8 - Legal, Regulations, Investigations and Compliance Flashcards
(125 cards)
1
Q
- Which RFC contains the Internet Activity Board’s “Ethics and the Internet” documentation? a. RFC 1918b. RFC 1394c. RFC 1024d. RFC 1087
A
D: RFC 1087 contains the Internet Activity Board’s “Ethics and the Internet” documentation.
2
Q
- Which of the following is not defined as unethical and unacceptable activity by Internet Activity Board’s “Ethics and the Internet” documentation?a. Soliciting for non-profit organization donationsb. Wasting resources (people, capacity, computer) through such actionsc. Destroying the integrity of computer-based informationd. Compromising the privacy of users
A
A: This is not listed or defined as unethical and unacceptable activity by RFC 1087.
3
Q
- The theft of small amounts of information from many sources to compile or infer data about something private or classified is known as?a. Masqueradingb. The Salami techniquec. Data diddlingd. Espionage
A
B: The theft of small amounts of information from many sources to compile or infer data about something private or classified is known as the Salami technique.
4
Q
- Which of the following is not technically a crime according to the law?a. espionageb. fraudc. piracyd. resource waste
A
D: Resource waste is an inappropriate activity but not an actual crime.
5
Q
- Which of the following defined the unauthorized possession of information without the intent to profit from the information as a crime?a. 1991 U.S. Federal Sentencing Guidelinesb. U.S. Computer Fraud and Abuse Actc. U.S. Privacy Act 1974d. U.S. National Information Infrastructure Protection Act 1996
A
A: The 1991 U.S. Federal Sentencing Guidelines defined the unauthorized possession of information without the intent to profit from the information as a crime.
6
Q
- Evidence should be all but which of the following in order to be used in court?a. Reliableb. Sufficientc. Relevantd. Permissible
A
B: Evidence need not be sufficient.
7
Q
- Which of the following is not an element or aspect of the ISC(2) code of ethics?a. CISSP certification holders are required by law to uphold the ISC(2) code of ethicsb. CISSP certification holders should adhere to the highest ethical standards of behaviorc. A condition of CISSP certification is adherence to the ISC(2) code of ethics.d. Protect society, the commonwealth, and the infrastructure
A
A: This is not element or aspect of the ISC(2) code of ethics, the code is not enforceable by law.
8
Q
- Violation of the ISC(2) code of ethics can result in?a. Arrestb. Revocation of certificationc. Financial penaltiesd. Community service hours
A
B: A consequence of violating the ISC(2) code of ethics is revocation of certification.
9
Q
- Which of the following is not directly specified in the cannons of the ISC(2) code of ethics?a. Act honorably, honestly, justly, responsibly, and legallyb. Provide diligent and competent service to principals.c. Don’t write malicious code such as virusesd. Advance and protect the profession
A
C: This is not addressed in the cannons of the ISC(2) code of ethics.
10
Q
- The crime of impersonation or spoofing is also known as?a. Spammingb. Data diddlingc. Masqueradingd. Social engineering
A
C: Masquerading is another name for the crime of impersonation or spoofing.
11
Q
- Unauthorized modification of data is known as?a. The salami technique b. Spoofingc. Malicious coded. Data diddling
A
D: Data diddling is the act of unauthorized modification of data.
12
Q
- TEMPEST is concerned with?a. Emanation eavesdroppingb. Distributed Denial of Service attacks.c. Password theftd. Dumpster diving
A
A: TEMPEST is concerned with emanation eavesdropping.
13
Q
- The act of extracting information from discarded materials is known as?a. Fraudb. Dumpster divingc. Information warfared. Superzapping
A
B: The act of extracting information from discarded materials is known as
14
Q
- Which of the following is not supported by the ISC2’s CISSP code of ethics? a. promote understanding of securityb. provide competent servicec. do not disclose confidential information from clientsd. report crimes to ISC2
A
D: The ISC2’s CISSP code of ethics indicates that knowledge of crimes should be appropriately reported. Appropriately reporting crimes would be to inform the management of the organization and/or law enforcement. Informing ISC2 is not appropriate.
15
Q
- Which of the following is not considered a violation of computer ethics?a. working overtime on an IT projectb. browsing files on the file serverc. using proprietary software without compensationd. employing another’s intellectual property without acknowledgement
A
A: It is not a violation of computer ethics to work overtime.
16
Q
- Which of the following is not defined as unacceptable and inappropriate by the Internet Activities Board of Ethics and the Internet?a. seeking to gain unauthorized access to resourcesb. conducting commercial activities over the Internetc. destroying the integrity of computer stored informationd. wasting resources
A
B: Conducting commercial activities over the Internet is not defined as an unacceptable and inappropriate activity as defined by the Internet Activities Board of Ethics and the Internet.
