Which one of the following statements is not true about compensating controls under pci dss?

Upgrade to remove ads

Only ₩37,125/year

• Flashcards

• Learn

• Test

• Match

• Flashcards

• Learn

• Test

• Match

Terms in this set (21)

Joe is authoring a document that explains to system administrators one way that they might comply with the organization's requirement to encrypt all laptops.
What type of document is Joe writing?
APolicy
B.Guideline
C.Procedure
D.Standard

B.Guideline

Explanation:
The key word in this scenario is "one way". This indicates that compliance with the document is not mandatory, so Joe must be authoring a guideline.
Incorrect answers:
Policies, Standards and procedures are all mandatory

Which one of the following statements is not true about compensating controls under their PCI DSS?
A.Controls used to fulfill one PCI DSS requirement may be used to compensate for the absence of a control needed to meet another requirement
B.Controls must meet the intent of the original requirement
C.Controls must meet the rigor of the original requirement
D.Compensating controls must provide a similar level of defense as the original requirement

A. Controls used to fulfill one PCI DSS requirement may be used to compensate for the absence of a control needed to meet another requirement
Explanation:
PCI DSS compensating controls must be "above and beyond" other PCI DSS requirements.
This specifically bans the use of a control used to meet one requirement as a compensating control for another requirement

What law creates cybersecurity obligations for healthcare providers and others in the health industry?
A.HIPPA
B.FERPA
C.GLBA
D.PCI DSS

A.HIPPA

Explanation:
The Health Insurance Portability and accountability Act (HIPPA) includes security and privacy rules that affect healthcare providers, health insurers, and health information clearinghouses

Which one of the following is not one of the five core security functions definite by the NIST CyberSecurity framework?
A.Identify
B.Contain
C.Respond
D.Recover

B. Contain

Explanation:
The five security functions described in the NIST Cybersecurity Framework are identify, protect, respond and recover

What is standard applies to information security management controls?
A.9001
B.27001
C.14032
D.57033

B.27001

Explanation:
The International Organization for Standardization (ISO) publishes ISO 27001, a standard document titled "Information technology- Security techniques-Information security management systems- Requirements"

Which one of the following documents must normally be approved by the CEO or similarly high-level executive?
A.Standard
B.Procedure
C.Guideline
D.Policy

D.Policy

Explanation:
Policies require approval from the highest level of management, usually the CEO
Other documents may often be approved by other managers, such as the CEO

What SABSA architecture layer corresponds to the designers view of security architecture?
A.Contextual security architecture
B.Conceptual security architecture
C.Logical security architecture
D.Component Security architecture

C.Logical security architecture

Explanation:
The logical security architecture corresponds to the designers view in the SABSA model.
The contextual architecture is the business view, the conceptual architecture is the architects view, and the component architecture is the tradesman's view

What law governs the financial records of publicly traded companies?
A.GLBA
B.SOX
C.FERPA
D.PCI DSS

B.SOX

Explanation:
The Sarbanes-Oxley (SOX) Act applies to the financial records of publicly traded companies and require that those companies have a strong degree of assurance around the IT systems that store and process those records

What TOGAF domain provides the organizations approach to storing and managing information assets?
A.Business architecture
B.Applications architecture
C.Data architecture
D.Technical architecture

C.Data architecture

Explanation:
In the TOGAF model, the data architecture provides the organizations approach to storing and managing information assets

Which one of the following would not normally would be found in a organizations information security policy?
A.Statement of the importance of cybersecurity
B.Requirement to use AES-256 encryption
C.Delegation of authority
D.Designation of responsible executive

B.Requirement to use AES-256 encryption

Explanation:

Security polices do not normally contain prescriptive technical guidance, such as a requirement to use a specific encryption algorithm.
This type of detail would not normally be found ion a security standard

Darren is helping the Human Resources department create a new policy for background checks on new hires.
What type of control is Darren creating?
A.Physical
B.Technical
C.Logical
D.Administrative

