CISSP: Legal, Regulations, Investigations, and Compliance Flashcards Preview

CISSP > CISSP: Legal, Regulations, Investigations, and Compliance > Flashcards

Flashcards in CISSP: Legal, Regulations, Investigations, and Compliance Deck (18)
Loading flashcards...
0

1. Penalties for conviction in a civil case can include

A. Imprisonment
B. Probation
C. Fines
D. Community service

C. Fines

Fines are the only penalty a jury can award in a civil case. The purpose of a fine is financial restitution to the victim. Review “Civil penalties.”

1

2. Possible damages in a civil case are classified as all the following except

A. Compensatory
B. Punitive
C. Statutory
D. Financial

D. Financial

Although damages in a civil case are of a financial nature, they are classified as compensatory, punitive, and statutory. Review “Civil penalties.”

2

3. Computer attacks motivated by curiosity or excitement describe

A. “Fun” attacks
B. Grudge attacks
C. Business attacks
D. Financial attacks

A. “Fun” attacks

Grudge attacks are motivated by revenge. Business attacks may be motivated by a number of factors, including competitive intelligence. Financial attacks are motivated by greed. Review “Major Categories of Computer Crime.”

3

4. Intellectual property includes all the following except

A. Patents and trademarks
B. Trade secrets
C. Copyrights
D. Computers

D. Computers

Patents and trademarks, trade secrets, and copyrights are all considered intellectual property and are protected by intellectual property rights. Computers are considered physical property. Review “Intellectual property.”

4

5. Under the Computer Fraud and Abuse Act of 1986 (as amended), which of the following is not considered a crime?

A. Unauthorized access
B. Altering, damaging, or destroying information
C. Trafficking child pornography
D. Trafficking computer passwords

C. Trafficking child pornography

The Child Pornography Prevention Act (CPPA) of 1996 addresses child pornography. Review “U.S. Child Pornography Prevention Act of 1996.”

5

6. Which of the following is not considered one of the four major categories of evidence?

A. Circumstantial evidence
B. Direct evidence
C. Demonstrative evidence
D. Real evidence

A. Circumstantial evidence

Circumstantial evidence is a type of evidence, but it’s not considered one of the four main categories of evidence. In fact, circumstantial evidence may include circumstantial, direct, or demonstrative evidence. Review “Types of evidence.”

6

7. In order to be admissible in a court of law, evidence must be

A. Conclusive
B. Relevant
C. Incontrovertible
D. Immaterial

B. Relevant

The tests for admissibility of evidence include relevance, reliability, and legal permissibility. Review “Admissibility of evidence.”

7

8. What term describes the evidence-gathering technique of luring an individual toward certain evidence after that individual has already committed a crime; is this considered legal or illegal?

A. Enticement/Legal
B. Coercion/Illegal
C. Entrapment/Illegal
D. Enticement/Illegal

A. Enticement/Legal

Entrapment is the act of encouraging someone to commit a crime that the individual may have had no intention of committing. Coercion involves forcing or intimidating someone to testify or confess. Enticement does raise certain ethical arguments but isn’t normally illegal. Review “Admissibility of evidence.”

8

9. In a civil case, the court may issue an order allowing a law enforcement official to seize specific evidence. This order is known as a(n)

A. Subpoena
B. Exigent circumstances doctrine
C. Writ of Possession
D. Search warrant

C. Writ of Possession

A subpoena requires the owner to deliver evidence to the court. The exigent circumstances doctrine provides an exception to search-and-seizure rules for law enforcement officials in emergency or dangerous situations. A search warrant is issued in criminal cases. Review “Collection and identification.”

9

10. When should management be notified of a computer crime?

A. After the investigation has been completed
B. After the preliminary investigation
C. Prior to detection
D. As soon as it has been detected

D. As soon as it has been detected

Management should be informed of a computer crime as soon as it has been detected. Management needs to be aware of , and support, investigations and other activities that follow the detection of the crime.

10

Which relatively new type of attack is sophisticated, targeted, slow, and stealthy?
a. Dumpster diving
b. A worm infection of email servers
c. Advanced persistent threat (ATP)
d. A virus infection distributed in a file system utility download

C. The APT uses many tools and techniques over a long period to compromise a specific target covertly.

11

Which of the following is used during forensic analysis to help establish a timeline of a computer crime?
a. MAC times
b. Chain of custody
c. Codified laws
d. Trans-border information flow

A. The modify, access, create times recorded by most file systems are often used by forensic investigators to establish a timeline that supports the claim of a criminal act.

12

Which of the following is an example of self-regulation?
a. Sarbanes-Oxley (SOX)
b. Gramm-Leach-Bliley Act (GLBA)
c. Payment Card Industry Data Security Standard (PCI-DSS)
d. Third-party governance

C. PCI-DSS is an industry regulation developed and enforced by the payment card industry, an example of an industry regulating itself.

13

A computer that is attacked and compromised and then used to attack deeper into a network, where valuable assets are stored, became involved in the computer crime in which manner?
a. As an advanced persistent threat (APT)
b. As a target
c. As a support system used during a computer crime
d. As a clone system

B. The computer first was attacked. This makes it the target of that first attack and compromise.

14

Which phase of incident response involves taking specific actions to reduce or stop the losses of an active breach of security?
a. Triage
b. Containment
c. Prevention
d. Recovery

B. Containment is action taken to mitigate or stop the losses occurring from an active breach.

15

Which of the following is the primary concern of the evidence life cycle when investigating a computer crime?
a. Photograph the scene of the crime
b. Present the evidence in court
c. Collect digital evidence following the order of volatility (OOV)
d. Document and protect the integrity of the evidence

D. Documenting and protecting the integrity of the evidence is critical for all forms of evidence. Otherwise, the evidence can easily be deemed inadmissible and therefore of no value at all.

16

Which of the following most accurately describes the priorities when forensically analyzing digital evidence?
a. Analyze a bit-level clone of the disk
b. Review the log files on the clone disk
c. Perform a steganographic analysis on the clone disk
d. Identify malicious code on the clone disk

A. The analysis of digital data should only ever be performed on a bit-level copy of the original disk.

17

Which of the following best describes the requirements to avoid printed data from being hearsay evidence in court?
a. Present supporting data to show that enticement, not entrapment, was used to obtain printed data.
b. Present the printed data and the digital media or show that the printed data is generated on a regular basis for business purposes.
c. Present supporting data to show that the appropriate chain of custody was completed.
d. Prove that the printed data was obtained following proper search and seizure requirements.

B. The printed copy of digital data is hearsay unless the printed copy is generated on a regular basis, such as a weekly report that shows some evidence, or if the digital media can also be presented to validate the integrity of the actual original data, along with the printed copy as a more readable form produced directly from the original digital data.