17
Q
- Which of the following is not a valid means to identify or label computer evidence?a. writing on printouts with permanent markersb. recording serial numbersc. writing a contents and ID tag file to a hard drived. photographing the contents displayed on the monitor
A
C: Writing a file to the hard drive may alter the evidence and therefore is an invalid means to label evidence.
18
Q
- What type of evidence proves or disproves a specific act through oral testimony based on information gathered through the witness’s five senses?a. Hearsay evidenceb. Circumstantial evidencec. Secondary evidenced. Direct evidence
A
D: Direct evidence proves or disproves a specific act through oral testimony based on information gathered through the witness’s five senses.
19
Q
- Which of the following is not an element in the ISC2’s code of ethics that all CISSP candidates must adhere to?a. conduct themselves with high standards of moral, ethical, and legal behaviorb. do not commit any unlawful actc. do not write malicious coded. report all discovered unlawful activity
A
C: The actual act of authoring malicious code is not a violation of the ISC2’s code of ethics. However, allowing that malicious code to affect systems is a violation.
20
Q
- Which of the following is not a computer crime?a. social engineeringb. surfing pornographic Web sitesc. password sniffingd. spoofing IP addresses
A
B: Surfing pornographic Web sites is inappropriate in most business environments and often grounds for termination, but it is not a crime.
21
Q
- Which of the following is not a crime against a computer?a. intercepting wireless network communicationsb. installing software that has not been properly purchasedc. causing a blackout of the local power grid by damaging a power stationd. testing an intrusion script against a competitor’s Web site
A
C: Causing a blackout of the local power grid by damaging a power station cannot be considered a crime against a computer.
22
Q
- Which of these computer crimes is not like the others?a. spoofingb. Trojan horsec. masqueradingd. data diddling
A
D: Data diddling is the alteration of data, not the use of information to pretend to be something else.
23
Q
- Which of the following is not a true statement according to the Generally Accepted Systems Security Principles (GASSP)?a. computer security supports the mission of an organizationb. computer security should be cost effectivec. computer security is not restrained by societyd. computer security should be periodically reassessed
A
C: Computer security is restrained by society according to GASSP.
24
Q
- The U.S. Department of Health, Education, and Welfare Code of Fair Information Practices requires which of the following?a. people must be able to remove any information about themselves from databases containing personal datab. organizations maintaining personal data do not need to ensure that data isn’t misusedc. data stored about people must be timelyd. the existence of systems that maintain records of a personal nature cannot remain secret
A
D: The U.S. Department of Health, Education, and Welfare Code of Fair Information Practices requires that the existence of systems that maintain records of a personal nature cannot remain secret.
25
25. Which of the following is considered a crime committed using a computer? a. illegally transferring money from one bank account to another over the Internet b. erasing a hard drive using a degaussing magnet c. setting fire to a building d. theft of a notebook from an airport security checkpoint
A: Illegally transferring money from one bank account to another over the Internet is a crime committed using a computer.
26
26. Which category of common law allows for punishments to include financial penalties but not imprisonment for a conviction? a. civil law b. criminal law c. administrative law d. regulatory law
A: Civil law is a category of common law that allows for financial penalties but not imprisonment.
27
27. Which form of law focuses on the violation of government laws focused on the protection of the public? a. civil law b. criminal law c. administrative law d. regulatory law
B: Criminal law focuses on the violation of government laws focused on the protection of the public.
28
28. What form of common law is also known as tort? a. Administrative law b. Criminal law c. Civil law d. Regulatory law
C: Civil law is also known as tort.
29
29. Which of the following is not a valid countermeasure against the interception of radio frequency and other electromagnetic radiation signals by unauthorized individuals? a. sound dampening insulation b. TEMPEST equipment c. white noise generation d. control zones
A: Sound dampening insulation is ineffective as a countermeasure against radio frequency and other electromagnetic radiation signals.
30
30. Which of the following is not considered a computer crime? a. espionage b. natural disasters c. fraud d. embezzlement
B: Natural disasters are not a form of computer crime.
31
31. Which of the following is not one of the types of laws found in the United States that can be used in a court of law? a. statutory law b. administrative law c. Islamic law d. common law
C: Islamic law is a religious law that is found in some areas of the US, but it is not used in government courts.
32
32. The code of federal regulations is also known as? a. statutory law b. common law c. case digests d. administrative law
D: Administrative laws are also known as the code of federal regulations.
33
33. Which of the following laws addresses confidentiality, integrity, and availability for both data and systems and encourages other countries to adopt the same framework? a. U.S. Privacy Act of 1974 b. Paperwork Reduction Act of 1995 c. U.S. National Information Infrastructure Protection Act of 1996 d. Gramm Leach Bliley Act of 1999
C: The U.S. National Information Infrastructure Protection Act of 1996 addresses confidentiality, integrity, and availability for both data and systems and encourages other countries to adopt the same framework.
