ExamGecko
Search Search Login
Home Home / ISC / HCISPP

ISC HCISPP Practice Test - Questions Answers, Page 7

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following statements is NOT correct?
DRAG DROP During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant. What is the best approach for the CISO? Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location.
If you see other staff violating privacy policies you should?
The First Blue Cross plan was given to teachers at Baylor University allowing them 21 days of hospital care at six dollars a year.
A company whose Information Technology (IT) services are being delivered from a Tier 4 data center, is preparing a companywide Business Continuity Planning (BCP). Which of the following failures should the IT manager be concerned with?
What is the MOST important consideration from a data security perspective when an organization plans to relocate?
Substance abuse regulations do not allow disclosure with a subpoena unless a court has issued an order following a show cause hearing.
You receive a call from staff at a local hospital stating that they need information regarding a former client of yours who is scheduled for surgery. They fax you a release of information form which only authorizes the release of medications but the person on the phone is asking for dates of treatment and diagnoses. How would you respond?
You always abide by the HIPAA privacy rule.
The criminal penalties for improperly disclosing patient health information can be as high as fines of $250,000 and prison sentences of up to 10 years.

Question 61

Report
Export
Collapse

In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ?

A.
Reduced risk to internal systems.
A.
Reduced risk to internal systems.
Answers
B.
Prepare the server for potential attacks.
B.
Prepare the server for potential attacks.
Answers
C.
Mitigate the risk associated with the exposed server.
C.
Mitigate the risk associated with the exposed server.
Answers
D.
Bypass the need for a firewall.
D.
Bypass the need for a firewall.
Answers
Suggested answer: A

Question 62

Report
Export
Collapse

Which of the following is the BEST reason for the use of security metrics?

A.
They ensure that the organization meets its security objectives.
A.
They ensure that the organization meets its security objectives.
Answers
B.
They provide an appropriate framework for Information Technology (IT) governance.
B.
They provide an appropriate framework for Information Technology (IT) governance.
Answers
C.
They speed up the process of quantitative risk assessment.
C.
They speed up the process of quantitative risk assessment.
Answers
D.
They quantify the effectiveness of security processes.
D.
They quantify the effectiveness of security processes.
Answers
Suggested answer: B

Question 63

Report
Export
Collapse

An international medical organization with headquarters in the United States (US) and branches in France wants to test a drug in both countries. What is the organization allowed to do with the test subject's data?

A.
Aggregate it into one database in the US
A.
Aggregate it into one database in the US
Answers
B.
Process it in the US, but store the information in France
B.
Process it in the US, but store the information in France
Answers
C.
Share it with a third party
C.
Share it with a third party
Answers
D.
Anonymize it and process it in the US
D.
Anonymize it and process it in the US
Answers
Suggested answer: C

Question 64

Report
Export
Collapse

Which of the following is the MOST significant benefit to implementing a third-party federated identity architecture?

A.
Attribute assertions as agencies can request a larger set of attributes to fulfill service delivery
A.
Attribute assertions as agencies can request a larger set of attributes to fulfill service delivery
Answers
B.
Data decrease related to storing personal information
B.
Data decrease related to storing personal information
Answers
C.
Reduction in operational costs to the agency
C.
Reduction in operational costs to the agency
Answers
D.
Enable business objectives so departments can focus on mission rather than the business of identity management
D.
Enable business objectives so departments can focus on mission rather than the business of identity management
Answers
Suggested answer: C

Question 65

Report
Export
Collapse

Which of the following methods MOST efficiently manages user accounts when using a third-party cloud-based application and directory solution?

A.
Cloud directory
A.
Cloud directory
Answers
B.
Directory synchronization
B.
Directory synchronization
Answers
C.
Assurance framework
C.
Assurance framework
Answers
D.
Lightweight Directory Access Protocol (LDAP)
D.
Lightweight Directory Access Protocol (LDAP)
Answers
Suggested answer: B

Question 66

Report
Export
Collapse

An organization is outsourcing its payroll system and is requesting to conduct a full audit on the thirdparty information technology (IT) systems. During the due diligence process, the third party provides previous audit report on its IT system.

Which of the following MUST be considered by the organization in order for the audit reports to be acceptable?

A.
The audit assessment has been conducted by an independent assessor.
A.
The audit assessment has been conducted by an independent assessor.
Answers
B.
The audit reports have been signed by the third-party senior management.
B.
The audit reports have been signed by the third-party senior management.
Answers
C.
The audit reports have been issued in the last six months.
C.
The audit reports have been issued in the last six months.
Answers
D.
The audit assessment has been conducted by an international audit firm.
D.
The audit assessment has been conducted by an international audit firm.
Answers
Suggested answer: B

Question 67

Report
Export
Collapse

Which of the following trust services principles refers to the accessibility of information used by the systems, products, or services offered to a third-party provider's customers?

A.
Security
A.
Security
Answers
B.
Privacy
B.
Privacy
Answers
C.
Access
C.
Access
Answers
D.
Availability
D.
Availability
Answers
Suggested answer: C

Explanation:

Reference:

https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/trust-services-criteria.pdf

Explanation:

Question 68

Report
Export
Collapse

A risk assessment report recommends upgrading all perimeter firewalls to mitigate a particular finding. Which of the following BEST supports this recommendation?

A.
The inherent risk is greater than the residual risk.
A.
The inherent risk is greater than the residual risk.
Answers
B.
The Annualized Loss Expectancy (ALE) approaches zero.
B.
The Annualized Loss Expectancy (ALE) approaches zero.
Answers
C.
The expected loss from the risk exceeds mitigation costs.
C.
The expected loss from the risk exceeds mitigation costs.
Answers
D.
The infrastructure budget can easily cover the upgrade costs.
D.
The infrastructure budget can easily cover the upgrade costs.
Answers
Suggested answer: C

Question 69

Report
Export
Collapse

The primary objectives of a healthcare system include all of the following except:

A.
Enabling all citizens to receive healthcare services
A.
Enabling all citizens to receive healthcare services
Answers
B.
Delivering healthcare services that are cost-effective
B.
Delivering healthcare services that are cost-effective
Answers
C.
Delivering healthcare services using the most current technology, regardless of cost
C.
Delivering healthcare services using the most current technology, regardless of cost
Answers
D.
Delivering healthcare services that meet established standards of quality
D.
Delivering healthcare services that meet established standards of quality
Answers
Suggested answer: C

Question 70

Report
Export
Collapse

The U.S. healthcare system can best be described as:

A.
Expensive
A.
Expensive
Answers
B.
Fragmented
B.
Fragmented
Answers
C.
Market-oriented
C.
Market-oriented
Answers
D.
All of the above
D.
All of the above
Answers
Suggested answer: D
Total 305 questions
Go to page: of 31
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms