| Question.46 Which of the following threat types involves the sending of untrusted data to a user’s browser to be executed with their own credentials and access? (A) Missing function level access control (B) Cross-site scripting (C) Cross-site request forgery (D) Injection |
46. Click here to View Answer
Correct Answer: B
| Question.47 How is an object stored within an object storage system? (A) Key value (B) Database (C) LDAP (D) Tree structure |
47. Click here to View Answer
Correct Answer: A
| Question.48 Which of the following is NOT a regulatory system from the United States federal government? (A) PCI DSS (B) FISMA (C) SOX (D) HIPAA |
48. Click here to View Answer
Correct Answer: A
The payment card industry data security standard (PCI DSS) pertains to organizations that handle credit card transactions and is an industry regulatory standard, not a governmental one.
| Question.49 Which jurisdiction lacks specific and comprehensive privacy laws at a national or top level of legal authority? (A) European Union (B) Germany (C) Russia (D) United States |
49. Click here to View Answer
Correct Answer: D
The United States lacks a single comprehensive law at the federal level addressing data security and privacy, but there are multiple federal laws that deal with different industries.
| Question.50 Which United States law is focused on PII as it relates to the financial industry? (A) HIPAA (B) SOX (C) Safe Harbor (D) GLBA |
50. Click here to View Answer
Correct Answer: D
The GLBA, as it is commonly called based on the lead sponsors and authors of the act, is officially known as “The Financial Modernization Act of 1999.” It is specifically focused on PII as it relates to financial institutions. There are three specific components of it, covering various areas and use, on top of a general requirement that all financial institutions must provide all users and customers with a written copy of their privacy policies and practices, including with whom and for what reasons their information may be shared with other entities.