MISY 5330, part 2 Exam Questions
and Answers 100% PASS
7. Security management functions assigned security responsibility and information
access management are all standards included in which safeguard category of the
HIPAA Security Rule? - CORRECT ANSWER-Administrative
8. A type of software that protects computing resources and is most commonly
found between the health care organization's internal network and the Internet is
known as a(n): - CORRECT ANSWER-Firewall
9. A common type of computer virus that resides in a removable media device
such as a flash drive is known as a: - CORRECT ANSWER-Boot sector virus
10. According to the National Institute for Standards and Technology (NIST) what
type of contingency-related plan is typically IT focused and used in the event of a
major hardware or software failure? - CORRECT ANSWER-Disaster recovery
plan
External breaches of security are far more common than internal breaches. -
CORRECT ANSWER-False
,The most common encryption algorithm in use today is RSA; however, the AMA
recommends AES as a better choice for encrypting electronic protected health
information (ePHI). - CORRECT ANSWER-True
The HIPAA Security Rule governs all protected health information (PHI). -
CORRECT ANSWER-False
Password and PIN systems are the most common forms of entity authentication
and provide the strongest form of security - CORRECT ANSWER-False
Computer viruses are among the most common and virulent forms of intentional
computer tampering. - CORRECT ANSWER-True
The proxy server is a more complex firewall device than the packet filter and runs
on a computer. - CORRECT ANSWER-True
Ciphertext is a computer program that converts plaintext into an enciphered form.
- CORRECT ANSWER-False
The primary challenge of developing an effective security program in a health care
organization is balancing the need for security with the cost of security -
CORRECT ANSWER-True
All of the specifications contained within the HIPAA Security Rule are considered
required. - CORRECT ANSWER-False
COPYRIGHT ©️ 2025 ALL RIGHTS RESERVED
, Time limit, availability, and updates are all implementation specifications contained
within the Policies, Procedures, and Documentation section of the HIPAA
Security Rule. - CORRECT ANSWER-True
The policies and procedures that govern the receipt and removal of hardware,
software, and devices such as disks and tapes are known as: - CORRECT
ANSWER-Media Controls
The most stringent type of access control is: - CORRECT ANSWER-Context
Based
One of the key components of applying administrative safeguards to protect an
organization's health care information is: - CORRECT ANSWER-Risk Analysis
Password system, PINS, and biometric identification systems are all specific
examples of: - CORRECT ANSWER-Entity Authentication
HITECH gave the responsibility for enforcing the HIPAA Privacy and Security
Rules to: - CORRECT ANSWER-OCR
Under the HIPAA Security Rule, which is NOT considered a covered entity (CE)?
- CORRECT ANSWER-A business associate
Data center management, network engineers, and help desk personnel are all
examples of roles that would fall under: - CORRECT ANSWER-Operations and
Technical Support
and Answers 100% PASS
7. Security management functions assigned security responsibility and information
access management are all standards included in which safeguard category of the
HIPAA Security Rule? - CORRECT ANSWER-Administrative
8. A type of software that protects computing resources and is most commonly
found between the health care organization's internal network and the Internet is
known as a(n): - CORRECT ANSWER-Firewall
9. A common type of computer virus that resides in a removable media device
such as a flash drive is known as a: - CORRECT ANSWER-Boot sector virus
10. According to the National Institute for Standards and Technology (NIST) what
type of contingency-related plan is typically IT focused and used in the event of a
major hardware or software failure? - CORRECT ANSWER-Disaster recovery
plan
External breaches of security are far more common than internal breaches. -
CORRECT ANSWER-False
,The most common encryption algorithm in use today is RSA; however, the AMA
recommends AES as a better choice for encrypting electronic protected health
information (ePHI). - CORRECT ANSWER-True
The HIPAA Security Rule governs all protected health information (PHI). -
CORRECT ANSWER-False
Password and PIN systems are the most common forms of entity authentication
and provide the strongest form of security - CORRECT ANSWER-False
Computer viruses are among the most common and virulent forms of intentional
computer tampering. - CORRECT ANSWER-True
The proxy server is a more complex firewall device than the packet filter and runs
on a computer. - CORRECT ANSWER-True
Ciphertext is a computer program that converts plaintext into an enciphered form.
- CORRECT ANSWER-False
The primary challenge of developing an effective security program in a health care
organization is balancing the need for security with the cost of security -
CORRECT ANSWER-True
All of the specifications contained within the HIPAA Security Rule are considered
required. - CORRECT ANSWER-False
COPYRIGHT ©️ 2025 ALL RIGHTS RESERVED
, Time limit, availability, and updates are all implementation specifications contained
within the Policies, Procedures, and Documentation section of the HIPAA
Security Rule. - CORRECT ANSWER-True
The policies and procedures that govern the receipt and removal of hardware,
software, and devices such as disks and tapes are known as: - CORRECT
ANSWER-Media Controls
The most stringent type of access control is: - CORRECT ANSWER-Context
Based
One of the key components of applying administrative safeguards to protect an
organization's health care information is: - CORRECT ANSWER-Risk Analysis
Password system, PINS, and biometric identification systems are all specific
examples of: - CORRECT ANSWER-Entity Authentication
HITECH gave the responsibility for enforcing the HIPAA Privacy and Security
Rules to: - CORRECT ANSWER-OCR
Under the HIPAA Security Rule, which is NOT considered a covered entity (CE)?
- CORRECT ANSWER-A business associate
Data center management, network engineers, and help desk personnel are all
examples of roles that would fall under: - CORRECT ANSWER-Operations and
Technical Support