34
34. Which of the following requires Federal Agencies to assess the security of their non-classified information systems, to provide a risk assessment, and to report the security needs of its systems? a. U.S. Privacy Act of 1974 b. U.S. Computer Fraud and Privacy Act of 1986 c. U.S. National Information Infrastructure Protection Act of 1996 d. Paperwork Reduction Act of 1995
D: The Paperwork Reduction Act of 1995 requires Federal Agencies to assess the security of their non-classified information systems, to provide a risk assessment, and to report the security needs of its systems.
35
35. Which of the following defines the trafficking in computer passwords as a federal crime if that activity affects interstate or foreign commerce or permits unauthorized access to government computers? a. U.S. Computer Fraud and Abuse Act of 1986 b. Paperwork Reduction Act of 1995 c. U.S. National Information Infrastructure Protection Act of 1996 d. Gramm Leach Bliley Act of 1999
A: The U.S. Computer Fraud and Abuse Act of 1986 defines the trafficking in computer passwords as a federal crime if that activity affects interstate or foreign commerce or permits unauthorized access to government computers.
36
36. Which of the following is an amendment to the U.S. Computer Fraud and Privacy Act of 1986? a. U.S. Privacy Act of 1974 b. U.S. National Information Infrastructure Protection Act of 1996 c. Paperwork Reduction Act of 1995 d. Gramm Leach Bliley Act of 1999
B: The U.S. National Information Infrastructure Protection Act of 1996 is an amendment to the U.S. Computer Fraud and Abuse Act of 1986. The U.S. National Information Infrastructure Protection Act of 1996 addresses confidentiality, integrity, and availability for both data and systems and encourages other countries to adopt the same framework.
37
37. Which of the following laws requires that banks give customers the option to prohibit the distribution of personal information with non-affiliated third parties? a. U.S. Privacy Act of 1974 b. U.S. Computer Fraud and Abuse Act of 1986 c. U.S. National Information Infrastructure Protection Act of 1996 d. Gramm Leach Bliley Act of 1999
D: The Gramm Leach Bliley Act of 1999 requires that banks give customers the option to prohibit the distribution of personal information with non-affiliated third parties.
38
38. Which of the following laws requires that federal agencies protect information about private individuals that is stored in government databases? a. U.S. Privacy Act of 1974 b. U.S. Computer Fraud and Abuse Act of 1986 c. Paperwork Reduction Act of 1995 d. Gramm Leach Bliley Act of 1999
A: The U.S. Privacy Act of 1974 requires that federal agencies protect information about private individuals that is stored in government databases.
39
39. Which of the following laws defines the use of a federal interest computer in a crime as a federal offense and reduces the minimum damage required to declare a crime a federal offence? a. U.S. Privacy Act of 1974 b. U.S. Computer Fraud and Abuse Act of 1986 c. U.S. National Information Infrastructure Protection Act of 1996 d. Gramm Leach Bliley Act of 1999
B: The U.S. Computer Fraud and Abuse Act of 1986 defines the use of a federal interest computer in a crime as a federal offense and reduces the minimum damage required to declare a crime a federal offence.
40
40. Which of the following statements is true? a. European privacy laws are less restrictive than those of the United States. b. European privacy laws are just as restrictive than those of the United States. c. European privacy laws are more restrictive than those of the United States. d. European privacy laws are completely different than those of the United States.
C: European privacy laws are more restrictive than those of the United States.
41
41. Which of the following is not a tenant of the European privacy laws? a. Data must be collected in accordance with the law b. Collected information cannot be disclosed to others without the consent of the individual c. Records kept about an individual must be accurate and timely d. Data can only be collected with the consent of the individual
D: The European privacy laws do not require consent for the collection of private data, just the distribution of such data.
42
42. Which of the following is not true in regards to the European privacy laws? a. Data can be retained indefinitely b. Individuals can correct errors in the data collected about them c. Data can only be used for the original purpose for which it was collected d. Individuals are entitled to a report detailing the information retained about them
A: The European privacy laws require that data be retained for a limited and reasonable period of time defined at the time of gathering the data.
43
43. Which of the following is not a common problem with the storage of personal health and medical data? a. Access granted to a wide range of users, such as outside partners, members, and vendors b. A high level of granular access control on most systems c. Internet connectivity increases vulnerabilities to integrity and privacy of data d. misuse of personal medical data can have a significant negative impact on the public perception of an organization
B: Most systems do not have a high level of granular access control and thus they are vulnerable to security violations. So, the presence of strong security is not a common problem with the storage of personal health and medical data.
44
44. Which form of intellectual property law protects original works of authorship for 50+ years? a. trademark b. patent c. copyright d. trade secret
C: A copyright is a form of intellectual property law that protects original works of authorship for 50+ years.
45
45. Which form of intellectual property law defines data that is confidential and proprietary to a specific organization? a. trademark b. patent c. copyright d. trade secret
D: A trade secret is a type of data defined by intellectual property law that is confidential and proprietary to a specific organization.
