Legal Regulations Investigation and Compliance

Question 1

What is the standard duration of patent protection in the United States?
A) 14 years from the application date
B) 14 years from the date the patent is granted
C) 20 years from the application date
D) 20 years from the date the patent is granted

Answer 1

20 years from the application date

U.S. patent law provides for an exclusivity period of 20 years beginning at the time the patent application is submitted to the Patent and Trademark Office.

Question 2

Why are military and intelligence attacks among the most serious computer crimes?
A) The use of information obtained can have far-reaching detrimental strategic effects on national interests in an enemy’s hands.
B) Military information is stored on secure machines, so a successful attack can be embarrassing.
C) The long-term political use of classified information can impact a country’s leadership.
D) The military and intelligence agencies have ensured that the laws protecting their information are the most severe.

Answer 2

The use of information obtained can have far-reaching detrimental strategic effects on national interests in an enemy’s hands.

The purpose of a military and intelligence attack is to acquire classified information. The detrimental effect of using such information could be nearly unlimited in the hands of an enemy. Attacks of this type are launched by very sophisticated attackers. It is often very difficult to ascertain what documents were successfully obtained. So when a breach of this type occurs, you sometimes cannot know the full extent of the damage.

Question 3

What type of law does not require an act of Congress to implement at the federal level but rather is enacted by the executive branch in the form of regulations, policies, and procedures?
A) Criminal law
B) Common law
C) Civil law
D) Administrative law

Answer 3

Administrative law

Administrative laws do not require an act of the legislative branch to implement at the federal level. Administrative laws consist of the policies, procedures, and regulations promulgated by agencies of the executive branch of government. Although they do not require an act of Congress, these laws are subject to judicial review and must comply with criminal and civil laws enacted by the legislative branch.

Question 4

What law protects the right of citizens to privacy by placing restrictions on the authority granted to government agencies to search private residences and facilities?
A) Privacy Act
B) Fourth Amendment
C) Second Amendment
D) Gramm-Leach-Bliley Act

Answer 4

Fourth Amendment

The Fourth Amendment to the U.S. Constitution sets the “probable cause” standard that law enforcement officers must follow when conducting searches and/or seizures of private property. It also states that those officers must obtain a warrant before gaining involuntary access to such property.

Question 5

What would be a valid argument for not immediately removing power from a machine when an incident is discovered?
A) All of the damage has been done. Turning the machine off would not stop additional damage.
B) There is no other system that can replace this one if it is turned off.
C) Too many users are logged in and using the system.
D) Valuable evidence in memory will be lost.

Answer 5

Valuable evidence in memory will be lost.

The most compelling reason for not removing power from a machine is that you will lose the contents of memory. Carefully consider the pros and cons of removing power. After all is considered, it may be the best choice.

Question 6

If port scanning does no damage to a system, why is it generally considered an incident?
A) All port scans indicate adversarial behavior.
B) Port scans can precede attacks that cause damage and can indicate a future attack.
C) Scanning a port damages the port.
D) Port scanning uses system resources that could be put to better uses.

Answer 6

Port scans can precede attacks that cause damage and can indicate a future attack.

Some port scans are normal. An unusually high volume of port scan activity can be a reconnaissance activity preceding a more dangerous attack. When you see unusual port scanning, you should always investigate.

Question 7

Which of the following would not be a primary goal of a grudge attack?
A) Disclosing embarrassing personal information
B) Launching a virus on an organization’s system
C) Sending inappropriate email with a spoofed origination address of the victim organization
D) Using automated tools to scan the organization’s systems for vulnerable ports

Answer 7

Using automated tools to scan the organization’s systems for vulnerable ports

Any action that can harm a person or organization, either directly or through embarrassment, would be a valid goal of a grudge attack. The purpose of such an attack is to “get back” at someone.

Question 8

If you need to confiscate a PC from a suspected attacker who does not work for your organization, what legal avenue is most appropriate?
A) Consent agreement signed by employees
B) Search warrant
C) No legal avenue is necessary.
D) Voluntary consent

Answer 8

Search warrant

In this case, you need a search warrant to confiscate equipment without giving the suspect time to destroy evidence. If the suspect worked for your organization and you had all employees sign consent agreements, you could simply confiscate the equipment.

