240 Chapter 10 ■ Practice Test 2
- Susan wants to ensure that the audit report that her organization requested includes input
from an external auditor. What type of report should she request?
A. SOC 2, Type 1
B. SOC 3, Type 1
C. SOC 2, Type 2
D. SOC 3, Type 2 - When Susan requests a SOC 2 report, she receives a SAS 70 report. What issue should
Susan raise?
A. SAS 70 does not include Type 2 reports, so control evaluation is only point in time.
B. SAS 70 has been replaced.
C. SAS 70 is a financial reporting standard and does not cover data centers.
D. SAS 70 only uses a 3-month period for testing. - What two logical network topologies can be physically implemented as a star topology?
A. A bus and a mesh.
B. A ring and a mesh.
C. A bus and a ring.
D. It is not possible to implement other topologies as a star. - Bell-LaPadula is an example of what type of access control model?
A. DAC
B. RBAC
C. M AC
D. ABAC - Martha is the information security officer for a small college and is responsible for safe-
guarding the privacy of student records. What law most directly applies to her situation?
A. H I PA A
B. HITECH
C. COPPA
D. F ER PA - What US law mandates the protection of protected health information?
A. F ER PA
B. SAFE Act
C. GLBA
D. H I PA A