46
46. Which form of intellectual property law protects or establishes a word, name, symbol, etc. as an identifying mark for an organization or a product? a. trademark b. patent c. copyright d. trade secret
A: A trademark is a form of intellectual property law that protects or establishes a word, name, symbol, etc. as an identifying mark for an organization or a product.
47
47. Which form of intellectual property law provides the owner with 17 years of exclusive use rights? a. trademark b. patent c. copyright d. trade secret
B: A patent is a form of intellectual property law that provides the owner with 17 years of exclusive use rights.
48
48. Which of the following statements is true in regards to a well-organized and legitimate monitoring solution that records all e-mail on a business network? a. does not provide a means to track down violations of security policy b. does not provide a guarantee of personal privacy c. does not clearly inform all users of the monitoring activity d. does not make employees aware of the acceptable use of e-mail
B: A well-organized and legitimate monitoring solution that records all e-mail on a business network does not provide a guarantee of personal privacy.
49
49. Which of the following treats the unauthorized possession of information without the intent to profit from it as a crime? a. U.S. Computer Fraud and Privacy Act of 1986 b. Paperwork Reduction Act of 1995 c. 1991 U.S. Federal Sentencing Guidelines d. Gramm Leach Bliley Act of 1999
C: The 1991 U.S. Federal Sentencing Guidelines treats the unauthorized possession of information without the intent to profit from it as a crime.
50
50. All of the following are true regarding the 1991 U.S. Federal Sentencing Guidelines except for? a. Treats the unauthorized possession of information without the intent to profit from it as a crime b. Applies to both individuals and organizations c. Makes the degree of punishment a function of the extent to which the organization has demonstrated due diligence in establishing security d. Makes the use of information that causes $1,000 or more in damages or which impairs medical treatment as a federal crime
D: The U.S. Computer Fraud and Abuse Act makes the use of information that causes $1,000 or more in damages or which impairs medical treatment as a federal crime.
51
51. Which of the following is not a information privacy principles that health care organizations should adhere to? a. grant individuals the means to monitor and correct the data collected about them b. restrict the uses of data to those outlined when the data was originally collected c. maintain the secrecy of their personal information database d. organizations that gather data should provide adequate protection for that data
C: Health care organizations should comply with the privacy principle of making sure that databases containing personal health and medical information about individuals is not kept secret.
52
52. Which of the following is not true about the Health Insurance Portability and Accountability Act (HIPAA)? a. Establishes the rights for individuals who are subjects of individually identifiable health information b. Defines uses and disclosures of individually identifiable health information that should be authorized or required c. Requires a information security officer d. Defines specific products, standards, guidelines, and procedures for protecting individually identifiable health information
D: HIPAA does not provide specifics for a protecting solution, rather it outlines a framework to provide protecting for individually identifiable health information.
53
53. Which of the following is not a recommended practice for the monitoring of e-mail on a company network? a. establish different levels of monitoring for each organizational staff level b. Inform all users that monitoring is occurring via clearly visible and frequent banner or similar warning system c. Monitoring should be performed in a lawful and consistent manner d. Detail who will be accessing and viewing the archived data and for how long the data will be retained
A: The same monitoring procedures and practices should be applied to senior management as to end users. Using different levels of monitoring for different users is not a recommended practice for the monitoring of e-mail on a company network.
54
54. Which of the following is not visible proof that due care is being practiced by an organization in regards to security? a. physical access controls b. hardware backups c. security awareness training d. use of plenum cabling
D: Use of plenum cabling is often mandated by building code for proper fire rating, however it is not an aspect of due care.
55
55. Which of the following is not visible proof that due care is being practiced by an organization in regards to security? a. Deploying high-speed networking devices b. Telecommunications encryption c. Disaster recovery plans d. Development of formalized security infrastructure documentation
A: The speed of networking devices is not evidence of due care.
56
56. Which of the following is not a responsibility of the Computer Incident Response Team? a. Managing public relations b. Design security policies c. Investigate intrusions d. Report incidents
B: CIRT is not responsible for designing security policies.
57
57. The 1991 U.S. Federal Sentencing Guidelines invokes the ______________ that requires that senior management of an organization perform their duties with the same care that any normal person would exercise in the same circumstances. a. Prudent man rule b. Principle of least privilege c. Tenant of due care d. Separation of duties requirement
A: The 1991 U.S. Federal Sentencing Guidelines invokes the prudent man rule that requires that senior management of an organization perform their duties with the same care that any normal person would exercise in the same circumstances.
58
58. The U.S. Federal Sentencing Guidelines provides for a punishment for convicted senior management that can include? a. imprisonment b. fines up to $290 million c. confiscation of assets d. seizure of public stock offerings
B: The U.S. Federal Sentencing Guidelines provide for a punishment of a fine of up to $290 million.
