IFT 381 Module 6 concepts Exam Questions and Answers Latest Update 2025/2026
FISMA - Answers The Federal Information Security Management/Modernization Act; U.S. law
requiring federal agencies to secure information systems using NIST standards and report
incidents to US-CERT.
PHI - Answers Protected health information; any individually identifiable health information
about past, present, or future health status, treatment, or payment.
Business Associate (HIPAA) - Answers An organization that performs functions involving PHI
on behalf of a covered entity, such as billing, claims processing, or data storage.
CIPA - Answers Children's Internet Protection Act requiring schools and libraries receiving E-
Rate funds to filter harmful or obscene internet content for minors.
HIPAA Scope - Answers HIPAA applies to past, present, and future health information, not just
current health information.
PCI DSS Vulnerability Management - Answers PCI DSS objective requiring antivirus installation,
malware protection, signature updates, and secure maintenance of systems affected by
malware.
GLBA Privacy Rule - Answers Requires financial institutions to provide privacy notices and allow
consumers to opt out of data sharing with nonaffiliated third parties.
ISO/IEC 27002 - Answers Current ISO standard providing best-practice guidelines for
information security management.
RFC False Statement - Answers RFCs cannot be modified once published; new RFCs must be
published to update or replace them.
W3C - Answers World Wide Web Consortium that creates standards ensuring web compatibility
across different vendors and platforms.
IETF - Answers Internet Engineering Task Force; a collection of working groups that create
internet standards published as RFCs.
IEEE - Answers Institute of Electrical and Electronics Engineers; develops global technical and
electronic standards including IEEE 802 LAN/MAN.
NIST - Answers National Institute of Standards and Technology; produces SP 800 series
including risk management, control baselines, and federal security guidelines.
IEC - Answers International Electrotechnical Commission; prepares global standards for
electrical and electronic technologies.
ANSI - Answers American National Standards Institute; coordinates U.S. voluntary consensus
, standards including IT and manufacturing.
ETSI - Answers European Telecommunications Standards Institute; develops telecom and
cybersecurity standards including TC CYBER.
PCI DSS - Answers Payment Card Industry Data Security Standard; protects cardholder data with
12 core security requirements.
PCI DSS Requirement 1 - Answers Install and maintain a firewall configuration to protect
cardholder data.
PCI DSS Requirement 2 - Answers Do not use vendor-supplied defaults for system passwords
and other security parameters.
PCI DSS Requirement 3 - Answers Protect stored cardholder data.
PCI DSS Requirement 4 - Answers Encrypt transmission of cardholder data across open, public
networks.
PCI DSS Requirement 5 - Answers Use and regularly update anti-malware protection.
PCI DSS Requirement 6 - Answers Develop and maintain secure systems and applications.
PCI DSS Requirement 7 - Answers Restrict access to cardholder data based on need-to-know.
PCI DSS Requirement 8 - Answers Assign unique IDs to each person with computer access.
PCI DSS Requirement 9 - Answers Restrict physical access to cardholder data.
PCI DSS Requirement 10 - Answers Track and monitor all access to network resources and
cardholder data.
PCI DSS Requirement 11 - Answers Regularly test security systems and processes.
PCI DSS Requirement 12 - Answers Maintain a policy addressing information security for all
personnel.
PCI Merchant Level 1 - Answers Merchants processing over 6 million transactions per year;
requires onsite QSA audit annually.
PCI Merchant Level 2 - Answers Merchants processing 1-6 million transactions per year;
requires annual audit and AOC.
PCI Merchant Level 3 - Answers Merchants processing 20,000-1 million e-commerce
transactions per year; requires SAQ and quarterly scan.
PCI Merchant Level 4 - Answers Merchants processing fewer than 20,000 transactions; requires
SAQ and quarterly scan.
FISMA - Answers The Federal Information Security Management/Modernization Act; U.S. law
requiring federal agencies to secure information systems using NIST standards and report
incidents to US-CERT.
PHI - Answers Protected health information; any individually identifiable health information
about past, present, or future health status, treatment, or payment.
Business Associate (HIPAA) - Answers An organization that performs functions involving PHI
on behalf of a covered entity, such as billing, claims processing, or data storage.
CIPA - Answers Children's Internet Protection Act requiring schools and libraries receiving E-
Rate funds to filter harmful or obscene internet content for minors.
HIPAA Scope - Answers HIPAA applies to past, present, and future health information, not just
current health information.
PCI DSS Vulnerability Management - Answers PCI DSS objective requiring antivirus installation,
malware protection, signature updates, and secure maintenance of systems affected by
malware.
GLBA Privacy Rule - Answers Requires financial institutions to provide privacy notices and allow
consumers to opt out of data sharing with nonaffiliated third parties.
ISO/IEC 27002 - Answers Current ISO standard providing best-practice guidelines for
information security management.
RFC False Statement - Answers RFCs cannot be modified once published; new RFCs must be
published to update or replace them.
W3C - Answers World Wide Web Consortium that creates standards ensuring web compatibility
across different vendors and platforms.
IETF - Answers Internet Engineering Task Force; a collection of working groups that create
internet standards published as RFCs.
IEEE - Answers Institute of Electrical and Electronics Engineers; develops global technical and
electronic standards including IEEE 802 LAN/MAN.
NIST - Answers National Institute of Standards and Technology; produces SP 800 series
including risk management, control baselines, and federal security guidelines.
IEC - Answers International Electrotechnical Commission; prepares global standards for
electrical and electronic technologies.
ANSI - Answers American National Standards Institute; coordinates U.S. voluntary consensus
, standards including IT and manufacturing.
ETSI - Answers European Telecommunications Standards Institute; develops telecom and
cybersecurity standards including TC CYBER.
PCI DSS - Answers Payment Card Industry Data Security Standard; protects cardholder data with
12 core security requirements.
PCI DSS Requirement 1 - Answers Install and maintain a firewall configuration to protect
cardholder data.
PCI DSS Requirement 2 - Answers Do not use vendor-supplied defaults for system passwords
and other security parameters.
PCI DSS Requirement 3 - Answers Protect stored cardholder data.
PCI DSS Requirement 4 - Answers Encrypt transmission of cardholder data across open, public
networks.
PCI DSS Requirement 5 - Answers Use and regularly update anti-malware protection.
PCI DSS Requirement 6 - Answers Develop and maintain secure systems and applications.
PCI DSS Requirement 7 - Answers Restrict access to cardholder data based on need-to-know.
PCI DSS Requirement 8 - Answers Assign unique IDs to each person with computer access.
PCI DSS Requirement 9 - Answers Restrict physical access to cardholder data.
PCI DSS Requirement 10 - Answers Track and monitor all access to network resources and
cardholder data.
PCI DSS Requirement 11 - Answers Regularly test security systems and processes.
PCI DSS Requirement 12 - Answers Maintain a policy addressing information security for all
personnel.
PCI Merchant Level 1 - Answers Merchants processing over 6 million transactions per year;
requires onsite QSA audit annually.
PCI Merchant Level 2 - Answers Merchants processing 1-6 million transactions per year;
requires annual audit and AOC.
PCI Merchant Level 3 - Answers Merchants processing 20,000-1 million e-commerce
transactions per year; requires SAQ and quarterly scan.
PCI Merchant Level 4 - Answers Merchants processing fewer than 20,000 transactions; requires
SAQ and quarterly scan.
