice no later than the date of the first service delivery, including service delivered electronically
provide the notice no later than the date of the first service delivery, including service delivered electronically
have the notice available at the service delivery site for individuals to request and keep
have the notice available at the service delivery site for individuals to request and keep
get a acknowledgement of the notice from each individual on stamped paper
get a acknowledgement of the notice from each individual on stamped paper
post the notice in a clear and prominent location where it is reasonable to expect individuals seeking service from the covered healthcare provider to be able to read it
post the notice in a clear and prominent location where it is reasonable to expect individuals seeking service from the covered healthcare provider to be able to read it
Suggested answer: C
asked 18/09/2024
Ezrah James panuelos
37 questions

Question 10

Report Export Collapse

Health Information Rights although your health record is the physical property of the healthcare practitioner or facility that compiled it, the information belongs to you. You do not have the right to:

obtain a paper copy of the notice of information practices upon request inspect and obtain a copy of your health record as provided for in 45 CFR 164.524
obtain a paper copy of the notice of information practices upon request inspect and obtain a copy of your health record as provided for in 45 CFR 164.524
request a restriction on certain uses and disclosures of your information outside the terms as provided by 45 CFR 164.522
request a restriction on certain uses and disclosures of your information outside the terms as provided by 45 CFR 164.522
amend your health record as provided in 45 CFR 164.528 obtain an accounting of disclosures of your health information as provided in 45 CFR 164.528
amend your health record as provided in 45 CFR 164.528 obtain an accounting of disclosures of your health information as provided in 45 CFR 164.528
revoke your authorization to use or disclose health information except to the extent that action has already been taken
revoke your authorization to use or disclose health information except to the extent that action has already been taken
Suggested answer: B
asked 18/09/2024
Ahmed Emad
30 questions
Total 305 questions
Go to page: of 31
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is a characteristic of a socialized health insurance system?
___________________ is a physician who has completed their internship in a program of training designed to increase their knowledge of clinical or special fields.
Which of the following statements is NOT correct?
Discovered the immunity to small pox.
What is the title given to the group authorized by the HIPAA Privacy Rule to approve a waiver of authorization for the disclosure and/or use of personally identifiable health information?
Confidential information must not be shared with another unless the recipient has:
The confidentiality of alcohol and drug abuse patient records maintained by this program is protected by federal law and regulations. Generally, the program may not say to a person outside the program that a patient attends the program, or disclose any information identifying a patient as an alcohol or drug abuser even if:
You receive a call from staff at a local hospital stating that they need information regarding a former client of yours who is scheduled for surgery. They fax you a release of information form which only authorizes the release of medications but the person on the phone is asking for dates of treatment and diagnoses. How would you respond?
What time period was the Cannon of Medicine in?
If you see other staff violating privacy policies you should?