59
59. For negligence to be proven in court, what must be demonstrated or proved? a. lack of due diligence b. failure to comply with recognized standards c. legally recognized obligation d. proximate causation
C: Negligence is proven in court by demonstrating a legally recognized obligation.
60
60. Which decision should not be made after an incident occurs? a. determine how much damage was caused b. determine what backup solutions should be deployed c. determine which safeguards are required d. determine if recovery procedures should be triggered to recover from an incident
B: Backup solutions should be deployed before an incident, not after. Granted, they may need adjustment after an incident, but if they are not present beforehand you may not be able to recover.
61
61. When an investigation of a computer crime incident occurs, which of the following is not true? a. there is a compressed time frame within which to conduct the investigation b. the investigation may interfere with the normal operations of business c. evidence is usually tangible d. evidence may be co-mingled with data needed for normal business activities
C: Evidence in a computer crime incident is usually intangible.
62
62. When an investigation of a computer crime incident occurs, which of the following is not true? a. Evidence can be difficult to gather b. Evidence may be damaged or altered by the normal operations of business c. Jurisdictional responsibility may be cloudy d. An expert or specialist is usually not required
D: In many instances, evidence gathering for a computer crime incident requires an expert or specialist.
63
63. Which of the following is not a responsibility of the Computer Incident Response Team? a. Review network logs b. Resolve vulnerabilities c. Risk assessment d. Minimize costs of incidents
C: CIRT is not responsible for risk assessment.
64
64. Emergency response should be planned out before an incident occurs. Which of the following is not an aspect of this type of planning? a. how an incident should be reported b. when should management be informed of an incident c. what action should be taken when an incident is detected d. where should the facility be located for the greatest security
D: Locating the facility is an aspect of initial security policy and solution design. It is not an aspect of emergency response planning.
65
65. Emergency response should be planned out before an incident occurs. Which of the following is not an aspect of this type of planning? a. What constitutes a federal crime b. What is considered an incident c. To whom should incidents be reported d. Who should handle the response to an incident
A: Determining the criteria for a federal crime is the responsibility of the federal government, not your organization's emergency response planning team.
66
66. If a computer crime is suspected, which of the following is the most important activity to perform? a. generate post incident reports b. trigger the emergency response team c. restore non-critical business processes d. do not alert the suspect
D: The most important act once a computer crime is suspected is to not alert the suspect.
67
67. The standard discriminator to determine whether a subject may be the person who committed a crime is to evaluate whether that person had all but which of the following? a. intention b. means c. motive d. opportunity
A: Intention is not one of the standard discriminators.
68
68. The goal of an ______________ is to find the answers to who, what, when, where, why, and how. a. interrogation b. interview c. investigation d. interpretation
B: The goal of an interview is to find the answers to who, what, when, where, why, and how.
69
69. The act of an investigation can often have numerous negative consequences for an organization. Which of the following is not an example of one of these? a. Maintaining individual privacy b. The subject committing retaliatory acts c. Negative publicity d. Interruption of business processes
A: Maintaining individual privacy is often not possible when an investigation is being conducted. Thus, maintaining individual privacy is not an example of a negative consequence. In reality, individual privacy is often violated during an investigation.
70
70. A committee to help with the investigation of computer crime incidents should be established. This committee should perform all but which of the following? a. Establish a liaison with law enforcement b. Creating post-incident reports for use as evidence in court c. Design a procedure for reporting IT crimes d. Inform senior management and affect parties of the progress of an investigation
B: In most instances, post-incident reports, especially those generated outside the normal business practices of the organization, are not permissible in court, thus the committee should not produce them.
71
71. Who has jurisdiction over computer crimes committed in the U.S.? a. Local law enforcement and FBI b. Secret Service and NIST c. FBI and Secret Service d. NSA and CIA
C: The FBI and the Secret Service have jurisdiction over computer crimes in the U.S.
72
72. Which of the following is not a valid means to collect evidence according to the rules of evidence or the evidence life cycle? a. gather all relevant storage media b. use degaussing equipment c. image the hard drive d. print out the screen
B: Using degaussing equipment is not a valid collection means, in most cases this will destroy the electronically stored evidence data.
73
73. Which of the following represents the proper order of the chain of evidence or the evidence life cycle? 1. Collection 2. Discovery 3. Identification 4. Presentation 5. Preservation 6. Protection 7. Recording 8. Return 9. Transportation b. 1,2,3,4,5,6,7,9,8 c. 2,4,8,9,5,1,3,7,6 d. 2,6,7,1,3,5,9,4,8 e. 6,5,8,3,4,1,9,7,2
C: The correct order is discovery, protection, recording, collection, identification, preservation, transportation, presentation, and return.
74
74. The goal of an ______________ is to establish enough evidence to consider a subject a witness. a. investigation b. interview c. interrogation d. interpretation
B: The goal of an interview is to establish enough evidence to consider a subject a witness.
