1. Bob recently accepted a position as the information security and compliance manager for a medical practice. Which regulation is likely to most directly apply to Bob's employer?

a) Federal Information Security Management Act (FISMA)

b) Health Insurance Portability and Accountability Act (HIPAA)

c) Children's Internet Protection Act (CIPA)

d) Gramm-Leach-Bliley Act (GLBA)

2. Maria's company recently experienced a major system outage due to the failure of a critical component. During that time period, the company did not register any sales through its online site. Which type of loss did the company experience as a result of lost sales?

a) Replacement cost

b) Opportunity cost

c) Manpower cost

d) Cost of good sold

3. Bob is using a port scanner to identify open ports on a server in his environment. He is scanning a web server that uses Hypertext Transfer Protocol (HTTP). Which port should Bob expect to be open to support this service?

a) 21

b) 23

c) 80

d) 443

4. Users throughout Alison's organization have been receiving unwanted commercial messages over the organization's instant messaging program. What type of attack is taking place?

a) Spam

b) Phishing

c) Social engineering

d) Spim

5. Which control is not designed to combat malware?

a) Firewalls

b) Antivirus software

c) Awareness and education efforts

d) Quarantine computers