Which of the following is NOT an IT Governance Focus Area of COBIT?a.Ensuring that an IT Program is aligned with business goals.b.Measuring program effectiveness.c.Dictating security controls that must be implemented in your program.d.Defining proper management of IT infrastructure and resources.
- PCI DSS is a law that provides for civil and criminal penalties if merchants don’t protect customer credit card data. True
- The purpose of the NIST SP 800-37 is to provide guidance to Federal agencies for applying the Risk Management Framework to information systems. True
- Which of the following is not a main goal of PCI DSSa.Protect cardholder datab.Build and maintain a compliant secure network for handling credit cardsc.Implement strong access controlsd.Monitor credit card activity
- Which is not a way to protect cardholder dataa.Limit display of the credit card number to only the first six digits of the account.b.Encrypt cardholder data when transmitting it.c.Limit display of the credit card number to only the last four digits of the account.d.Write the card information down when you accept it, in case it has to be retransmitted later.
- Which of the following is NOT an IT Governance Focus Area of COBIT?a.Ensuring that an IT Program is aligned with business goals.b.Measuring program effectiveness.c.Dictating security controls that must be implemented in your program.d.Defining proper management of IT infrastructure and resources.
- Which organization developed COBIT?a.IEEEb.ISOc.NISTd.ISACA
- Which of the following is not a benefit to implementing COBIT?a.Reduced operational riskb.Ability to offer better IT servicesc.Reduced costsd.Clear policy development
- Which of the following is not one of NIST’s six-step RMF processes?a.Categorizing security requirements to understand what security controls baseline need to be installedb.Selecting security controls to be implemented.c.Performing an assessment on security controls before authorizing the system or application’s use.d.Hiring personnel to manage the security program.
- When an IT system is ready to be deployed by a Federal agency, it must undergo a security assessment and be authorized. Which role can serve as an authorizing official (AO)?a.Senior Managementb.Security Compliance Auditorc.System Administratord.Security Officer
- Which NIST guidance document provides detailed instructions for performing Information Security Continuous Monitoring?a.NIST SP 800-30b.NIST SP 800-137c.NIST SP 800-53d.NIST SP 800-60