75
75. Which of the following is not true? a. In an interview, an individual becomes a witness b. In an interview, a subject becomes a witness c. In an interrogation, a witness becomes a suspect d. In an interrogation, a subject comes a witness
D: This is a false statement. The correct statement is: In an interrogation, a witness becomes a suspect.
76
76. Which of the following is not an element of the chain of custody? a. Whether the evidence is relevant b. Time and location the evidence was gathered c. Who discovered the evidence d. Who maintained possession of the evidence
A: Whether the evidence is relevant is not an element of the chain of custody.
77
77. Which of the following is not a valid action to take when preserving evidence for admissibility in court? a. avoid smoke and dust b. write protect media c. storing electronic media in plastic bags d. avoid magnetic fields
C: Storing electronic media in plastic bags is not a valid action since they can cause static discharge and condensation. Paper, cardboard, or special anti-static bags should be used.
78
78. When attempting to preserve evidence for admissibility in court, which of the following is a valid action to take? a. Run a tripwire on the system b. Use AES to encrypt the entire storage device c. Defragment the storage device d. Create a message digest using SHA
D: Creating a SHA message digest of a storage device, as long as that digest is not written to the device itself, can be used to validate the integrity of the storage device at a later time, thus preserving the evidence.
79
79. The original or primary evidence is also known as? a. best evidence b. direct evidence c. secondary evidence d. conclusive evidence
A: Best evidence is the original or primary evidence.
80
80. To present evidence in court, it must be all but which of the following? a. relevant b. permissible c. reliable d. sufficient
D: Evidence need not be sufficient to be presented in court.
81
81. Aspects of the relevance of evidence include all but which of the following? a. has not been altered b. must show that a crime has been committed c. shows some aspect of the perpetrator's motives d. verifies or demonstrates what has occurred
A: Whether evidence has been altered is not an aspect of relevance but an aspect of reliability.
82
82. Which of the following is not a valid means of identification that will allow evidence to be admissible in court? a. Writing on paper printouts with a permanent marker b. Writing a identification file to a storage media c. A recording of serial numbers from devices d. Placing evidence in sealed and marked containers
B: Writing to a storage media in any way alters that media and can destroy evidence. This is not a valid means of identifying evidence.
83
83. What is superzap? a. A short-duration high-voltage surge of electricity b. A tool used to discover the source of an Internet attack even when spoofed packets are used c. A tool used to bypass system security in order to modify or disclose data d. A firewall scanning tool used to detect open and active ports
C: Superzap is a tool used to bypass system security in order to modify or disclose data.
84
84. Which of the following is not a crime committed using a computer? a. Password theft b. Illegal material content c. Embezzlement d. Physical destruction
D: Physical destruction is a crime committed against computers, not using a computer.
85
85. Which of the following is not malicious code? a. e-mail spam b. A virus c. A Trojan horse d. A worm
A: E-mail spam is unwanted, can cause a DoS attack, and it can be the carrier agent of malicious code, but it is not itself considered a form of malicious code.
86
86. The oral testimony of a witness is known as? a. best evidence b. direct evidence c. hearsay evidence d. circumstantial evidence
B: Direct evidence is the oral testimony of a witness.
87
87. What type of evidence is generally inadmissible in court? a. best evidence b. direct evidence c. hearsay evidence d. expert opinion
C: Hearsay evidence is generally inadmissible in court.
88
88. Which of the following is not an exception to the hearsay rule? a. Evidence made during the normal process of business activity b. Evidence in the custody of the witness on a regular basis c. Evidence made at or near the time of the incident being investigated d. Evidence produced as a result of the incident and exclusively for court presentation
D: Evidence is inadmissible as hearsay if the documents are generated after the incident for the sole purpose of producing evidence about the incident.
89
89. When data needed as evidence is stored with data necessary for business operations and which is not associated with the crime, this is known as? a. Data diddling b. Co-mingling of data c. Superzapping d. Embezzlement
B: When data needed as evidence is stored with data necessary for business operations and which is not associated with the crime, this is known as co-mingling of data.
90
90. The 1991 U.S. Federal Sentencing Guidelines establish what? a. Maximum sentences for the punishment of computer crimes b. Multi-jurisdiction accumulation of sentencing c. Punishment guidelines for breaking federal laws d. Rules for a jury to follow when debating the guilt or innocence of a suspect
C: The 1991 U.S. Federal Sentencing Guidelines established punishment guidelines for breaking federal laws.
91
91. The 1991 U.S. Federal Sentencing Guidelines does what? a. Treats the authorized possession of information with the intent to profit from the information as a crime b. Treats the unauthorized possession of information with the intent to profit from the information as a crime c. Treats the authorized possession of information without the intent to profit from the information as a crime d. Treats the unauthorized possession of information without the intent to profit from the information as a crime
D: The 1991 U.S. Federal Sentencing Guidelines treats the unauthorized possession of information without the intent to profit from the information as a crime.
