Which of the following assessment metrics is BEST used to understand a system's vulnerability to potential exploits?
Correct Answer: C
Identifying the number of security flaws within the system is the best assessment metric to understand a system's vulnerability to potential exploits. A security flaw is a weakness or a defect in the system's design, implementation, or operation that could be exploited by an attacker to compromise the system's confidentiality, integrity, or availability2. By identifying the number of security flaws within the system, the assessor can measure the system's vulnerability, which is the degree to which the system is susceptible or exposed to attacks3. Determining the probability that the system functions safely during any time period, quantifying the system's available services, and measuring the system's integrity in the presence of failure are not assessment metrics that directly relate to the system's vulnerability to potential exploits, as they are more concerned with the system's reliability, availability, and resilience. References: 2: CISSP For Dummies, 7th Edition, Chapter 8, page 2173: Official (ISC)2 CISSP CBK Reference, 5th Edition, Chapter 8, page 461.
Question 347
Which of the following analyses is performed to protect information assets?
Correct Answer: B
Question 348
Which of the following items BEST describes the standards addressed by Title II, Administrative Simplification, of the Health Insurance Portability and Accountability Act (US Kennedy-Kassebaum Health Insurance and Portability Accountability Act -HIPAA-Public Law 104-19)?
Correct Answer: C
HIPAA was designed to provide for greater access to personal health care information, enable portability of health care insurance, establish strong penalties for health care fraud, and streamline the health care claims process through administrative simplification. To accomplish the latter, Title II of the HIPAA law, Administrative Simplification, requires standardizing the formats for the electronic transmission of health care information. The transactions and code sets portion includes standards for submitting claims, enrollment information, premium payments, and others as adopted by HHS. The standard for transactions is the ANSI ASC X12N version 4010 EDI Standard. Standard code sets are required for diagnoses and inpatient services, professional services, dental services (replaces D' codes), and drugs (instead of J' codes). Also, local codes are not to be used. Unique health identifiers are required to identify health care providers, health plans, employers, and individuals. Security and electronic signatures are specified to protect health care information. Pri- vacy protections are required to ensure that there is no unauthorized disclosure of individually identifiable health care information. The other answers are incorrect since they do not include all four major standards. Additional information can be found at http:// aspe.hhs.gov/adminsimp.
Question 349
Which would result in the GREATEST import following a breach to a cloud environmet?
Correct Answer: D
Question 350
In a data classification scheme, the data is owned by the