Senior management can delegate the liability for organizational security to network administrators. True False false - delegate their task not responsibility or liability. Performing semi-annual internal audits on security controls is an example of Due Diligence. True False Hiring a security officer to ensure compliance with an organization’s mid-term iniatives is an example of a ____________ goal. Strategic Operational Tactical Security ______________ are detailed step-by-step tasks that are performed to achieve a certain goal. Standards Procedures Policies Guidelines __________ goals are long-term goals that are aligned with an organization’s IT goals. Security Strategic Tactical Operational A specific plan, such as an Incident Response Plan, is an example of an ______________ goal. Operational Tactical Strategic Security An overall statement made by senior management that dictates the role that security will play within the organization is an example of a(an) Security Plan Security Baseline Security Standard Security Policy Which of the following is not an aspect of a security policy
must be kept confidential A(n) ___________ security policy assigns responsibilities for security within the organization. system-specific organizational issue-specific baseline A firewall policy is an example of a(n) ___________ security policy. issue-specific system-specific baseline organizational A policy that is designed to implement a specific set of rules or laws, such as HIPAA, is an example of a(n) _______________ policy. advisory informative security regulatory A Rules of Behavior or Acceptable Use Policy that specifies the behaviors that a company considers acceptable or not acceptable is an example of a(n) ____________ policy. advisory informative regulatory security ______________ are mandatory activities, actions, or rules established by an organization. Baselines Standards Guidelines Policies A federal act that requires government agencies to implement security programs is known as HIPAA ISO 27001 CoBiT FISMA Wally’s Widget World wants to establish a security program. Which of the following might be useful to this goal? ISO 27004 CoBiT FISMA ISO 27001 The policy statement “System Administrators will ensure that hard drives are securely wiped three times before disposal” would likely be found in which of the following policy documents? Acceptable Use Policy BYOD Policy Data Retention and Destruction Policy Intellectual Property Policy Data Retention and Destruction Policy Identity theft is a federal crime. True False Under the CAN-SPAM Act, it is illegal to send spam. True False _____ governs the prosecution of those charged with serious offenses against public order, such as murder. Criminal law Administrative law Tort law Civil law Which of the following lack contractual capacity to enter into a contract: A and B Neither A nor B People who are mentally incompetent Children under the age of 18 The term _____________ refers to software license agreements that are included within a box of physical-media software. browsewrap contract click-wrap contract shrink-wrap contract none of the above A ___________________ is usually presented to a user when they are purchasing software or services via the Internet. browsewrap contract none of the above click-wrap contract shrink-wrap contract The purpose of the ____________ is to remove barriers to electronic commerce by validating electronic contracts. Electronic Signatures Act (ESA) Electronic Communications Act (ECA) Uniform Commercial Code (UCC) Uniform Electronic Transactions Act (UETA) Uniform Electronic Transactions Act (UETA) A(n) _____________________ is an invitation to enter into a relationship or transaction of some kind. offer negotiation acceptance capacity Historically, a contract acceptance had to have exactly the same words and terms as the original offer. This was called __________________. the mailbox rule the mirror image rule None of the above. meeting of the minds The power of a court to decide certain types of cases is ______________ jurisdiction. none of the above supreme personal subject matter The first federal legislation that identified computer crimes as distinct offenses: Computer Fraud and Abuse Act U.S. PATRIOT Act None of the above Identity Theft and Assumption Deterrence Act Computer Fraud and Abuse Act ______________________ law deals with crimes, but _______________ law governs disputes between individuals. Criminal, tort Tort, criminal Phishing crimes would most likely be prosecuted under which federal act? CAN-SPAM Anti-Phishing Consumer Protection Act Identity Theft and Assumption Deterrence Act CFAA Identity Theft and Assumption Deterrence Act A website operator who did not appropriately secure his web server could be liable under which type of tort? Answers: Intentional None of the above Negligence Strict liability ___________________ is a legal concept that means people can be held responsible for their actions, even when they didn’t intend to cause harm to another person. Unintentional liability Strict liablility Negligent liability Intentional liability Which of the following Amendment to the Bill of Rights is one that many system owners require users to “waive” by using banne _________________ is the area of law that protects a person’s creative ideas, inventions. and innovations. Civil law Intellectual property law Export controls regulations Criminal law Intellectual property law Utility, plan, and design are all types of _________________ Patents None of the above Trademarks Copyrights A ________________ protects the formulas, processes, methods, and information that give a business a competitive edge. strict liability utility patent trade secret copyright _________________ are used to protect words, logos, and symbols that identify a product or service. Patents Trademarks Trade secrets Strict liability Which would be a violation of copyright law?