Question 9

What type of incident is characterized by obtaining an increased level of privilege?
A) Compromise
B) Denial of service
C) Malicious code
D) Scanning

Answer 9

Compromise

Any time an attacker exceeds their authority, the incident is classified as a system compromise. This includes valid users who exceed their authority as well as invalid users who gain access through the use of a valid user ID.

Question 10

Which criminal law was the first to implement penalties for the creators of viruses, worms, and other types of malicious code that cause harm to computer system(s)?
A) Computer Security Act
B) National Infrastructure Protection Act
C) Computer Fraud and Abuse Act
D) Electronic Communications Privacy Act

Answer 10

Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act, as amended, provides criminal and civil penalties for those individuals convicted of using viruses, worms, Trojan horses, and other types of malicious code to cause damage to computer system(s).

Question 11

Matthew recently authored an innovative algorithm for solving a mathematical problem, and he wants to share it with the world. However, prior to publishing the software code in a technical journal, he wants to obtain some sort of intellectual property protection. Which type of protection is best suited to his needs?
A) Copyright
B) Trademark
C) Patent
D) Trade secret

Answer 11

Copyright

Copyright law is the only type of intellectual property protection available to Matthew. It covers only the specific software code that Matthew used. It does not cover the process or ideas behind the software. Trademark protection is not appropriate for this type of situation. Patent protection does not apply to mathematical algorithms. Matthew can’t seek trade secret protection because he plans to publish the algorithm in a public technical journal.

Question 12

What are the primary reasons attackers engage in thrill attacks? (Choose all that apply.)
A) Bragging rights
B) Money from the sale of stolen documents
C) Pride of conquering a secure system
D) Retaliation against a person or organization

Answer 12

Bragging rights
Pride of conquering a secure system

Thrill attacks have no reward other than providing a boost to pride and ego. The thrill of launching the attack comes from the act of participating in the attack (and not getting caught).

Question 13

What is the broadest category of computer systems protected by the Computer Fraud and Abuse Act, as amended?
A) Government-owned systems
B) Federal interest systems
C) Systems used in interstate commerce
D) Systems located in the United States

Answer 13

Systems used in interstate commerce

The original Computer Fraud and Abuse Act of 1984 covered only systems used by the government and financial institutions. The act was broadened in 1986 to include all federal interest systems. The Computer Abuse Amendments Act of 1994 further amended the CFAA to cover all systems that are used in interstate commerce, covering a large portion (but not all) of the computer systems in the United States.

Question 14

Mary is the cofounder of Acme Widgets, a manufacturing firm. Together with her partner, Joe, she has developed a special oil that will dramatically improve the widget manufacturing process. To keep the formula secret, Mary and Joe plan to make large quantities of the oil by themselves in the plant after the other workers have left. They want to protect this formula for as long as possible. What type of intellectual property protection best suits their needs?
A) Copyright
B) Trademark
C) Patent
D) Trade secret

Answer 14

Trade secret

Mary and Joe should treat their oil formula as a trade secret. As long as they do not publicly disclose the formula, they can keep it a company secret indefinitely.

Question 15

What type of evidence refers to written documents that are brought into court to prove a fact?
A) Best evidence
B) Payroll evidence
C) Documentary evidence
D) Testimonial evidence

Answer 15

Documentary evidence

Written documents brought into court to prove the facts of a case are referred to as documentary evidence.

Question 16

What is the best way to recognize abnormal and suspicious behavior on your system?
A) Be aware of the newest attacks.
B) Configure your IDS to detect and report all abnormal traffic.
C) Know what your normal system activity looks like.
D) Study the activity signatures of the main types of attacks.

Answer 16

Know what your normal system activity looks like.

The other options are actions that can make you aware of what attacks look like and how to detect them, although you will never successfully detect most attacks until you know your system. When you know what the activity on your system looks like on a normal day, you can immediately detect any abnormal activity.

