which of the follow is not one of the rights that parents are guaranteed under coppa?
Question
Question 1 (2.5 points)
__________ are tools that filter offensive content.
Question 1 options:
Spam blockers
Technology protection measures (TPM)
Network databases
Proxy servers
Save
Question 2 (2.5 points)
To be COPPA-compliant, a privacy policy must provide “assurance that participation is not conditioned on data collection.” Which of the following statements offer the best explanation of this criterion?
Question 2 options:
A Web site can’t require children to submit contact details in order to be allowed to use the site. Web sites are not allowed to collect more information than necessary for a child to participate in an activity.
The Web site must state whether collected information is shared with a third party.
Web sites must state how the information will be used. It must be specific.
This includes the name, mailing address, telephone number, and e-mail address of all operators collecting or using the information collected on the Web site.
Save
Question 3 (2.5 points)
Some people believe that COPPA requirements violate freedom of speech without censorship guaranteed by the __________ Amendment.
Question 3 options:
First
Second
Fourth
Seventh
Save
Question 4 (2.5 points)
The __________ protects the personal information of children online.
Question 4 options:
Family Educational Rights and Privacy Act (FERPA)
Health Insurance Portability and Accountability Act (HIPAA)
Children’s Internet Protection Act (CIPA)
Children’s Online Privacy Protection Act (COPPA)
Save
Question 5 (2.5 points)
Collection and use of a child’s personal information such as name, e-mail address, or social security number by a Web site operator is governed by:
Question 5 options:
FERPA
HIPAA
CIPA
COPPA
Save
Question 6 (2.5 points)
Which of the follow is not one of the rights that parents are guaranteed under COPPA?
Question 6 options:
Parents also can request that a Web site operator delete data held on their children.
The Web site must re-notify parents whenever it changes its data collection and use procedures.
Parents must be allowed to review information collected from their children.
Parents will be notified by a Web site if it is collecting an e-mail address to respond to a one-time request from a child.
Save
Question 7 (2.5 points)
In which of the following circumstances would a library need to disable a TPM?
Question 7 options:
At the request of an adult to view content for research or other lawful purpose
At the request of a child with a document of written consent from his/her parent
At the request of anyone over the age of 17
At the request of any school official
Save
Question 8 (2.5 points)
Which of the following best defines a technology protection measure (TPM)?
Question 8 options:
It is any technology that can block or filter the objectionable content.
It is technology that provides monitoring protocols that track a child’s online activities.
It is technology that offers age-verification protocols that restrict online access to adults.
It is technology that accepts Internet requests from clients, retrieves the pages, and serves them to the client.
Save
Question 9 (2.5 points)
__________ was created by Congress to make health insurance portable.
Question 9 options:
CIPA
HIPAA
HITECH Act
FERPA
Save
Question 10 (2.5 points)
Regarding pre-existing conditions, HIPAA:
Question 10 options:
only allows employer-provided health plans to look back six months for pre-existing conditions.
neither A nor B
in most instances limits the amount of time health plans can require an individual to “sit out” of coverage to no more than 12 months.
both A and B
Save
Question 11 (2.5 points)
The U.S. Securities and Exchange Commission reviews a public company’s Form 10-K at least once every __________ years.
Question 11 options:
four
two
three
five
Save
Question 12 (2.5 points)
The main goal of the __________ is to protect shareholders and investors from financial fraud.
Question 12 options:
Sarbanes-Oxley Act (SOX)
Gramm-Leach-Bliley Act
Securities and Exchange Commission
Public Company Accounting Oversight Board
Save
Question 13 (2.5 points)
Which of the following parties is not among those who would share an individual’s health information?
Question 13 options:
Government agencies like Medicaid or Medicare
Insurance companies
Treatment providers
Potential employers
Save
Question 14 (2.5 points)
All of the following are types of information included on a Form 10-K except:
Question 14 options:
financial statements.
explanation of how the company is organized and operates.
auditor’s report.
lists of employees and subcontractors.
Save
Question 15 (2.5 points)
The HIPAA __________ dictates how covered entities must protect the privacy of personal health information.
Question 15 options:
Privacy Rule
Red Flag Rule
Information Security Rule
Health Information Protection Rule
Save
Question 16 (2.5 points)
The __________ enforces trade sanctions and embargoes and prohibits trade with certain people in other countries.
Question 16 options:
Department of Defense (DoD)
Department of Commerce
Office of Management and Budget (OMB)
Office of Foreign Assets Control (OFAC)
Save
Question 17 (2.5 points)
__________ restrict(s) the transmission of certain types of information to non-U.S. citizens or non-permanent residents who are located in the United States.
Question 17 options:
Import control regulations
Social media sites
Export control regulations
The Office of International Information Transference
Save
Question 18 (2.5 points)
Which of the following was not one of the outcomes of the Enron scandal?
Question 18 options:
Public companies are required to file one comprehensive financial disclosure statement with the SEC.
The SEC began to require that the accuracy of financial statements be certified in a number of different ways.
The SEC began to require more information to be reported on its financial statements.
Investors started to significantly lose confidence in large public companies.
Save
Question 19 (2.5 points)
__________ are the processes and procedures that a company uses to provide reasonable assurance that its financial reports are reliable.
Question 19 options:
Internal controls
Risk assessment
Disclosure controls
External controls
Save
Question 20 (2.5 points)
What was the first federal law to address federal computer security?
