Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CHAPTER 7 HIT
SECURITY
| Question | Answer |
|---|---|
| a malicious attack using social skills to manipulate or trick a person who has access to sensitive data, such as PHI, into sharing the information | Social engineering |
| when an attacker tricks or manipulates a user to give out sensitive data or into allowing unauthorized programs onto a computer or network | Phishing |
| unsolicited contact from an attacker that causes unnecessary network or Internet traffic, which can slow down the network for legitimate uses | Spam |
| the best way to avoid falling for spam attacks | Applying email filters and educating users |
| any program unknowingly transmitted to a computer or network designed to cause damage | Malware |
| a type of malware designed to secretly collect information on a computer or network | Spyware |
| program designed to prevent spyware from being installed on a computer | Antispyware |
| Assigning access to users based on their job role | role-based access control (RBAC) |
| Can view data but cannot alter data already existing | Read |
| Can view and create data but cannot alter data already existing | Write |
| Can view, create, and alter data | Modify |
| Can view, create, alter, and delete data | Full Access |
| groups can also affect permissions of computers, printers, and any other device that joins the domain | AD |
| located in the server room and manage wiring used for telecommunication | Main distribution frames (MDFs) |
| located in locked data closets on each floor of a facility to connect the MDF to workstations. | Intermediate distribution frames (IDFs) |
| display a number or code synched with the network authentication service | Key fobs |
| a card that looks similar to a credit card with a strip or chip that identifies the person assigned to the card | badge |
| can verify a number of unique identifiers of people, such as hand scans, retinal scans, or fingerprint scans | Biometric devices |
| a handshake between a web server and a browser to establish a secure connection. SSL can be used with HTTP and FTP to create secure connections | Secure sockets layer (SSL) |
| is similar to DES, but it applies the cipher algorithm three times to each cipher block. | Triple data encryption standard (3DES) |
| designed to be used for signing and encrypting email. | Pretty good privacy (PGP) |
| also called a file server, is a server or computer used for storing data | Network attached storage (NAS) |
| an independent network separate from the normal LAN designed for data storage | storage area network (SAN) |
| All sharing of PHI must be monitored and recorded for | six years |
| secures data using an encryption key but is a weak encryption because the encryption key is static | Wired Equivalent Privacy (WEP) |
| uses TKIP, which changes the encryption key periodically, but is also a weak encryption because it allows hackers to spoof data, or to falsify data on the network. | Wi-Fi Protected Access (WPA) |
| the most current and secure encryption available for wireless networks | Wi-Fi Protected Access 2 (WPA2) |
| WPA2 uses | Advanced Encryption Standard (AES) |
| AES | Advanced Encryption Standard |
| uses an authentication server to control access to the wireless network. | Remote Authentication Dial-In User Service (RADIUS) |
| RADIUS | Remote Authentication Dial-In User Service |
| the name assigned to an access point (AP) | Service Set Identifier (SSID) |
| SSID | Service Set Identifier |
| filtering can be set on network devices, such as a switch, to allow only devices with a permitted ___ to connect to the network | MAC address |
| a remote connection used to view another computer’s desktop in a window | Remote desktop connection (RDC) |
| RDC | Remote desktop connection |
| a secured, encrypted connection to a facility’s network or a specific server | virtual private network (VPN) |
| VPN | virtual private network |
| a connection to a mainframe computer that holds all the data being accessed | terminal emulator |
| a tunneling protocol used to create a VPN connection encrypted through the entire connection, from one point to the other, making it difficult to intercept. | Layer 2 tunneling protocol (L2TP) |
| L2TP | Layer 2 tunneling protocol |
| an encryption that ensures confidentiality and integrity of data over an unsecured network. | Secure shell (SSH) |
| MTD | maximum tolerable downtime |
| The basic rule of disposal is to make sure the data—whether hardcopy or on an electronic device—is | unreadable, indecipherable, and cannot be reconstructed |
| when all data is deleted, overwritten, and reformatted. | Sanitizing the device |
| An ______ is usually found on each floor of a facility to connect wired workstations on the network to the ______ in the data center. | IDF, MDF |
| ______ chips are mainly used in badges today. | RFID |
| Usually the most critical devices use a ______ as well to provide power while waiting for the generator to kick in. | UPS |
| ______ is similar to ______, but it applies the cipher algorithm three times to each cipher block. | 3DES, DES |
| The strength to ______ is that the number of possible keys is so vast that it is relatively safe against hacking. | PGP |
| ______ has its own network address so that other computers on the network can access it to remotely store files. | NAS |
| A ______ provides better quality and more volume of storage for a server or ______ that might otherwise have limited storage space. | SAN, NAS |
| _____ is the most current and secure encryption available for wireless networks. | WPA2 |
| A wireless network that contains sensitive information should disable broadcasting the _____ so that it is hidden when devices search for available wireless networks. | SSID |
| _____ connections are used for remote radiologists to examine medical images or remote medical coders to create claims to send to insurance companies. | VPN |
