ITSY 1300 EXAM 1 REVIEW QUESTIONS
What is unauthorized access? - Answer -Unauthorized access is the ability or act of
getting onto a system without permission, or having greater access to the system than
you should (for instance, by getting someone's user ID and password). Getting onto a
system you shouldn't means getting access to data you shouldn't.
Sarbanes-Oxley Act(SOX) - Answer -Passed in 2002, SOX requires publicly traded
companies to submit accurate and reliable financial reporting. This law does not require
securing private information, but it does require security controls to protect the
confidentiality and integrity of the reporting itself.
Health Insurance Portability and Accountability Act (HIPAA) - Answer -Passed in 1996,
HIPAA requires health care organizations to implement security and privacy controls to
ensure patient privacy.
Federal Information Security Management Act (FISMA) - Answer -Passed in 2002,
FISMA requires federal civilian agencies to provide security controls over resources that
support federal operations.
Gramm-Leach-Bliley Act (GLBA) - Answer -Passed in 1999, GLBA requires all types of
financial institutions to protect customers' private financial information.
Children's Internet Protection Act (CIPA) - Answer -Passed in 2000 and updated in
2011, CIPA requires public schools and public libraries to use an Internet safety policy.
Family Educational Rights and Privacy Act (FERPA) - Answer -Passed in 1974, FERPA
protects the private data of students and their school records.
Payment Card Industry Data Security Standard (PCI DSS) - Answer -Although not a
law, PCI DSS v3.2.1, released in 2018 as the latest update to this 2004 industry
standard, affects any organization that processes or stores credit card information. The
founding payment brands of the PCI Security Standards Council—American Express,
Discover Financial Services, JCB, MasterCard Worldwide, and Visa International—
developed PCI DSS v3.2.1 to foster consistent global data security measures. The PCI
DSS v3.2.1 is a comprehensive security standard that includes requirements for
security management, policies, procedures, network architecture, software design, and
other critical protective measures.
Security Controls - Answer -Something an organization does to help reduce risk.
Examples will vary, including security awareness training, IT security policy frameworks,
layered security solution for IT infrastructure, periodic security risk assessments,
enabling monitoring, and so forth.
Physical elements of LAN domain - Answer -network interface controller, ethernet LAN,
and UTP cabling.
, Logical elements of LAN domain - Answer -system administration, design of directory
and file service, and configuration of workstation and server TCP/ip software and
communication protocols.
Confidentiality - Answer -Only authorized users can view information
Integrity - Answer -Only authorized users can change information.
Availability - Answer -Information is accessible by authorized users whenever they
request the information.
CIA Triad - Answer -Confidentiality, Integrity, Availability
MTTR (mean time to repair) - Answer -average length of time required to perform a
repair on the device
MTTF (mean time to failure) - Answer -The average time a device or component is
expected to be in operation.
RTO - Recovery Time Objective - Answer -the amount of time it takes to recover and
make a system, application, and data available for use after an outage.
MTBF (Mean Time Between Failures) - Answer -MTBF is the predicted amount of time
between failures of an IT system during operation.
User Domain Responsibilities - Answer -Employees are responsible for their use of IT
assets
Workstation domain responsibilities - Answer -An organization's desktop support group
is responsible for the Workstation Domain, including enforcing defined standards, which
is critical to ensuring the integrity of user workstations and data.
LAN domain responsibilities - Answer -he LAN support group is in charge of the LAN
Domain, which includes both the physical components and logical elements.
LAN-to-WAN domain Responsibilities - Answer -The network security group is
responsible for the LAN-to-WAN Domain and includes both the physical components
and logical elements. Group members are responsible for applying the defined security
controls.
WAN domain responsibilities - Answer -The network engineer or WAN group is
responsible for the WAN Domain. These responsibilities include both the physical
components and logical elements.
What is unauthorized access? - Answer -Unauthorized access is the ability or act of
getting onto a system without permission, or having greater access to the system than
you should (for instance, by getting someone's user ID and password). Getting onto a
system you shouldn't means getting access to data you shouldn't.
Sarbanes-Oxley Act(SOX) - Answer -Passed in 2002, SOX requires publicly traded
companies to submit accurate and reliable financial reporting. This law does not require
securing private information, but it does require security controls to protect the
confidentiality and integrity of the reporting itself.
Health Insurance Portability and Accountability Act (HIPAA) - Answer -Passed in 1996,
HIPAA requires health care organizations to implement security and privacy controls to
ensure patient privacy.
Federal Information Security Management Act (FISMA) - Answer -Passed in 2002,
FISMA requires federal civilian agencies to provide security controls over resources that
support federal operations.
Gramm-Leach-Bliley Act (GLBA) - Answer -Passed in 1999, GLBA requires all types of
financial institutions to protect customers' private financial information.
Children's Internet Protection Act (CIPA) - Answer -Passed in 2000 and updated in
2011, CIPA requires public schools and public libraries to use an Internet safety policy.
Family Educational Rights and Privacy Act (FERPA) - Answer -Passed in 1974, FERPA
protects the private data of students and their school records.
Payment Card Industry Data Security Standard (PCI DSS) - Answer -Although not a
law, PCI DSS v3.2.1, released in 2018 as the latest update to this 2004 industry
standard, affects any organization that processes or stores credit card information. The
founding payment brands of the PCI Security Standards Council—American Express,
Discover Financial Services, JCB, MasterCard Worldwide, and Visa International—
developed PCI DSS v3.2.1 to foster consistent global data security measures. The PCI
DSS v3.2.1 is a comprehensive security standard that includes requirements for
security management, policies, procedures, network architecture, software design, and
other critical protective measures.
Security Controls - Answer -Something an organization does to help reduce risk.
Examples will vary, including security awareness training, IT security policy frameworks,
layered security solution for IT infrastructure, periodic security risk assessments,
enabling monitoring, and so forth.
Physical elements of LAN domain - Answer -network interface controller, ethernet LAN,
and UTP cabling.
, Logical elements of LAN domain - Answer -system administration, design of directory
and file service, and configuration of workstation and server TCP/ip software and
communication protocols.
Confidentiality - Answer -Only authorized users can view information
Integrity - Answer -Only authorized users can change information.
Availability - Answer -Information is accessible by authorized users whenever they
request the information.
CIA Triad - Answer -Confidentiality, Integrity, Availability
MTTR (mean time to repair) - Answer -average length of time required to perform a
repair on the device
MTTF (mean time to failure) - Answer -The average time a device or component is
expected to be in operation.
RTO - Recovery Time Objective - Answer -the amount of time it takes to recover and
make a system, application, and data available for use after an outage.
MTBF (Mean Time Between Failures) - Answer -MTBF is the predicted amount of time
between failures of an IT system during operation.
User Domain Responsibilities - Answer -Employees are responsible for their use of IT
assets
Workstation domain responsibilities - Answer -An organization's desktop support group
is responsible for the Workstation Domain, including enforcing defined standards, which
is critical to ensuring the integrity of user workstations and data.
LAN domain responsibilities - Answer -he LAN support group is in charge of the LAN
Domain, which includes both the physical components and logical elements.
LAN-to-WAN domain Responsibilities - Answer -The network security group is
responsible for the LAN-to-WAN Domain and includes both the physical components
and logical elements. Group members are responsible for applying the defined security
controls.
WAN domain responsibilities - Answer -The network engineer or WAN group is
responsible for the WAN Domain. These responsibilities include both the physical
components and logical elements.