Question 20 options:
Computer Security Act (CSA)
The E-Privacy Act
Federal Information Security Management Act (FISMA)
Sarbanes-Oxley Act (SOX)
Save
Question 21 (2.5 points)
The __________ was created by Congress to protect data collected by the government.
Question 21 options:
Federal Information and Security Management Act (FISMA)
Computer Security Act (CSA)
E-Government Act of 2002
Privacy Act of 1974
Save
Question 22 (2.5 points)
Which of the following items is not part of the in “SP 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach” that NIST uses to create a risk management framework (RMF) approach to FISMA compliance?
Question 22 options:
Implement security controls in IT systems
Select minimum security controls
Categorize IT systems
Monitor security controls only when necessary
Save
Question 23 (2.5 points)
Under the __________, federal agencies must (1) review their IT systems for privacy risks, (2) post privacy policies on their Web sites, (3) post machine-readable privacy policies on their Web sites, and (4) report privacy activities to the OMB.
Question 23 options:
Privacy Act of 1974
Federal Information and Security Management Act (FISMA)
E-Government Act of 2002
Computer Security Act (CSA)
Save
Question 24 (2.5 points)
__________ must be in place for securing networks, facilities, and systems or groups of IT systems. They are intended for technologies or system components that are a part of the larger information security program.
Question 24 options:
Security awareness training
Subordinate plans
Policies and procedures
Testing and evaluation
Save
Question 25 (2.5 points)
FISMA requires federal agencies to secure national security systems using a risk-based approach, but this does not apply to __________ information.
Question 25 options:
personally identifiable
intellectual property
sensitive
classified
Save
Question 26 (2.5 points)
FERPA has four main requirements: Annual notification, access to education records, amendment of education records, and disclosure of education records.
Question 26 options:
True
False
Save
Question 27 (2.5 points)
Medical identity thieves exclusively consist of computer hackers or members of organized crime rings.
Question 27 options:
True
False
Save
Question 28 (2.5 points)
Covered entities must respond to a person’s request to access PHI within a specific period. The rule requires covered entities to respond in 60 days.
Question 28 options:
True
False
Save
Question 29 (2.5 points)
An Internet safety policy must educate minors about appropriate online behavior. This includes how to use social networking Web sites and chatrooms safely. The policy must include information on how to recognize cyberbullying. It also must tell minors how to respond to cyberbullying.
Question 29 options:
True
False
Save
Question 30 (2.5 points)
The Federal Communications Commission (FCC) mandates that a TPM should be 100 percent effective. This effectiveness is determined by the CIPA and the FCC.
Question 30 options:
True
False
Save
Question 31 (2.5 points)
Covered entities must keep records of how they disclose a person’s PHI. Under the Privacy Rule, a person has the right to receive an accounting of how the covered entity has used or disclosed the person’s PHI.
Question 31 options:
True
False
Save
Question 32 (2.5 points)
Many SOX provisions require companies to verify the accuracy of their financial information. Because IT systems hold many types of financial information, companies and auditors quickly realized that these systems were in scope for SOX compliance. That meant that how those systems are used and the controls used to safeguard those systems had to be reviewed.
Question 32 options:
True
False
Save
Question 33 (2.5 points)
One of the main functions of the PCAOB is to set standards for how auditors review public companies. It has created standards related to auditing, ethics, independence, and quality control.
Question 33 options:
True
False
Save
Question 34 (2.5 points)
In situations when a covered entity may use or disclose PHI to the extent that it’s required by law, the covered entity may only do so in response to a subpoena issued by a grand jury.
Question 34 options:
True
False
Save
Question 35 (2.5 points)
The following is an example of an incidental disclosure: a customer at a pharmacy hears the pharmacist quietly discussing a medication with another customer.
Question 35 options:
True
False
Save
Question 36 (2.5 points)
In 1987, Congress passed the Computer Security Act (CSA). This was the first law to address federal computer security. Under the CSA, every federal agency had to inventory its IT systems. Agencies also had to create security plans for those systems and review their plans every year.
Question 36 options:
True
False
Save
Question 37 (2.5 points)
FISMA merges a number of different laws. All of these laws address different information security issues. Because no one law was comprehensive, Congress heard many reports that information security efforts at the federal level were not effective. Congress intended FISMA to be a strong law to fix this problem.
Question 37 options:
True
False
Save
Question 38 (2.5 points)
In 1992, COSO issued guidance on internal controls. The COSO framework says that internal controls are effective when they give the management of a company reasonable assurance that: (1) it understands how the entity’s operational objectives are being achieved, (2) its published financial statements are being prepared reliably, and (3) it’s complying with applicable laws and regulations.
Question 38 options:
True
False
Save
Question 39 (2.5 points)
NIST created a FISMA Implementation Project to help it meet its FISMA duties. The project helped it create FISMA-related standards and guidelines in a timely manner. The project had two phases. In the first phase, NIST developed standards and guidelines to help agencies meet basic FISMA requirements. The documents developed in this phase helped agencies create their information security programs.
Question 39 options:
True
False
Save
Question 40 (2.5 points)
An access control model is an information security control; there is one main type of access control model, which is mandatory access control (MAC). In this model, data owners don’t have the ability to decide who can access certain files or data. This model is based on a security label system. Users of the system have a security label. Data and files in the system also have a security label. A user can access only data with the same (or lower) security label.
Question 40 options:
True
False
-
Rating:
5/