| The terminal emulator typically looks much like a command prompt window, but some have a _____ to make navigating and using the remote data easier. | GUI |
| ______ connections are encrypted through the entire connection, from one point to the other, making it difficult to intercept. | L2TP |
| _____ is a secure version of _____ that uses ______ encryption to encrypt data sent to and from a web server. | HTTPS, HTTP, SSL |
| _____ states that record disposal is the responsibility of covered entities. | HIPAA |
| _____ on electronic media is disposed by sanitizing or degaussing the device. | PHI |
| What is the purpose of spyware? | to secretly collect information on a computer or network |
| What type of permission does an administrator account have? | full access |
| Besides user accounts, what other controls do AD groups control? | affect permissions of computers, printers, and any other device that joins the domain |
| What are four methods to unlock secured locks? | Keys, key fob, badge, and biometric scanner |
| What are the recommended specifications for the HVAC in the data center? | a temperature of 64–80 degrees Fahrenheit with humidity ranging from 30%–55%. |
| How are surveillance cameras limited? | they can only witness criminal activity |
| What are three goals for storage encryption methods? | Information remain confidential, Data storage and retrieval should be fast, Encryption should not waste space |
| Why might PHI be shared outside of the facility’s personnel? | shared with the patient, another healthcare provider as a referral, or an insurance agency |
| Why are remote employees issued computers owned by the facility? | because the facility cannot control the security of any data moved to the personal computer |
| What is the goal when disposing of media that contains PHI? | make sure the data—whether hardcopy or on an electronic device—is unreadable, indecipherable, and cannot be reconstructed |
| The demarcation point in a data center between public and private wiring is called | MDF (main distribution frame) |
| To secure a printer that is in or near a public space it can be | password protected |
| an algorithm that can encrypt and decrypt messages | cipher |
| also called physical address, is a unique identifier assigned to network interfaces for communications on the physical network segment. | MAC address |
| a method to secure a network by limiting which devices are allowed to connect to a network based on a list of physical addresses kept by the wireless access points | MAC filtering |
| Assigning access to users based on their job role is known by which of the following terms? | RBAC |
| A website entices visitors with free music or movie downloads in exchange for entering their login credentials to a certain site. Which of the following terms describes this scenario | Social engineering |
| An email in your inbox appears to be from your bank. It states that your account may have suffered unauthorized access and asks for account number and password. Which of the following terms describes this scenario | Phishing |
| Software that runs in the background on a computer to secretly gather information is known by | Spyware |
| A user must prove who he or she is before being granted access to a network or other resource. What is this process? | Authentication |
| Which of the following terms describes healthcare information that should be private and secure | ePHI |
| Besides Read and Write which of the following is a common type of access that is granted to an individual user? | Modify |
| Which of the following is a secure, encrypted connection to a facility’s network or a specific server from across the Internet. | Virtual private network |
| Two common ways to group employees in Active Directory (AD) include which of the following? | Job title, security level |
| What kind of encryption does secure socket layer use? | Public key |
| Which of the following is a secure version of HTTP that encrypts data sent to and from a web server? | HTTPS |
| Which of the following must be carefully and thoughtfully established before physical and technical controls can be implemented? | Administrative controls (policy) |
| Which of the following is considered a more secure way of erasing data from a device? | Degaussing |
| Which of the following is the weakest wireless encryption standard? | WEP |
| Which of the following describes a record of activity in an information system including a time and date stamp and the username performing a particular activity? | Audit trail |
| Which of the following is unsolicited contact that you did not ask for and do not want and might come from an attacker | Spamming |
| Which of the following is a card with a magnetic strip or chip that identifies the person assigned to the card? | Badge |
| Which of the following is a device used to identify a person based on biological data? | Biometric scanner |
| Which of the following in Active Directory can set certain requirements about the strength of a password, such as including at least one lowercase and uppercase letter, number, and symbol, or character length. | Group policy |
| Which of the following is a type of encryption that uses a single, private key to both encrypt and decrypt data | Symmetric |
| . Which of the following is an encryption method designed for signing and encrypting email, which uses both symmetric and asymmetric encryption? | Pretty good privacy |
| Which of the following is an independent storage network separate from the normal LAN designed for data storage? | Storage area network |
| Authentication can be achieved by something you know, something you have or something you | are |
| Handshake between a web server and a browser to establish a secure connection | SSL |
| A storage device connected directly to the network | Network attached storage |
| Uses an authentication server to control access to the wireless network | Remote Authentication Dial-In User Service (RADIUS) |
Created by:
Wynston
Popular Health & Social Care sets