92
92. What is a script kiddy? a. A programmer who writes malicious code b. An attacker that employs pre-written attack tools from the Internet who is usually unable to program and new to cyber crime c. An administrator who automates common management tasks d. A specialized Web based programming tool for animating menus
B: A script kiddy is an attacker that employs pre-written attack tools from the Internet who is usually unable to program and new to cyber crime.
93
93. The computer crime that attempts to alter the financial status of a nation, disrupt their power grid, or mis-represent the capabilities of an enemy is known as? a. Employing the Salami technique b. Data diddling c. Information warfare d. Espionage
C: The computer crime that attempts to alter the financial status of a nation, disrupt their power grid, or mis-represent the capabilities of an enemy is known as information warfare.
94
94. Which of the following is a benefit of investigating computer crime? a. The investigation must often take place in a compressed time frame b. The evidence is often intangible c. An investigation may interfere with the normal operation of business d. Many jurisdictions have expanded the definition of property to include electronic information
D: This is a benefit of investigating a computer crime.
95
95. Which of the following is not true? a. The investigation of a computer crime can usually be accomplished by the same forensic specialists used for any other type of crime scene. b. Evidence may be difficult to gather. c. Locations of the crimes may be separated by large geographic distance even through they were perpetrated through a computer at a single location. d. Electronic evidence can be destroyed easily, such as booting a system, running a program, or reading a file.
A: The investigation of a computer crime usually requires a specialist or an expert to gather evidence and process a crime scene.
96
96. How is the legal requirement for applying safeguards calculated? a. If the cost of implementing a physical access control is less than the estimated cost of a logical access control, then a legal liability exists b. If the loss of an exploited vulnerability is less than the estimated cost of a safeguard, then a legal liability exists c. If the cost of an asset is less than the cost of a safeguard, then a legal liability exists d. If the cost of implementing the safeguard is less than the estimated loss of an exploited vulnerability, then a legal liability exists
D: If the cost of implementing the safeguard is less than the estimated loss of an exploited vulnerability, then a legal liability exists.
97
97. The requirement that senior management must perform their duties with the same care than any normal, sensible person would under similar circumstances is known as? a. The prudent man rule b. The risk avoidance axiom c. The liability avoidance method d. Common sense
A: The requirement that senior management must perform their duties with the same care than any normal, sensible person would under similar circumstances is known as the prudent man rule.
98
98. When identifying evidence collected at the scene of a computer crime, all but which of the following are valid methods for identifying evidence? a. Writing a file containing identification information to the storage media b. Marking printouts with a permanent marker c. Placing components in labeled bags d. Making a list of serial numbers, makes, and models of components
A: This is not a valid method of identifying evidence since it modifies it.
99
99. Which of the following is not one of the three main types of laws? a. Criminal b. Intellectual Property c. Civil d. Administrative
B: Intellectual property is not one of the three main types of laws since it does not focus on right and wrong, rather it is concerned with the protection of original creations.
100
100. The 1991 U.S. Federal Sentencing Guidelines establishes a link between the degree/ severity of punishment and what? a. The extent of due care b. Size of asset loss c. Financial cost to investors d. Amount of liability insurance
A: The 1991 U.S. Federal Sentencing Guidelines establishes a link between the degree/ severity of punishment and the extent of due care.
101
101. Which of the following is not an example of how is due care shown? a. The presence of physical and logical access controls b. Press releases stating such c. Disaster recovery and business continuity plans d. A complete set of formalized security infrastructure documentation
B: This is not a valid method to show due care.
102
102. Which of the following is not a means by which a company shows that due care is properly implemented and practiced? a. Performing security awareness training b. Performing penetration testing against the organization c. Deploying a homogenous network d. Running updated anti-virus software
C: This is not an aspect of showing that due care is properly implemented and practiced. Homogeneity of systems on a network does not offer any special security benefits.
103
103. Which of the following statements are true? a. European privacy laws are more restrictive than those of the US. b. US privacy laws are more restrictive than those of Europe. c. European and US privacy laws are about the same. d. Europe has far fewer privacy laws that the US.
A: This is a true statement.
104
104. Evidence must be all but which of the following to be presented in court? a. Relevant b. Obtained in a lawful manner c. Reliable d. Sufficient
D: Evidence need not be sufficient to be presented in court.
105
105. Which of the following is not required in order to prove negligence in court? a. Legally recognized obligation b. Failure to conform to a required standard c. Proximate causation resulting in damage or injury d. Violation of the prudent man rule
D: This element is not a requirement to prove negligence in court. This is used to prove liability.
106
106. The legislative branch is responsible for creating what type of law? a. Statutory law is created by the legislative branch. b. Common law c. Civil law d. Criminal law
A: Statutory law
107
107. Who is ultimately responsible and held liable for the lack of due care within an organization? a. IT staff b. Security management team c. Senior management d. Department supervisors
C: Senior management is ultimately responsible and held liable for the lack of due care within an organization.