Question 17

What is an incident?
A) Any active attack that causes damage to your system
B) Any violation of a code of ethics
C) Any crime (or violation of a law or regulation) that involves a computer
D) Any event that adversely affects the confidentiality, integrity, or availability of your data

Answer 17

Any event that adversely affects the confidentiality, integrity, or availability of your data

An incident is normally defined as any event that adversely affects the confidentiality, integrity, or availability of your data.

Question 18

The Children's Online Privacy Protection Act was designed to protect the privacy of children using the Internet. What is the minimum age a child must be before companies can collect personal identifying information from them without parental consent?
A) 13
B) 14
C) 15
D) 16

Answer 18

13

The Children’s Online Privacy Protection Act (COPPA) provides severe penalties for companies that collect information from young children without parental consent. COPPA states that this consent must be obtained from the parents of children younger than the age of 13 before any information is collected (other than basic information required to obtain that consent).

Question 19

What compliance obligation relates to the processing of credit card information?
A) SOX
B) HIPAA
C) PCI DSS
D) FERPA

Answer 19

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) applies to organizations involved in the storage, transmission, and processing of credit card information.

Question 20

What law prevents government agencies from disclosing personal information that an individual supplies to the government under protected circumstances?
A) Privacy Act
B) Electronic Communications Privacy Act
C) Health Insurance Portability and Accountability Act
D) Gramm-Leach-Bliley Act

Answer 20

Privacy Act

The Privacy Act of 1974 limits the ways government agencies may use information that private citizens disclose to them under certain circumstances.

Question 21

What type of attack targets proprietary information stored on a civilian organization's system?
A) Business attack
B) Denial-of-service attack
C) Financial attack
D) Military and intelligence attack

Answer 21

Business attack

Confidential information that is not related to the military or intelligence agencies is the target of business attacks. The ultimate goal could be destruction, alteration, or disclosure of confidential information.

Question 22

Richard recently developed a great name for a new product that he plans to begin using immediately. He spoke with his attorney and filed the appropriate application to protect his product name but has not yet received a response from the government regarding his application. He wants to begin using the name immediately. What symbol should he use next to the name to indicate its protected status?
A) ©
B) ®
C)TM symbol
D) ?

Answer 22

TM symbol

Richard’s product name should be protected under trademark law. Until his registration is granted, he can use the TM symbol next to it to inform others that it is protected undertrademark law. Once his application is approved, the name becomes a registered trademark and Richard can begin using the ® symbol.

Question 23

According to the (ISC)2 Code of Ethics, how are CISSPs expected to act?
A) Honestly, diligently, responsibly, and legally
B) Honorably, honestly, justly, responsibly, and legally
C) Upholding the security policy and protecting the organization
D) Trustworthy, loyally, friendly, courteously

Answer 23

Honorably, honestly, justly, responsibly, and legally

The second canon of the (ISC)2 Code of Ethics states how a CISSP should act, which is honorably, honestly, justly, responsibly, and legally.

Question 24

What industry is most directly impacted by the provisions of the Gramm-Leach-Bliley Act?
A) Health care
B) Banking
C) Law enforcement
D) Defense contractors

Answer 24

Banking

The Gramm-Leach-Bliley Act provides, among other things, regulations regarding the way financial institutions can handle private information belonging to their customers.

Question 25

Why should you avoid deleting log files on a daily basis?
A) An incident may not be discovered for several days and valuable evidence could be lost.
B) Disk space is cheap, and log files are used frequently.
C) Log files are protected and cannot be altered.
D) Any information in a log file is useless after it is several hours old.

Answer 25

An incident may not be discovered for several days and valuable evidence could be lost.

Log files contain a large volume of generally useless information. However, when you are trying to track down a problem or an incident, they can be invaluable. Even if an incident is discovered as it is happening, it may have been preceded by other incidents. Log files provide valuable clues and should be protected and archived.

Question 26

What type of detected incident allows the most time for an investigation?
A) Compromise
B) Denial of service
C) Malicious code
D) Scanning

Answer 26

Scanning

Scanning incidents are generally reconnaissance attacks. The real damage to a system comes in the subsequent attacks, so you may have some time to react if you detect the scanning attack early.

