Domain 9 - Legal, Regulations, Investigations, and Compliance Flashcards Preview

CISSP Exam Questions - 250q > Domain 9 - Legal, Regulations, Investigations, and Compliance > Flashcards

Flashcards in Domain 9 - Legal, Regulations, Investigations, and Compliance Deck (25):
1

11. There are three primary kinds of spoofing. They are e-mail spoofing, web-site spoofing, and:

a. System masquerades
b. Gopher spoofing
c. IP spoofing
d. Social engineering

Explanation: Answer c is the correct answer, and is taken verbatim from Investigating Computer-Related Crime. The other answers are incorrect…for a), a system masquerade is not a form of spoofing, it replaces a legitimate computer with the masquerading computer; for b), gopher spoofing is not a primary kind of spoofing, but a subset of P spoofing; and d) is not a type of spoofing at all, but a type of user masquerade.

2

18. A Trojan horse differs from a virus in the following two very important aspects:

a. First, it is not found on Unix boxes; second, it could stand alone as an independent executable file.
b. First, it does not replicate or infect other files; second, it has a limit to how many times it can occur on a system.
c. First, it does not replicate or infect other files; second, it cannot be found by anti-virus software using virus signature files.
d. First, it does not replicate or infect other files; second, it could stand alone as an independent executable file.

Explanation: Answer d is the correct answer, and is taken verbatim from Investigating Computer-Related Crime. The other answers are incorrect. Trojans CAN be found on Unix boxes, it can occur many times on a system, and it can not typically be found using virus signature files.

3

22. The U.S. Freedom of Information Act (FOIA) regulates:

a. Dissemination of and access to data.
b. How government agencies collect, use, maintain or disseminate information pertaining to individuals.
c. Private industry in collecting, using, maintaining and disseminating information pertaining to individuals.
d. What constitutes records for the purposes of the Internal Revenue laws.

Explanation: Answer a is the correct answer, and is taken verbatim from the cited reference. The other answers are incorrect because they each describe other laws. Answer b is incorrect because it describes the Privacy Act of 1974. Answer c is incorrect because it describes the Fair Credit Reporting Act. Answer d is incorrect because it describes IRS Revenue Ruling 71-20.

4

36. The business records exception to the hearsay rule, Fed. R. Evid. 803(6), in general refers to any memorandum, report, record or data compilation (1) made at or near the time of the event, and (2):

a. By a customer who was conducting business with the organization.
b. By, or from information transmitted by, an employees during normal business hours.
c. Transmitted using a digital signature.
d. By, or from information transmitted by, a person with knowledge if the record was kept in the course of a regularly conducted business activity, and it was the regular practice of that business activity to make the record

Explanation: Answer d is the correct answer, and is taken verbatim from Investigating Computer-Related Crime. The other answers are incorrect.

5

38. Intrusion management is a four-step process. The steps are:

a. Avoidance, testing, detection and investigation
b. Identification, authentication, investigation and prosecution
c. Avoidance, detection, investigation and prosecution
d. Detection, communication, investigation and recovery

Explanation: Answer a is the correct answer, and is taken verbatim from Investigating Computer-Related Crime. The other answers are incorrect because identification and authentication (answer b) is a functional area of vulnerability, but not part of the four-step process; prosecution (answer c) can be a result of investigation, but not part of the four-step process itself; and, communication (answer d) should be part of the detection and investigation processes, and recovery is a subset of the detection and investigation processes as well.

6

59. The first case successfully prosecuted under the Computer Fraud and Abuse Act of 1986 was:

a. Robert T. Morris worm
b. Kevin Mitnick computer hacking
c. Melissa virus
d. Clifford Stoll’s cyber-spy case

Explanation: Answer a is the correct answer, and is taken verbatim from the cited reference. The other answers are incorrect because they were not the first case successfully prosecuted under the Computer Fraud and Abuse Act of 1986.

7

61. There are two primary types of message flooding, they are:

a. Disabling services and freezing up X-Windows
b. Malicious use of telnet and packet flooding
c. Broadcast storms and attacking with LYNX clients
d. E-mail and log flooding

Explanation: Answer d is the correct answer, and is taken verbatim from the cited reference. Answers a, b and c all describe attacks, but not message flooding attacks.

8

87. According to Eugene Spafford, computer break-ins are ethical only:

a. To catch a person committing fraud.
b. To prove the security of a computer network system.
c. In extreme situations, such as a life-critical emergency.
d. Whenever corporate management has been forewarned to the break-in attempts.