D.Administrative

Explanation:
Administrative controls are procedural mechanisms that an organizations follows to implement sound security management practices.
Examples of administrative controls include user account reviews, employee backgrounds investigations, log reviews and separation of duty policies

Which one of the following control models describes the five core activities associated with IT service management as a service strategy, service design, service transition, service operation, and continual service improvement?
A.COBIT
B.TOGAF
C.ISO 27001
D.ITIL

D.ITIL

Explanation;
The information Technology Infrastructure (ITIL) is a framework that offers a comprehensive approach to IT service management (ITSM) within the modern enterpise.
ITIL covers five core activities; Service Strategy, Service Design, Service Transition, Service operation, and Continual Service Improvement

What compliance obligation applies to merchants and service providers who work with credit card information?
A.FERPA
B.SOX
C.HIPAA
D.PCI DSS

D.PCI DSS

Explanation:
The Payment card Industry Data Security Standard (PCI DSS) provides detailed rules about the storage, processing, and transmission of credit and debit card information.
PCI DSS is not a low but rather a contractual obligation that applies to credit card merchants and service providers

Which one of the following policies would typically answer questions about when an organization should destroy records?
A.Data ownership policy
B.Account management policy
C.Password policy
D.Data retention policy?

D.Data retention policy

Explanation:
The data retention policy outlines what information the organization will maintain and the length of time different categories of information will be retained prior to destruction

While studying an organizations risk management process under the NIST Cybersecurity Framework, Rob determines that the organization adapts its cybersecurity practices based on lessons learned and predictive indicators derived from previous and current cybersecurity actitivies.
What tier should be assign based on this measure?
A.Tier 1
B.Tier 2
C.Tier 3
D.Tier 4

D.Tier 4

Explanation:
The description provided matches the definition of a Tier 4 (Adaptive) organizations risk management practices under the NIST Cybersecurity Framework

Which one of the following security policy framework components does not contain mandatory guidance for individuals in the organization?
A.Policy
B.Standard
C.Procedure
D.Guideline

D.Guideline

Explanation:
Guidelines are the only element of the security policy framework that are optional.
Compliance with policies, standards and procedures are mandatory

Tina is creating a set of firewall rules designed to block denial-of-service attacks from entering her organizations network.
What type of control is Tina designing?
A.Logical control
B.Physical control
C.Administrative control
D.Root access control

A.Logical controls

Explanation:
Logical controls are technical controls that enforce confidentiality, integrity, and availability in the digital space.
Examples of logical security controls include firewall rules, access control lists, intrusion preventive systems and encryption

Allan is developing a document that lists the acceptable mechanisms for securely obtaining remote administrative access to servers in his organization.
What type of document is Allan writing?
A.Policy
B.Standard
C.Guideline
D.Procedure

B. Standard

Explanation:
Standards describe specific security controls that must be in place for an organization.
Allan would not include acceptable mechanisms in a high-level policy document, and this information is too general to be useful as a procedure.
Guidelines are not mandatory, so they would not be applicable in this scenario

Which one of the following is not a common use of the NIST Cybersecurity Framework?
A.Describe the current cybersecurity posture of an organization
B.Describe the target future cybersecurity posture of an organization
C.Communicate

d. Create specific technology requirements for an organization
Explanation:
The NIST Cybersecurity Framework is designed to help organizations describe their current cybersecurity posture, describe their target state for cybersecurity, identify and prioritize opportunities for improvement, assess progress and communicate with stakeholders about risk.
It does not create specific technology requirements

Shelly is writing a document that describes the steps that incident response teams will follow upon first notice of a potential incident.
What type of document is she creating?
A.Policy
B.Standard
C.Guideline
D.Procedure

D.Procedure

Explanation:
Procedures provide checklist-style sets of step-by-step instruction guiding how employees should react in a given circumstance.
Procedures commonly guide the early stages of incident response

WHat is standard applies to information seucirty management controls?
A.9001
B.27001
C.14032
D.57033

...

