DATA
Incidents
Software
Cloud
Network
100

Reliable and timely access to data and resources is provided to authorized individuals

What is Availability?

100

This plan is maintained by the IT staff and includes detailed instructions on how to manage and restore IT systems in the case of an emergency

What is the Information Systems Contingency Plan / ISCP? (also acceptable: Disaster Recovery Plan / DRP) This is different from the CEMP, which is a facility-maintained plan for managing healthcare services in a disaster

100

These include descriptions, test plans, back-out plans, and approvals and cannot be modified once closed.

What is a change request? These are required for all enterprise-level software modifications.

100

A company that delivers cloud services is called 

Cloud Service Provider (CSP)

100

This is the practice of maintaining separate networks and security policies for FDA-regulated medical computers and non-medical computers

What is Medical Device Isolation Architecture (MDIA)?

200

Accuracy and reliability of the information and systems are provided and any unauthorized modification is prevented

What is Integrity?

200

An event that has potential to do harm.

What is incident?

200

SADLC conducts these monthly in order to identify vulnerabilities, such as unauthorized software installed, missing patches, and configuration errors

What are scans?

200

Services that are available anytime a client wants or needs them are called

What are On-demand services?

200

These agreements must be in place between the facility and all external parties with direct connections to the official network.

What are Memoranda of Understanding (MOUs)?

300

Necessary level of secrecy is enforced, and unauthorized disclosure is prevented

What is Confidentiality?

300

Incident that results in disclosure or potential disclosure of data.

What is Breach?

300

A piece of software that is installed to fix problems in another piece of software

What is a patch?

300

Which type of deployment is a mixture of a public and a private cloud?

What is Hybrid Cloud? 

300

By blocking unknown or untrusted websites, implementing firewalls, "whitelisting" known friendly connections, reviewing authorized computer-to-computer connections, scanning outgoing email, and encrypting all network traffic, IT is mitigating this common security issue

What is data leakage or exfiltration?

400

These are the elements of multi-factor authentication

What are "something you are, something you have, and something you know?"

400

The first step that individuals responsible for the development of a Business Continuity Plan (BCP) should perform.

What is BCP team selection?

400

Is an interpreted language that does not make use of a compiler to transform code into an executable state. 

What is JavaScript? 

400

Which document specifies the CSP's responsibility to provide a certain amount of availability, resources, and standards by which the resources should be protected.

What is Service Level Agreement (SLA)?

400

It's performed by sending malformed packets to a system; can interrupt service or completely deny legitimate users of system resources.

What is Denial of Service (DoS) attack?

500

These must be encrypted before they are taken off site for storage.

What are backups?

500

Steps to be followed when creating a Business Continuity Plan (BCP).

What are business impact analysis, recovery, organization, and training?

500

Is a popular vulnerability scanner managed by Tenable Network Security, and it combines multiple techniques to detect a wide range of vulnerabilities.

What is Nessus?

500

Which cloud model is a form of cloud computing that provides virtualized computing resources, such as storage, over the internet?

What is Software as a service (SaaS)?

500

It is the first layer in the Open Source Interconnection (OSI) 7 layer model.

What is Physical structure layer?