Explanation: Answer c is the correct answer, and is taken verbatim from “Ermann, Williams & Shauf”. The other answers are incorrect because they were not cited by Dr. Spafford.

9

107. On a DOS disk, the space taken up by the “real” file when you erase it is called:

a. Slack space
b. Unallocated space
c. Swap files
d. Cache files

Explanation: Answer b is the correct answer, and is taken verbatim from Stephenson. The other answers are incorrect. Answers a, b and c all describe other types of space on a DOS disk, but they do not fit the definition.

10

111. “…to prove the content of a writing, recording, or photograph, the original writing, recording, or photograph is required, except as otherwise provided in these rules or by Act of Congress.” Is taken from the:

a. Chain of custody rule
b. Hearsay rule
c. Best evidence rule
d. Distinctive evidence rule

Explanation: Answer c is the correct answer, and is taken verbatim from Stephenson. The other answers are incorrect, but they all are distracters.

11

118. The U.S. Economic Espionage Act of 1996 defines someone as undertaking in economic espionage if they knowingly perform any of five activities. One of these activities includes:

a. Intentionally, without authorization to access any nonpublic computer of a department of agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the government of the United States.
b. Does not obtain consent for the collection, use, or disclosure of personal information
c. Causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals.
d. Receives, buys, or possesses a trade secret, knowing the same to have been stolen or appropriated, obtained, or converted without authorization.

Explanation: Answer d is the correct answer, and is taken verbatim from BS 7799. The other answers are incorrect. Answer a is incorrect, it is from the Computer Fraud and Misuse Act. Answer b is incorrect; it is from the Online Privacy Protection Act of 1999. Answer c is incorrect; it is from the Computer Fraud and Misuse Act.

12

131. U.S. Criminal law identifies a crime as being a wrong against:

a. A private citizen
b. Society
c. The U.S. government
d. Taxpayers

Explanation: Answer b is the correct answer, and is taken verbatim from the reference cited. The other answers are incorrect because they are not specifically addressed within any definitions of U.S. criminal law definitions. However, they are sometimes specifically addressed within specific state and local laws.

13

133. What kind of cases are much easier to convict because the burden of proof required for a conviction is much less:

a. Misdemeanor
b. Civil
c. Criminal
d. Domestic

Explanation: Answer b is the correct answer, and is taken verbatim from the cited reference. The other answers are incorrect since a criminal case requires a preponderance of evidence beyond a reasonable doubt. “Misdemeanor” and “domestic” are not considered case classifications.

14

136. U.S. criminal law falls under two main jurisdictions, they are:

a. Federal and local
b. County and local
c. Federal and state
d. National and international

Explanation: Answer c is the correct answer, and is taken verbatim from the reference cited. The other answers are incorrect because local and county jurisdictions do not address criminal law because they are addressed by federal and state laws. There is not formal terminology with regard to national or international jurisdictions.

15

137. Real evidence is:

a. Things such as tools used in the crime.
b. Made up of tangible objects that prove or disprove guilt.
c. Evidence used to aid the jury in the form of a model, experiment, chart, or an illustration offered as proof.
d. Oral testimony, whereby the knowledge is obtained from any of the witness’s five senses.

Explanation: Answer b is the correct answer, and is taken verbatim from the reference cited below. Answer a is an example of physical evidence. Answer c is an example of demonstrative evidence. Answer d is an example of direct evidence

16

139. According to RFC 1087, any activity is characterized as unethical and unacceptable that purposely:

a. Destroys the integrity of computer-based information.
b. Results in fraud.
c. Threatens e-mail message delivery
d. Participates in gambling.

Explanation: Answer a is the correct answer, and is taken verbatim from the reference cited. The other activities that also fit this definition include:

• Seeks to gain unauthorized access to the resources of the Internet.
• Disrupts the intended use of the Internet
• Wastes resources (people, capacity, computers) through such actions
• Compromises the privacy of users
• Involves negligence in the conduct of Internet-wide experiments
The other answers are incorrect.

17

148. Physical evidence is:

a. Things such as tools used in the crime.
b. Evidence presented to the court in the form of business records, manuals, printouts, etc.
c. Evidence used to aid the jury in the form of a model, experiment, chart, or an illustration offered as proof.
d. Oral testimony, whereby the knowledge is obtained from any of the witness’s five senses.

