| Question 1: Technical means alone are sufficient for securing institutional data. |
| Reference: | Reference: https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final |
| Choice A: | True |
| Choice B: | False |
| Question 2: The primary mechanism that can be used to secure DICOM data in transit is: |
| Reference: | Reference: http://dicom.nema.org/medical/dicom/current/output/pdf/part15.pdf |
| Choice A: | DICOM Message Service Element (DIMSE) services |
| Choice B: | Hypertext Transfer Protocol (HTTP) |
| Choice C: | Transport Layer Security (TLS) |
| Choice D: | Transmission Control Protocol/Internet Protocol (TCP/IP) |
| Question 3: How many times per day is Facebook targeted for cyber-attacks? |
| Reference: | https://www.nydailynews.com/news/national/facebook-hack-attacks-strike-600k- |
| Choice A: | 100,000 |
| Choice B: | 50,000 |
| Choice C: | 1,000 |
| Choice D: | 600,000 |
| Question 4: It is estimated that in 2016, cyber-attacks cost US corporations roughly what amount in US Dollars? |
| Reference: | https://www.nydailynews.com/news/national/facebook-hack-attacks-strike-600k-times-day-article-1.968681 |
| Choice A: | 1-5 Billion |
| Choice B: | 6-10 Billion |
| Choice C: | 20-30 Billion |
| Choice D: | 50+ Billion |
| Question 5: What is FIPS 140/2? |
| Reference: | https://csrc.nist.gov/publications/detail/fips/140/2/final |
| Choice A: | US Government Software as a Service (SaaS) standard |
| Choice B: | U.S. government computer security standard used to approve cryptographic modules |
| Choice C: | Interoperability standard like DICOM |
| Choice D: | Dose calculation algorithm |
| Question 6: A vendor system uses default generic user names and passwords that can be easily found on the internet or shared between the clinical users. Is this a potential security vulnerability and what is the most probably solution? |
| Reference: | https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final |
| Choice A: | Yes, Update the antivirus and antimalware software |
| Choice B: | No, use unsecured USB/CD/DVD ports |
| Choice C: | Yes, have the vendor implement the single sign-on (SSO) solution with Microsoft Active Directory (AD) and limit generic AD accounts. |
| Choice D: | No, create additional generic accounts in the vendor platform that are able to be shared amongst the clinical users and others. |
