1|Page
ITN 267 FINAL EXAM ACTUAL VERIFIED EXAM
QUESTIONS AND CORRECT DETAILED ANSWERS
LATEST UPDATE THIS YEAR.pdf||NEWEST EXAM!!!
Nevada's Security of Personal Information Law requires
protection of personal information in a number of ways
and applies to which of the following? - Answer-data
collectors
What was the first state to have a breach notification law?
- Answer-California
Because Congress can't usually interfere in state matters,
it can't create a uniform federal law in areas legislated by
the states unless there's a compelling reason to do so.
Thus, there is no existing federal law on information
security. - Answer-True
After the ChoicePoint breach, 46 states, including the
District of Columbia, have created breach notification laws.
Although, most states used the California law as a model,
there are some differences. Which of the following is not
one of the differences? - Answer-maximum requirements
for encryption
,2|Page
Congress can create laws in areas where
the________________ allows it. - Answer-U.S.
Constitution
Which of the following may be exempt from state breach
notification laws because they are already subject to other
laws with specific data security requirements? - Answer-
Both A and B. GLBA financial institutions and entities
covered by HIPAA
The __________________ was created after a security
breach at a state-operated data facility. - Answer-California
Database Security Breach Notification Act
Massachusetts' "Standards for the Protection of Personal
Information of Residents of the Commonwealth" was
released in September 2008 and is known for being
"unique" in terms of its data protection standard. Which of
the following statements best captures that uniqueness? -
Answer-It attempts to regulate businesses outside of
Massachusetts by requiring businesses to encrypt the
personal data of Massachusetts residents.
, 3|Page
What is a legal concept that protects an entity from legal
liability and is written into the law? Entities that encrypt the
personal information that they own or maintain do not
have to follow the notification requirements of this concept
if they have a data breach. - Answer-safe harbor
In ________________ there is a two-part test to see if
notification is required. First, a breach is an unauthorized
acquisition of personal information, and second, the
acquisition must cause, or be likely to cause, substantial
economic loss to a person. - Answer-Arizona
Indiana law requires that a state agency may not disclose
a person's Social Security number to anyone. There are
limited exceptions to this law. Which of the following
situations is not among those in which a SSN can be
disclosed? - Answer-the disclosure is required by a
collection agency
In 2002, Washington State created a data disposal law
that requires an entity to take reasonable steps to destroy
records that contain health and financial data when it
determines that it no longer needs those records. Which of
the following entities is specifically excluded from following
this law? - Answer-the federal government
ITN 267 FINAL EXAM ACTUAL VERIFIED EXAM
QUESTIONS AND CORRECT DETAILED ANSWERS
LATEST UPDATE THIS YEAR.pdf||NEWEST EXAM!!!
Nevada's Security of Personal Information Law requires
protection of personal information in a number of ways
and applies to which of the following? - Answer-data
collectors
What was the first state to have a breach notification law?
- Answer-California
Because Congress can't usually interfere in state matters,
it can't create a uniform federal law in areas legislated by
the states unless there's a compelling reason to do so.
Thus, there is no existing federal law on information
security. - Answer-True
After the ChoicePoint breach, 46 states, including the
District of Columbia, have created breach notification laws.
Although, most states used the California law as a model,
there are some differences. Which of the following is not
one of the differences? - Answer-maximum requirements
for encryption
,2|Page
Congress can create laws in areas where
the________________ allows it. - Answer-U.S.
Constitution
Which of the following may be exempt from state breach
notification laws because they are already subject to other
laws with specific data security requirements? - Answer-
Both A and B. GLBA financial institutions and entities
covered by HIPAA
The __________________ was created after a security
breach at a state-operated data facility. - Answer-California
Database Security Breach Notification Act
Massachusetts' "Standards for the Protection of Personal
Information of Residents of the Commonwealth" was
released in September 2008 and is known for being
"unique" in terms of its data protection standard. Which of
the following statements best captures that uniqueness? -
Answer-It attempts to regulate businesses outside of
Massachusetts by requiring businesses to encrypt the
personal data of Massachusetts residents.
, 3|Page
What is a legal concept that protects an entity from legal
liability and is written into the law? Entities that encrypt the
personal information that they own or maintain do not
have to follow the notification requirements of this concept
if they have a data breach. - Answer-safe harbor
In ________________ there is a two-part test to see if
notification is required. First, a breach is an unauthorized
acquisition of personal information, and second, the
acquisition must cause, or be likely to cause, substantial
economic loss to a person. - Answer-Arizona
Indiana law requires that a state agency may not disclose
a person's Social Security number to anyone. There are
limited exceptions to this law. Which of the following
situations is not among those in which a SSN can be
disclosed? - Answer-the disclosure is required by a
collection agency
In 2002, Washington State created a data disposal law
that requires an entity to take reasonable steps to destroy
records that contain health and financial data when it
determines that it no longer needs those records. Which of
the following entities is specifically excluded from following
this law? - Answer-the federal government