Sets with similar terms

ITEC370 Test 2

80 terms

DJFATWILL

CS 332 Chptr 4

56 terms

akilubalt

Cumulative Final Secure Policy

53 terms

nick_saveleski

CSIS 340 - Bob Tucker - Exam 2

80 terms

soccergoal757PLUS

Sets found in the same folder

Chapter 10 Defense in Depth Security Architecture

19 terms

Keegzzz5

Chapter 7 Performing Forensic Analysis

20 terms

Keegzzz5

Chapter 8 Recovery and Post-Incident Response

20 terms

Keegzzz5

Jason Dion's CySA+ Practice Exam 1

60 terms

Keegzzz5

Other sets by this creator

Pentest+ Jason Dions Practice Questions

18 terms

Keegzzz5

Sybex Practice Exam Chapter 6 Practice Exam 2

51 terms

Keegzzz5

Sybex Pratice Questions Domain 5 Chapter 5

85 terms

Keegzzz5

Sybex Practice Exam Book Chapter 4

216 terms

Keegzzz5

Verified questions

ENGINEERING

A child's balloon is a sphere 1 ft. in diameter. The balloon is filled with helium $\left(\rho=0.014 \mathrm{lbm} / \mathrm{ft}^{3}\right)$. The balloon material weighs 0.008 $\mathrm{lb} / \mathrm{ft}^{2}$ of surface area. If the child releases the balloon, how high will it rise in the Standard Atmosphere. (Neglect expansion of the balloon as it rises.)

Verified answer

ENGINEERING

A 60 W bulb is on for 10 h. a. What is the energy used in wattseconds? b. What is the energy dissipated in joules? c. What is the energy transferred in watthours? d. How many kilowatthours of energy were dissipated? e. At 12c/kWh, what was the total cost?

Verified answer

ENGINEERING

Consider the vertical rectangular wall of a water tank with a width of 5 m and a height of 8 m. The other side of the wall is open to the atmosphere. The resultant hydrostatic force on this wall is (a) 1570 kN (b) 2380 kN (c) 2505 kN (d) 1410 kN (e) 404 kN

Verified answer

ENGINEERING

Consider the following reaction representing the combustion of propane: $\mathrm{C}_{3} \mathrm{H}_{8}+\mathrm{O}_{2} \rightarrow \mathrm{CO}_{2}+\mathrm{H}_{2} \mathrm{O}$ (a) Balance the equation. (b) How many moles of oxygen are required to burn 1 mol of propane? (c) How many grams of oxygen are required to burn 100 g of propane? (d) At standard temperature and pressure, what volume of oxygen would be required to burn 100 g of propane? If air is 21 percent oxygen, what volume of air at STP would be required? (e) At STP, what volume of $\mathrm{CO}_{2}$ would be produced when 100 g of propane are burned?

Verified answer

Other Quizlet sets

religion test 123456 i like nba2k

15 terms

jamesdanurd

practical 3 lesson 9

86 terms

melinda_tran7

CS241v2

60 terms

succulent_pear

History of Chiropractic - midterm

30 terms

shelton_elaina

Related questions

QUESTION

What is the primary function of a web browser?

15 answers

QUESTION

Mismatch repair requires the ability to distinguish between template and newly synthesized DNA strands. How can E. coli distinguish between these two strands?

15 answers

QUESTION

A nurse assistant has been asked to collect a clean clutch urine specimen from Mr. Jones , a non catheterized person with slight dementia , The NA should?

2 answers

QUESTION

Which is the best way to insure that students will lead a physically active lifestyle.

7 answers

Which of the following best describes compensating controls?

Which of the following security policy framework components does not contain mandatory instructions for individuals in the organization?

Which of the following are the five functions of the NIST cybersecurity framework quizlet?