Question 27

What provision of the European Union's privacy safe harbor requires that organizations only share information with other organizations that comply with the safe harbor provisions?
A) Notice
B) Choice
C) Onward transfer
D) Enforcement

Answer 27

Onward transfer

The onward transfer provisions of the safe harbor require that organizations share data only with other organizations that comply with the safe harbor principles.

Question 28

What is the most important rule to follow when collecting evidence?
A) Do not turn off a computer until you photograph the screen.
B) List all people present while collecting evidence.
C) Never modify evidence during the collection process.
D) Transfer all equipment to a secure storage location.

Answer 28

Never modify evidence during the collection process.

Although the other options have some merit in individual cases, the most important rule is to never modify, or taint, evidence. If you modify evidence, it becomes inadmissible in court.

Question 29

Which federal government agency has responsibility for ensuring the security of government computer systems that are not used to process sensitive and/or classified information?
A) National Security Agency
B) Federal Bureau of Investigation
C) National Institute of Standards and Technology
D) Secret Service

Answer 29

National Institute of Standards and Technology

The National Institute of Standards and Technology (NIST) is charged with the security management of all federal government computer systems that are not used to process sensitive national security information. The National Security Agency (part of the Department of Defense) is responsible for managing those systems that do process classified and/or sensitive information.

Question 30

Which one of the following types of licensing agreements does not require that the user acknowledge that they have read the agreement prior to executing it?
A) Standard license agreement
B) Shrink-wrap agreement
C) Click-wrap agreement
D) Verbal agreement

Answer 30

Shrink-wrap agreement

Shrink-wrap license agreements become effective when the user opens a software package. Clickwrap agreements require the user to click a button during the installation process to accept the terms of the license agreement. Standard license agreements require that the user sign a written agreement prior to using the software. Verbal agreements are not normally used for software licensing but also require some active degree of participation by the software user.

Question 31

Which one of the following is not a requirement that Internet service providers must satisfy in order to gain protection under the “transitory activities” clause of the Digital Millennium Copyright Act?
A) The service provider and the originator of the message must be located in different states.
B) The transmission, routing, provision of connections, or copying must be carried out by an automated technical process without selection of material by the service provider.
C) Any intermediate copies must not ordinarily be accessible to anyone other than anticipated recipients and must not be retained for longer than reasonably necessary.
D) The transmission must be originated by a person other than the provider.

Answer 31

The service provider and the originator of the message must be located in different states.

The Digital Millennium Copyright Act does not include any geographical location requirements for protection under the “transitory activities” exemption. The other options are three of the five mandatory requirements. The other two requirements are that the service provider must not determine the recipients of the material and the material must be transmitted with no modification to its content.

Question 32

Which law first required operators of federal interest computer systems to undergo periodic training in computer security issues?
A) Computer Security Act
B) National Infrastructure Protection Act
C) Computer Fraud and Abuse Act
D) Electronic Communications Privacy Act

Answer 32

Computer Security Act

The Computer Security Act requires mandatory periodic training for all people involved in managing, using, or operating federal computer systems that contain sensitive information.

Question 33

Which one of the following is not a valid legal reason for processing information about an individual under the European Union's data privacy directive?
A) Contract
B) Legal obligation
C) Marketing needs
D) Consent

Answer 33

Marketing needs

Marketing needs are not a valid reason for processing personal information, as defined by the European Union privacy directive.

Question 34

Which one of the following laws is not designed to protect the privacy rights of consumers and Internet users?
A) Health Insurance Portability and Accountability Act
B) Identity Theft Assumption and Deterrence Act
C) USA PATRIOT Act
D) Gramm-Leach-Bliley Act

Answer 34

USA PATRIOT Act

The USA PATRIOT Act was adopted in the wake of the September 11, 2001, terrorist attacks. It broadens the powers of the government to monitor communications between private citizens and therefore actually weakens the privacy rights of consumers and Internet users. The other laws mentioned all contain provisions designed to enhance individual privacy rights.

