Quiz 7

Student Name___________________________________

MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.
1)
Which of the following is not one of the basic actions that an organization must take to preserve the confidentiality of
sensitive information?
A)
training
B)
backing up the information
C)
identification of information to be protected
D)
controlling access to the information
2)
Encryption is a necessary part of which information security approach?
A)
defense in depth
B)
cloud quarantine
C)
timebased defense
D)
synthetic defense
3)
Information rights management software can do all of the following except
A)
limiting access to specific files.
B)
limit action privileges to a specific time period.
C)
specify the actions individuals granted access to information can perform.
D)
authenticate individuals accessing information.
4)
Identify the first step in protecting the confidentiality of intellectual property below.

A)
Identifying who has access to the intellectual property
B)
Identifying what controls should be placed around the intellectual property
C)
Identifying the weaknesses surrounding the creation of the intellectual property
D)
Identifying the means necessary to protect the intellectual property
5)
After the information that needs to be protected has been identified, what step should be completed next?
A)
The information needs to be encrypted.
B)
The information needs to be placed in a secure, central area.
C)
The information needs to be depreciated.
D)
The information needs to be classified in terms of its value to the organization.
6)
In developing policies related to personal information about customers, Folding Squid Technologies adhered to the Trust
Services framework. The standard applicable to these policies is
A)
confidentiality.
B)
security.
C)
privacy.
D)
availability.
7)
It is impossible to encrypt information
A)
transmitted over the Internet.
B)
printed on a report.
C)

stored on a hard drive.

D)
None of the above
8)
If an organization asks you to disclose your social security number, yet fails to permit you to opt-out before you provide
the information, the organization has likely violated which of the Generally Accepted Privacy Principles?
A)
Management
B)
Notice

C)
Choice and consent
D)
Use and retention
9)
If an organization asks you to disclose your date of birth and your address, but refuses to let you review or correct the
information you provided, the organization has likely violated which of the Generally Accepted Privacy Principles?
A)
Collection
B)
Access
Security

C)

D)
Choice and consent
10)
Which systems use the same key to encrypt communications and to decrypt communications?
A)
symmetric encryption
B)
asymmetric encryption
C)
hashing encryption
D)

public key encryption

1)
B
A
D
A
D
C
D
C
B
A

2)
3)
4)
5)
6)
7)
8)
9)
10)