EXAMINATION 2026 QUESTIONS
WITH ANSWERS GRADED A+
◍ Within the realm of IT security, which of the following combinations best
defines risk?.
Answer: Threat coupled with a vulnerability
◍ Give an example in which a health care organization would need:
accreditation, licensure, AND certification.
Answer: A healthcare organization that wants to have the stamp of approval,
indicating great quality of care may volunteer to become accredited by TJC.
The same hco will legally need licensure to provide services in that state. If
the same hco services Medicare members, they will need to be certified
under the CoP
◍ When determining the value of an intangible asset which is the BEST
approach?.
Answer: With the assistance of a finance of accounting professional
determine how much profit the asset has returned
◍ _______ grants approval to hco that demonstrate satisfactory quality of
service..
Answer: Accreditation
◍ Qualitative risk assessment is earmarked by which of the following?.
Answer: Ease of implementation and it can be completed by personnel with
a limited understanding of the risk assessment process
◍ _______ granting permission to hco or practitioner to provide services of a
defined scope in that state..
Answer: Licensure
,◍ Single loss expectancy (SLE) is calculated by using:.
Answer: Asset value and exposure factor
◍ Consideration for which type of risk assessment to perform includes all of
the following:.
Answer: Culture of the organization, budget, capabilities and resources
◍ Security awareness training includes:.
Answer: Security roles and responsibilities for staff
◍ What is the minimum and customary practice of responsible protection of
assets that affects a community or societal norm?.
Answer: Due care
◍ Effective security management:.
Answer: Reduces risk to an acceptable level
◍ Availability makes information accessible by protecting from:.
Answer: Denial of services, fires, floods, and hurricanes and unreadable
backup tapes
◍ ________grants approval for hco to provide services to a specific group of
beneficiaries..
Answer: Certification
◍ Which phrase best defines a business continuity/disaster recover plan?.
Answer: The adequate preparations and procedures for the continuation of
all organization functions
◍ This type of healthcare organization review is performed to fulfill legal or
licensure requirements.a. voluntary reviewb. complimentary reviewc.
vocational reviewd. compulsory review.
Answer: d. compulsory review
◍ This organization has been responsible for accrediting healthcare
organizations since the 50's and determines whether they are continually
monitoring/improving quality of care.a. CARF-Commission on Accredit. of
Rehab. Facilitiesb. American Osteopathic Ass.c. NCQA-National
, Committee for Quality Assuranced. JCAHO-Joint Comm. on Accredit. of
Healthcare Organ..
Answer: d. JCAHO-Joint Comm. on Acredit. of Healthcare Organ.
◍ Which of the following steps should be performed first in a business impact
analysis (BIA)?.
Answer: Identify all business units within an organization
◍ Tactical security plans are BEST used to:.
Answer: Deploy new security technology
◍ Who is accountable for implementing information security?.
Answer: Security officer
◍ Security is likely to be most expensive when addressed in which phase?.
Answer: Implementation
◍ Information systems auditors help the organization:.
Answer: Identify control gaps
◍ Create an outline of the survey process by The Joint Commission. Detail
typical steps so that my employees will know what to expect...
Answer: 1. site visit- 18 to 36 months after last surveya. preliminary
planning session to review documentationb. organization leaders provide
overview c. opening conference by surveyorsd. tracer methodology used by
surveyorse. interviews-patients, staff, leadersf. special issues-resolution
sessions -triggersg. preliminary reports by survey teamh. exit conference
with RFIsi. Joint Commission accreditation decisions2. self-assessment and
action plan3. announcement of site visit to state licensure & public4. survey
lasts 3-5 daysSimplified answer: opening conference, care unit visits using
tracer methodology, close with exit conference
◍ How are quality reports like Quality Check useful for consumers?.
Answer: Here, consumers can see how the organization has performed on
implementing NPSGs and national quality improvement (QI) goals. They
can see the organization's accreditation history.