Explanation: Answer a is the correct answer, and is taken verbatim from the reference cited. Answer b is an example of documentary evidence, and is incorrect. Answer c is incorrect since it is an example of demonstrative evidence. Answer d is also incorrect because it is an example of direct evidence.

18

158. Direct evidence is:

a. Things such as tools used in the crime.
b. Evidence presented to the court in the form of business records, manuals, printouts, etc.
c. Evidence used to aid the jury in the form of a model, experiment, chart, or an illustration offered as proof.
d. Oral testimony, whereby the knowledge is obtained from any of the witness’s five senses.

Explanation: Answer d is the correct answer, and is taken verbatim from the cited reference. Answer a is incorrect as it is an example of physical evidence. Answer b is not correct because it is an example of documentary evidence. Answer c is also wrong since it is an example of demonstrative evidence.

19

160. Which of the following is not one of the Ten Commandments of Computer Ethics published by the Computer Ethics Institute:

a. Thou shalt not use a computer to harm other people.
b. Thou shalt not use a computer to steal.
c. Thou shalt not use a computer to perform a denial of service attack.
d. Thou shalt not use use other people’s computer resources without authorization or proper compensation.

Explanation: Answer c is the correct answer, and is taken verbatim from the published Ten Commandments of Computer Ethics published by the Computer Ethics Institute. The other answers are incorrect because they all appear in the Ten Commandments.

20

177. U.S. criminal conduct is broken down into two classifications depending upon severity. They are:

a. First offence and repeat offence
b. Juvenile and adult
c. Tort and felony
d. Felony and misdemeanor

Explanation: Answer d is the correct answer, and is taken verbatim from the reference below. The other answers are incorrect because they are not classifications of criminal conduct, but are general terminology used within criminal cases, and a tort is another name for civil law.

21

195. U.S. Title 18 of the U.S. Code, Section 1030, also known as the Computer Fraud and Abuse Act, covers which of the following:

a. Obtaining free telephone service by fraud
b. Disrupting computer services
c. Monitoring employee communications
d. Trafficking in passwords

Explanation: Answer d is the correct answer, and is taken verbatim from the reference cited. Answers a and b are covered by various state and local laws and are incorrect. Answer c is covered by the Electronic Communications Privacy Act and is also incorrect.

22

199. There are several types of detection methods for finding viruses. The most common is the:

a. Heuristic Scanner
b. Pattern Scanner
c. Integrity Checker
d. Behavior Blocker

Explanation: Answer b is the correct answer, and is taken verbatim from the cited reference. Pattern scanners work based upon the “dissection” of the virus, isolation of a string of code thought to be unique to the virus, and comparison of the suspected virus with a database of those known signatures. Answer a, heuristic scanner, is incorrect because it does a behavior-based analysis. Such scanners often cause false alarms. Answer c, integrity checker, produces a database of signatures of files on a PC that represent the files in the uninfected state. Answer d, behavior blocker, looks for combinations of disallowed events to occur and stops program execution and warns the user.

23

211. Before evidence can be presented in a U.S. case, it must be competent, relevant, and material to the issue, and it must:

a. Be presented in compliance with the rules of evidence.
b. Be returned to the owner following case closure.
c. Be reliable
d. Be relevant

Explanation: Answer a is the correct answer, and is taken verbatim from the reference cited. The other answers are incorrect. Answer b is incorrect since evidence does not necessarily have to be returned to the owner; it depends upon the situation. Answer c is not correct because reliability is not a specifically stated requirement for evidence within U.S. cases; again it depends upon the case and the quality or availability of other evidence Answer d is a restatement of a requirement from the question.

24

214. There are four types of computer-generated evidence. They are visual output on the monitor, film recorder (includes magnetic representation on disk, tape, or cartridge, and optical representation on CD), printed evidence on a plotter, and:

a. Voice mail messages
b. Scanned images
c. Generated business files
d. Printed evidence on a printer

Explanation: Answer d is the correct answer, and is taken verbatim from the reference below. The other answers are incorrect since they are not necessarily generated by computers. Answer a is considered real evidence. Answer b is considered physical evidence. And, answer c is considered documentary evidence.

25

235. One reason why intellectual property is a special ethical issue when applied to software is because:

a. Computer software is expensive to create.
b. Computer software typically has many features.
c. Computer software is easy to reproduce and distribute.
d. Computer software takes a long time to program.

Explanation: Answer c is the correct answer, and is taken verbatim from the cited reference. The other answers while possibly applicable are incorrect because they are not the best answer to the question.