Question 35

Which of the following actions are considered unacceptable and unethical according to RFC 1087, “Ethics and the Internet”?
A) Actions that compromise the privacy of classified information
B) Actions that compromise the privacy of users
C) Actions that disrupt organizational activities
D) Actions in which a computer is used in a manner inconsistent with a stated security policy

Answer 35

Actions that compromise the privacy of users

RFC 1087 does not specifically address the statements in A, C, or D. Although each type of activity listed is unacceptable, only “actions that compromise the privacy of users” are explicitly identified in RFC 1087.

Question 36

What is a computer crime?
A) Any attack specifically listed in your security policy
B) Any illegal attack that compromises a protected computer
C) Any violation of a law or regulation that involves a computer
D) Failure to practice due diligence in computer security

Answer 36

Any violation of a law or regulation that involves a computer

A crime is any violation of a law or regulation. The violation stipulation defines the action as a crime. It is a computer crime if the violation involves a computer either as the target or as a tool.

Question 37

What are ethics?
A) Mandatory actions required to fulfill job requirements
B) Laws of professional conduct
C) Regulations set forth by a professional organization
D) Rules of personal behavior

Answer 37

Rules of personal behavior

Ethics are simply rules of personal behavior. Many professional organizations establish formal codes of ethics to govern their members, but ethics are personal rules individuals use to guide their lives.

Question 38

Which of the following conditions might require that you report an incident? (Choose all that apply.)
A) Confidential information protected by government regulation was possibly disclosed.
B) Damages exceeded $1,500.
C) The incident has occurred before.
D) The incident resulted in a violation of a law.

Answer 38

Confidential information protected by government regulation was possibly disclosed.
The incident resulted in a violation of a law.

You must report an incident when the incident resulted in the violation of a law or regulation. This includes any damage (or potential damage) to or disclosure of protected information.

Question 39

What is the main purpose of a military and intelligence attack?
A) To attack the availability of military systems
B) To obtain secret and restricted information from military or law enforcement sources
C) To utilize military or intelligence agency systems to attack other nonmilitary sites
D) To compromise military systems for use in attacks against other systems

Answer 39

To obtain secret and restricted information from military or law enforcement sources

A military and intelligence attack is targeted at the classified data that resides on the system. To the attacker, the value of the information justifies the risk associated with such an attack. The information extracted from this type of attack is often used to plan subsequent attacks.

Question 40

What goal is not a purpose of a financial attack?
A) Access services you have not purchased
B) Disclose confidential personal employee information
C) Transfer funds from an unapproved source into your account
D) Steal money from another organization

Answer 40

Disclose confidential personal employee information

A financial attack focuses primarily on obtaining services and funds illegally.

Question 41

Which one of the following attacks is most indicative of a terrorist attack?
A) Altering sensitive trade secret documents
B) Damaging the ability to communicate and respond to a physical attack
C) Stealing unclassified information
D) Transferring funds to other countries

Answer 41

Damaging the ability to communicate and respond to a physical attack

A terrorist attack is launched to interfere with a way of life by creating an atmosphere of fear. A computer terrorist attack can reach this goal by reducing the ability to respond to a simultaneous physical attack.

Question 42

Hacktivists are motivated by which of the following factors? (Choose all that apply.)
A) Financial gain
B) Thrill
C) Skill
D) Political beliefs

Answer 42

Thrill
Political beliefs

Hacktivists (the word is a combination of hacker and activist) often combine political motivations with the thrill of hacking. They organize themselves loosely into groups with names like Anonymous and Lolzsec and use tools like the Low Orbit Ion Cannon to create large-scale denial-of-service attacks with little knowledge required.

Question 43

What form of intellectual property is used to protect words, slogans, and logos?
A) Patent
B) Copyright
C) Trademark
D) Trade secret

Answer 43

Trademark

Trademarks are used to protect the words, slogans, and logos that represent a company and its products or services.

Question 44

What law formalizes many licensing arrangements used by the software industry and attempts to standardize their use from state to state?
A) Computer Security Act
B) Uniform Computer Information Transactions Act
C) Digital Millennium Copyright Act
D) Gramm-Leach-Bliley Act

Answer 44

Uniform Computer Information Transactions Act

The Uniform Computer Information Transactions Act (UCITA) attempts to implement a standard framework of laws regarding computer transactions to be adopted by all states. One of the issues addressed by UCITA is the legality of various types of software license agreements.