108
108. A copy of evidence or an oral description of its contents is known as? a. Best evidence b. Secondary evidence c. Direct evidence d. Conclusive evidence
B: Secondary evidence is a copy of evidence or an oral description of its contents.
109
109. When collecting evidence at a crime scene, which of the following should not be performed? a. Collect all storage devices b. Degauss equipment c. Print out the screen or make a photograph of it d. Image the hard drive before removing power
B: This should not be performed when collecting evidence at a computer crime scene.
110
110. A computer incident response team is responsible for all but which of the following? a. Managing public relations during an incident b. Minimizing risks to the organization during an incident c. Investigating intrusions d. Updating the security policy
D: This is not a responsibility of the CIRT. They may offer suggestions to review the security policy, but that is the arena of senior management.
111
111. Which of the following is not a component in the chain of evidence? a. The method used to collect, obtain, or gather the evidence b. Location of evidence when it was collected c. Identification of individuals who possessed the evidence from the time of collection to the present d. The time the evidence was collected
A: The method used to collect the evidence is not part of the chain of evidence, but it may be an important issue in court.
112
112. The Paperwork Reduction Act of 1995 does what? a. Makes the trafficking in passwords that affects foreign commerce a federal crime b. Defines standards by which medical information is stored, used, and transmitted c. Protects the information about individuals within government databases. d. Requires federal agencies to produce reports on the state of security for their non-classified systems.
D: The Paperwork Reduction Act of 1995 requires federal agencies to produce reports on the state of security for their non-classified systems.
113
113. A software copyright is held by the original creator for how long? a. 7 years b. 10 years c. 17 years d. 50 years or more
D: A software copyright can be held by the original creator for 50 years or more.
114
114. To discriminate whether an individual is the perpetrator of a crime, investigators evaluate whether the individual had _____, ______, and _____. Select the one answer that does not fit in the blanks. a. Means b. Opportunity c. Motive d. Collusion.
D: To discriminate whether an individual is the perpetrator of a crime, investigators evaluate whether the individual had motive, opportunity, and means.
115
115. The goal of an interrogation is to? a. Gather enough evidence to consider the subject a suspect b. Gather enough evidence to consider the individual a witness c. To discern the who, what, when, where, why, and how of a crime d. Clear the suspect of all suspicion
A: The goal of an interrogation is to gather enough evidence to consider the subject a suspect.
116
116. Health Insurance Portability and Accountability Act (HIPAA) is a framework to provide guidance in providing all but which of the following for a health organization? a. Security b. Availability c. Integrity d. Privacy
B: HIPPA does not directly address providing availability.
117
117. Which element of Intellectual Property law grants the owner 17 years of exclusive use? a. Trademark b. Trade secret c. Copyright d. Patent
D: A patent provides the owner with 17 years of exclusive use.
118
118. Which of the following is not an element of the evidence life cycle? a. Identification b. Transportation c. Destruction d. Return to owner
C: Destruction is not an element in the evidence life cycle. Evidence is never destroyed.
119
119. Evidence obtained from a secondary source rather than first hand knowledge or experience is known as? a. Secondary evidence b. Circumstantial evidence c. Hearsay evidence d. Conclusive evidence
C: Hearsay evidence is evidence obtained from a secondary source rather than first hand knowledge or experience.
120
120. Tempting someone into committing a crime through coercion is known as? a. Enticement b. A sting operation c. Entrapment d. Penetration testing
C: Tempting someone into committing a crime through coercion is known as entrapment.
121
121. Which of the following granted customers the ability to prohibit banks and financial institutions from sharing their personal information with nonaffiliated third parties? a. U.S. computer Fraud and Abuse Act b. U.S. Privacy Act 1974 c. Gramm Leach Bliley Act of 1999 d. U.S. National Information Infrastructure Protection Act 1996
C: Gramm Leach Bliley Act of 1999 granted customers the ability to prohibit banks and financial institutions from sharing their personal information with nonaffiliated third parties.
122
122. What type of law is concerned with protection of the public and is able to assign imprisonment as a punishment? a. Civil law b. Intellectual Property law c. Criminal law d. Regulatory law
C: Criminal law is concerned with the protection of the public and offers imprisonment as a punishment.
123
123. What branch of the US government is responsible for interpreting common law? a. Legislative branch b. Administrative agencies c. Judicial branch d. Presidential branch
C: The judicial branch is responsible for interpreting common law.
124
124. American companies can export any encrypted product to? a. Any member of the European Union b. Only to England c. To any non-communist country in the world d. To all countries by Iraq, China, and Vietnam.
A: American companies can export any encrypted product to any member of the European Union.
125
125. Electronic monitoring of online access must be performed how? a. Using logical and technical mechanisms b. In a legal and consistent manner c. Only under the consent of the monitored d. Differently for each classification of user
B: Electronic monitoring of online access must be performed in a legal and consistent manner.
