GOT 190/200.

Q-9 IS WRONG

QUESTION 1
The sample remote access policy documents you reviewed in the lab served as a
reminder that a policy:
is not applicable or effective for higher education organizations.
should not differ from those of other organizations in the same field.
can be proper and effective without having to follow a strict structure.
must follow rigid and specific guidelines to be effective.
10 points   
QUESTION 2
Granting remote access introduces not only the same risks inherent with
authenticated users on the local network but additional risks by granting local
access to users from the:
Local Area Network (LAN).
Internet’s open network.
User Domain.
Workstation Domain.
10 points   
QUESTION 3
Which of the following statements is true regarding an organization’s monitoring
and logging of remote access use?
Part of the human and employee behavioral change that is occurring
requires that the organization monitor and track remote access use.
An organization should not tell its employees or authorized users that the
organization is monitoring the use of the IT infrastructure.
Remote access users will be more careless if they know their remote
access and actions are being monitored and logged for security reasons.
An organization should not mention that it will be monitoring and logging
remote access use in its remote access policy definition.
10 points   
QUESTION 4
In many businesses, administrators, staff, and even customers are granted
remote access into the organization’s protected, private:
Internet portal.
IT infrastructure.
Wide Area Network (WAN).
Local Area Network (LAN).
10 points   
QUESTION 5
Which of the following statements is true regarding the risks of using the public
Internet for remote access to the organization’s IT infrastructure?
 Because of the way Internet Protocol (IP) packets are transmitted, they
are not susceptible to attack and compromise.
Anyone accessing the organization’s IT infrastructure from the Internet
should be considered authorized.
In the real world, very few threats and attacks actually originate from the
Internet.
Attackers can use the Internet to plant malicious software, code, and
other scripts on to e-mails or browser commands.
10 points   
QUESTION 6
Aligning standards, procedures, and guidelines into a remote access policy
definition makes it easier to:
maintain the reliability of the IT infrastructure.
reduce the risks associated with this type of service.
authenticate users prior to a security breach.
connect remote users to the Internet.
10 points   
QUESTION 7
In what section of the remote access policy document you created in the lab did
you describe how you intend to deliver the annual or ongoing security awareness
training for remote workers and mobile employees?
The Purpose/Objectives section
The Standards section
The Procedures section
The Guidelines section
10 points   
QUESTION 8
The Health Insurance Portability and Accountability Act (HIPAA) requires security
controls for electronic protected health information (ePHI) to ensure the
__________ of patient data.
confidentiality
integrity
availability
accuracy
10 points   
QUESTION 9
Which domain (not the Remote Access Domain) throughout the seven domains
of a typical IT infrastructure supports remote access connectivity for users and
mobile workers needing to connect to the organization’s IT infrastructure?
The User Domain
The Workstation Domain
 The Local Area Network-to-Wide Area Network (LAN-to-WAN) Domain
The Wide Area Network (WAN) Domain
10 points   
QUESTION 10
In the Standards section of the remote access policy document you created in the
lab, you referenced standards such as:
employee screening standards and hiring standards.
encryption standards and SSL VPN standards.
User standards and Workstation standards.
security awareness training standards.
10 points   
QUESTION 11
In the Remote Access Domain, __________ becomes remote authentication.
workstation authentication
remote association
user authorization
user authentication
10 points   
QUESTION 12
The Health Insurance Portability and Accountability Act (HIPAA) is a(n)
__________ that applies to all U.S. healthcare organizations.
compliance law
medical care standard
industry standard
general guideline
10 points   
QUESTION 13
In what section of the remote access policy document you created in the lab did
you describe the organization-wide implementation of the remote access policy?
The Purpose/Objectives section
The Standards section
The Procedures section
The Guidelines section
10 points   
QUESTION 14
In the scenario in the lab, what type of remote access to the patient medical
records system was necessary to ensure electronic protected health information
(ePHI) was adequately secured for remote access from the field?
HTTP://
 HTTPS://
HTTP://WWW
HIPAA
10 points   
QUESTION 15
The sample remote access policy document from the hospital that you reviewed
in the lab showed that the Remote Access Domain is technically the same as the
__________, only with the added burden of transmitting over an insecure
network.
User Domain
Workstation Domain
LAN Domain
WAN Domain
10 points   
QUESTION 16
Organizations that offer remote access should have strong perimeter security
solutions, such as authentication software and a(n) __________, which provides
a barrier to traffic crossing the network’s perimeter and permits only authorized
traffic.
firewall
hub
software policy
intrusion detection system
10 points   
QUESTION 17
Which of the following statements is true regarding a remote access policy
definition?
Remote access is the lowest level of access control privileges.
A remote access policy definition is not very useful for handling remote
employees and authorized users who require remote access.
A remote access policy definition will not mitigate any of the risk exposure
from employees who have remote access to organization-owned IT
resources.
Organizations that are protecting privacy data must have proper security
controls for accessing customer privacy data remotely.
10 points   
QUESTION 18
In the lab, the XYZ Health Care Provider wanted to monitor and control the use of
remote access by implementing system logging and VPN connections. Which of
the following statements is true regarding these types of security controls?
It is not possible to monitor specific folders, databases, and data to
provide automatic alerts and alarms to security monitoring applications.
 Synchronizing all logs, audit trails, and folder/data accessed can provide
proper auditing and verification that remote users are not performing any
data leakage.
It is unlawful to use the VPN device and authentication server to monitor
or log VPN connections and remote access.
It is not necessary to monitor or review remote access, authentication,
and access to systems, applications, and databases on a periodic basis.
10 points   
QUESTION 19
Which of the following statements would NOT be considered a risk or threat
found in the Remote Access Domain?
Brute force user ID and password attacks
Multiple access attempts and logon tries
Authorized access to IT systems
A remote worker’s laptop is stolen
10 points   
QUESTION 20
Which of the following statements is true regarding remote access?
The Internet is an expensive tool and presents very few positive
opportunities for businesses.
An organization must ensure security and compliance while allowing
remote access to employees.
The risks and threats of remote access primarily affect the Workstation
Domain.
Employees should not be permitted remote access to the organization’s
resources via the Internet.