ExamGecko
Search Search Login
Home Home / ISC / HCISPP

ISC HCISPP Practice Test - Questions Answers, Page 5

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following statements is NOT correct?
DRAG DROP During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant. What is the best approach for the CISO? Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location.
If you see other staff violating privacy policies you should?
The First Blue Cross plan was given to teachers at Baylor University allowing them 21 days of hospital care at six dollars a year.
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?
What is the MOST important consideration from a data security perspective when an organization plans to relocate?
Substance abuse regulations do not allow disclosure with a subpoena unless a court has issued an order following a show cause hearing.
You receive a call from staff at a local hospital stating that they need information regarding a former client of yours who is scheduled for surgery. They fax you a release of information form which only authorizes the release of medications but the person on the phone is asking for dates of treatment and diagnoses. How would you respond?
The criminal penalties for improperly disclosing patient health information can be as high as fines of $250,000 and prison sentences of up to 10 years.
You always abide by the HIPAA privacy rule.

Question 41

Report
Export
Collapse

All of the following items should be included in a Business Impact Analysis (BIA) Question:naire EXCEPT Question:s that

A.
determine the risk of a business interruption occurring
A.
determine the risk of a business interruption occurring
Answers
B.
determine the technological dependence of the business processes
B.
determine the technological dependence of the business processes
Answers
C.
Identify the operational impacts of a business interruption
C.
Identify the operational impacts of a business interruption
Answers
D.
Identify the financial impacts of a business interruption
D.
Identify the financial impacts of a business interruption
Answers
Suggested answer: B

Question 42

Report
Export
Collapse

Which of the following actions will reduce risk to a laptop before traveling to a high risk area?

A.
Examine the device for physical tampering
A.
Examine the device for physical tampering
Answers
B.
Implement more stringent baseline configurations
B.
Implement more stringent baseline configurations
Answers
C.
Purge or re-image the hard disk drive
C.
Purge or re-image the hard disk drive
Answers
D.
Change access codes
D.
Change access codes
Answers
Suggested answer: D

Question 43

Report
Export
Collapse

Which of the following represents the GREATEST risk to data confidentiality?

A.
Network redundancies are not implemented
A.
Network redundancies are not implemented
Answers
B.
Security awareness training is not completed
B.
Security awareness training is not completed
Answers
C.
Backup tapes are generated unencrypted
C.
Backup tapes are generated unencrypted
Answers
D.
Users have administrative privileges
D.
Users have administrative privileges
Answers
Suggested answer: C

Question 44

Report
Export
Collapse

What is the MOST important consideration from a data security perspective when an organization plans to relocate?

A.
Ensure the fire prevention and detection systems are sufficient to protect personnel
A.
Ensure the fire prevention and detection systems are sufficient to protect personnel
Answers
B.
Review the architectural plans to determine how many emergency exits are present
B.
Review the architectural plans to determine how many emergency exits are present
Answers
C.
Conduct a gap analysis of a new facilities against existing security requirements
C.
Conduct a gap analysis of a new facilities against existing security requirements
Answers
D.
Revise the Disaster Recovery and Business Continuity (DR/BC) plan
D.
Revise the Disaster Recovery and Business Continuity (DR/BC) plan
Answers
Suggested answer: C

Question 45

Report
Export
Collapse

A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?

A.
Application
A.
Application
Answers
B.
Storage
B.
Storage
Answers
C.
Power
C.
Power
Answers
D.
Network
D.
Network
Answers
Suggested answer: C

Question 46

Report
Export
Collapse

When assessing an organization's security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

A.
Only when assets are clearly defined
A.
Only when assets are clearly defined
Answers
B.
Only when standards are defined
B.
Only when standards are defined
Answers
C.
Only when controls are put in place
C.
Only when controls are put in place
Answers
D.
Only procedures are defined
D.
Only procedures are defined
Answers
Suggested answer: A

Question 47

Report
Export
Collapse

Which of the following types of technologies would be the MOST cost-effective method to provide a reactive control for protecting personnel in public areas?

A.
Install mantraps at the building entrances
A.
Install mantraps at the building entrances
Answers
B.
Enclose the personnel entry area with polycarbonate plastic
B.
Enclose the personnel entry area with polycarbonate plastic
Answers
C.
Supply a duress alarm for personnel exposed to the public
C.
Supply a duress alarm for personnel exposed to the public
Answers
D.
Hire a guard to protect the public area
D.
Hire a guard to protect the public area
Answers
Suggested answer: D

Question 48

Report
Export
Collapse

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

A.
Development, testing, and deployment
A.
Development, testing, and deployment
Answers
B.
Prevention, detection, and remediation
B.
Prevention, detection, and remediation
Answers
C.
People, technology, and operations
C.
People, technology, and operations
Answers
D.
Certification, accreditation, and monitoring
D.
Certification, accreditation, and monitoring
Answers
Suggested answer: C

Question 49

Report
Export
Collapse

Intellectual property rights are PRIMARY concerned with which of the following?

A.
Owner's ability to realize financial gain
A.
Owner's ability to realize financial gain
Answers
B.
Owner's ability to maintain copyright
B.
Owner's ability to maintain copyright
Answers
C.
Right of the owner to enjoy their creation
C.
Right of the owner to enjoy their creation
Answers
D.
Right of the owner to control delivery method
D.
Right of the owner to control delivery method
Answers
Suggested answer: D

Question 50

Report
Export
Collapse

Which of the following is a PRIMARY benefit of using a formalized security testing report format and structure?

A.
Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken
A.
Executive audiences will understand the outcomes of testing and most appropriate next steps for corrective actions to be taken
Answers
B.
Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability
B.
Technical teams will understand the testing objectives, testing strategies applied, and business risk associated with each vulnerability
Answers
C.
Management teams will understand the testing objectives and reputational risk to the organization
C.
Management teams will understand the testing objectives and reputational risk to the organization
Answers
D.
Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels
D.
Technical and management teams will better understand the testing objectives, results of each test phase, and potential impact levels
Answers
Suggested answer: D
Total 305 questions
Go to page: of 31
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms