A Trojan is _______________.
A. an encrypted smartphone
B. a security warning that appears if you are about to click on an infected link
C. a network security device
D. a type of malware hidden within something that appears to be innocuous
HIPAA requires patient notification when there has been a data breach, unless _______________.
A. the data was encrypted at the time it was stolen
B. the office suffering the data breach unplugs the affected computers
C. the data did not include financial information
D. the office suffering the data breach offers theft prevention and credit monitoring services to those affected by the data breach
You should always keep your office’s data backups onsite, so you won’t lose track of them.
What is the primary risk associated with daisy-chaining (using the same password to secure different accounts)?
A. Forgetting which password goes with which account.
B. Accounts using different passwords won’t work properly.
C. If an attacker compromises any account using that password, he or she can then use it to compromise any other account using the same one.
D. Having too many passwords to remember.
What is the most common sign that a computer network has been compromised?
A. Pop-up warnings appear on the infected computers.
C. An audible alarm from infected network computers.
D. A telephone call from Microsoft support personnel.
What steps should be taken to safeguard the information on a smartphone or other mobile device in case it’s stolen?
A. Back up the data on the device so that it can be restored in case of theft.
B. Set a passcode or password.
C. Enable remote wiping to destroy the data on the device if necessary.
D. All of the above.
Which one is NOT a mistake that could lead to the inadvertent disclosure of PHI?
A. Unintentional publication.
B. The Principle of Least Privilege.
C. Disposal error.
Pentesting is _______________.
A. an analysis of data used by firm personnel
B. a type of scan to see if a computer is connected to a network
C. a simulated attack on a computer network
D. a type of audit to determine if firm personnel signed an office’s written security policies
The HIPAA Privacy and Security Rule requirements apply to dental offices directly, but not to outside vendors, consultants or subcontractors.
BEC scam is also referred to as _______________.
A. a back end cryptography scam
B. a business email compromise scam
C. a blocked endpoint crash scam
D. a bad encryption collision scam
An endpoint is _______________.
A. a quarantine area for malware caught by an antivirus program
B. data that has been decrypted
C. the last step of incident response procedure
D. an individual computer or device connected to a network
An attacker can steal electronic data from a printer or photocopier.
Which attack focuses on tricking victims into sending out wire transfers to scammers?
A. A honeypot.
C. A business email compromise scam.
D. A logic bomb.
Operating system hardening relates to the removal of unnecessary software, accounts and functions from computers and servers.
What is an advantage to using a password manager?
A. It will generate difficult to crack passwords for a user.
B. It will keep a user from using the same password over and over on different accounts (daisy-chaining).
C. It will prevent a user from inadvertently entering a password on the wrong site (like a phishing site).
D. All of the above.
What is the most effective method of data disposal?
B. Factory reset.
C. Physical destruction.
An in-person attempt by a hacker to effectively talk or trick his or her way inside your office is called _______________.
What steps should you take with regard to an employee’s network access when he or she stops working at your office (regardless of reason)?
A. Preserve the ex-employee’s login, so that office staff can access any necessary information if the need arises.
B. Immediately disable the ex-employee’s network access (login and password), including physical building access and any form of remote access to the network.
C. Disable the ex-employee’s remote access. The in-network access is secure, since the ex-employee would have to physically be at the office to use it.
D. Negotiate an agreement with the departing employee regarding the access.
The “Cloud” is simply someone else’s computer accessed via the Internet.
When should an office prepare incident response and disaster recovery plans?
A. Immediately after a security incident is identified.
B. If the firm recognizes the possibility of a disaster or security incident in the near future.
C. As soon as the extent of damage caused by a disaster or security incident can be quantified.
D. As early as possible. Yesterday would be good.
Which one of these is the strongest password?
What is two-factor authentication?
A. A social engineering scam that uses personal information to trick the victim into thinking it’s legitimate.
B. A network monitoring technique.
C. A method to confirm that data has been fully deleted from a system.
D. An access control process to prove you are who you say you are, in addition to an account password.
A factory reset is designed to update all of the software on a mobile device.
A. A method of encryption.
B. The effect of breaking the screen glass on a mobile device.
C. A social engineering attack delivered via text message.
D. Attackers breaking into a victim’s office and stealing computer equipment.
HHS presumes that a successful ransomware attack is a data breach.
Why is an attacker compromising an account with administrative privileges especially dangerous to a network?
A. Administrator accounts can download, modify and delete programs and data.
B. Two-factor authentication cannot be used with an administrator account.
C. Administrator accounts are encrypted.
D. Administrator accounts have only limited network access.
What is the Principle of Least Privilege?
A. Firewalls should be set as restrictively as possible.
B. Only the most senior people in an office should be able to access everything.
C. Two-factor authentication should be used whenever possible.
D. Users should be able to access only the parts of the network or information that they need to do their work.