Networking and Health Information Exchange / Privacy, Confidentiality, and

Security Issues and Standards

Self-assessment key

1. Security is _________________.

a. the quality or state of being secure

b. freedom from fear or anxiety
c. measures taken to guard against espionage or sabotage, crime, attack or escape
*d. all of the above

Answer: d Security is defined by the Merriam-Webster Dictionary as the quality or state

of being secure, freedom from danger, freedom from fear or anxiety, and measures
taken to guard against espionage or sabotage, crime, attack, or escape.
Objective(s): 1
Lecture(s)/Slide(s): a3

2. ____________ is making sure that only authorized individuals have access to

information.

a. Integrity
b. Availability
*c. Confidentiality
d. Nonrepudiation

Answer: c Confidentiality is making sure that only authorized individuals have access to
information.
Objective(s): 1
Lecture(s)/Slide(s): a6

3. __________ means that the data on a system is the same as the data from the
original source. It has not been altered.

*a. Integrity
b. Availability
c. Confidentiality
d. Nonrepudiation
Health IT Workforce Curriculum Networking and Health Information Exchange 1
Version 3.0 / Spring 2012 Privacy, Confidentiality, and Security Issues and Standards
Lectures a and b

This material Comp9_Unit9 was developed by Duke University, funded by the Department of Health and Human Services, Office of the
National Coordinator for Health Information Technology under Award Number IU24OC000024.
Answer: a Integrity means that the data on a system is the same as the data from the
original source. The data has not been altered or destroyed.
Objective(s): 1
Lecture(s)/Slide(s): a9

4. _____ is the process of taking data applying a cipher to create ciphertext.

a. Hashing
*b. Encryption
c. Scrambling
d. Ciphering

Answer: b Encryption is the process of taking data, referred to as plaintext, and applying
an encryption algorithm, called cipher, to create ciphertext.
Objective(s): 2
Lecture(s)/Slide(s): a10

5. ________ provides proof that a certain action has taken place or that
something/someone is what they claim to be.

a. Integrity
b. Availability
c. Confidentiality
*d. Nonrepudiation

Answer: d Nonrepudiation provides proof that a certain action has taken place, or that
something/someone is what he claims to be.
Objective(s): 2
Lecture(s)/Slide(s): a16

6. ______ are used to verify the identity of the source. It binds a public key with
information about the source.

a. PKI
b. Encryption
*c. Certificates
d. Hashes
Health IT Workforce Curriculum Networking and Health Information Exchange 2
Version 3.0 / Spring 2012 Privacy, Confidentiality, and Security Issues and Standards
Lectures a and b

This material Comp9_Unit9 was developed by Duke University, funded by the Department of Health and Human Services, Office of the
National Coordinator for Health Information Technology under Award Number IU24OC000024.
Answer: c Certificates are used to bind a public key with a person, an organization, their
address, contact information, and other relevant information. Certificates are used to
verify the identity of the source.
Objective(s): 2
Lecture(s)/Slide(s): a17

7. ______ is who or what is allowed access to a particular resource and what level of
access they are allowed.

*a. Access Control

b. Authentication
c. Accessibility
d. Authorization

Answer: a Access control is: Who, or what, is allowed access to a particular resource,
and what level of access is allowed.
Objective(s): 3
Lecture(s)/Slide(s): b3

8. In ___________ it is completely up to the owner of the object who has access to

them and what access they have.

a. Mandatory Access Control

*b. Discretionary Access Control
c. Role Based Access Control
d. Privileges

Answer: b Discretionary Access Control (DAC) means that it is completely up to the

owner of the objects who has access to them, and what access they have.
Objective(s): 3
Lecture(s)/Slide(s): b5

9. An ________ is a list that is associated with a file, directory or object that lists who
has access to it and what access they have.

Health IT Workforce Curriculum Networking and Health Information Exchange 3

Version 3.0 / Spring 2012 Privacy, Confidentiality, and Security Issues and Standards
Lectures a and b

This material Comp9_Unit9 was developed by Duke University, funded by the Department of Health and Human Services, Office of the
National Coordinator for Health Information Technology under Award Number IU24OC000024.
a. Authentication
b. Accessibility
c. Authorization
*d. Access Control List

Answer: d An Access Control List (ACL) is a list that is associated with a file, directory or
object that lists who has access to it, and the type of access.
Objective(s): 3
Lecture(s)/Slide(s): b7

10. ________ use Internet technology to transmit data between sites. Data is
encrypted as it travels from site to site.

a. WANs
b. Intranets
*c. VPNs
d. Extranets

Answer: c Virtual private networks (VPNs) use Internet technology to transmit data
between sites. The data is encrypted as it travels from site to site.
Objective(s): 4
Lecture(s)/Slide(s): b16

Health IT Workforce Curriculum Networking and Health Information Exchange 4

Version 3.0 / Spring 2012 Privacy, Confidentiality, and Security Issues and Standards
Lectures a and b

This material Comp9_Unit9 was developed by Duke University, funded by the Department of Health and Human Services, Office of the
National Coordinator for Health Information Technology under Award Number IU24OC000024.