Copyrighted material is protected ________________. forever as soon as it is formally registered as soon as it is created only if it has the copyright symbol attached to it What is required for an invention or discovery to be patentable? Must be novel Must be useful Must be non-obvious All of the above Copyright for written works lasts
The life of the author plus 70 years after death Allof the following are exmaples of consumer financial information except: Employment history Address and telephone numbers Social Security numbers Biometric data The purpose of the _______________ is to address financial uncertainty and provide the nation with a more stable economy.
The mission of the __________________ is to protect consumers and to make certain that business is competitive by elminating practices that are harmful to businesses.
Federal Trade Commission (FTC) Which Gramm-Leach-Bliley Act rule requires fedreal bank regulatory agencies, the SEC, and the FTC, to issue security standards for the institutions that they regulate? Pretexting Rule Privacy Rule Safeguards Rule Red Flag Rule A business merchant wants to accept credit card payments. Which of the following must the merchant follow to ensure the safetey of those payments and cardholder data? GLBA SOX FISMA PCI-DSS Which Act established the public’s right to request information from federal agencies? Mail Privacy Statute Privacy Act of 1974 Electronic Communications Privacy Act Freedom of Information Act Freedom of Information Act Which of the following is a true statement regarding “privacy”?
The ____________protects the information of children online.
Children’s Online Privacy Protection Act (COPPA) Which ensures that children won’t be expsosed to obscene materials on the Internet while at public libraries and schools?
Which of the following is true regarding COPPA and CIPA rules? COPPA defines a minor as under the age of 13, while CIPA defines a minor as under the age of 17 None of the above.; COPPA defines a minor as under the age of 13, while CIPA defines a minor as under the age of 17 The ________ Amendment protects people from unreasonable government search and seizure. Second Seventh Fourth First The _______________ governs access to the contents of stored communications, as well as access to transmission data about the communications. Pen Register and Trap and Trace Statute USA Patriot Act Electronic Communications Privacy Act Wiretap Act Electronic Communications Privacy Act HIPAA’s _______________ provisions are designed to encourage “the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information.” Genetic Information Non-Discrimination Act Administrative Simplification Privacy Rule Security Rule Administrative Simplification All of the following are examples of protected health information (PHI) except: Information regarding physical or mental health Past, present, or future health information Publically available information regarding insurance companies Payments for health care Publically available information regarding insurance companies With respect to protected health information, HIPAA: Requires state laws to mirror HIPAA rules Prohibits state laws that are contrary to HIPAA Is automatically the controlling law in the event of a conflict with a state law Forbids the creation of any state laws protecting health information Prohibits state laws that are contrary to HIPAA The state with some of the strictest patient privacy protection is: California. Virginia Alabama Texas The HIPAA _____________ states how covered entitites must protect the confidentiality, integrity, and availability of electronic personal health information. Administrative Simplification Rule Red Flag Rule Privacy Rule The main goal of __________________ is to protect shareholders and investors from financial fraud. Sarbanes-Oxley Act (SOX) Public Company Accounting Oversight Board Securities and Exchange Commission Gramm-Leach Bliley Act Congress created the ____________ in response to the September 11, 2001, terrorist attacks. Federal Information Security Management Act (FISMA) Computer Security Act (CSA) Office of Management and Budget (OMB) National Security Agency (NSA) Federal Information Security Management Act (FISMA) ________________ restrict the transmission of certain types of information to non-US citizens or non-permanent residents who are located in the United States. Social media sites Export control regulations Import control regulations Office of International Information Transference Export control regulations The ________________ requires all federal agencies to create a breach notification plan. Office of Management and Budget (OMB) Computer Security Act (CSA) Department of Homeland Security (DHS) Federal Information and Security Management Act (FISMA) Office of Management and Budget (OMB) The ________________ was created by Congress to protect data collected by the government. Federal Information and Security Management Act (FISMA) Privacy Act of 1974 E-Government Act of 2002 Computer Security Act (CSA) Under the ____________, federal agencies must 1) review their IT sytems for privacy risks, 2) post privacy policies on their Web sites, 3) post machine-readable privacy policies on their Web sites, and 4) report privacy activities to OMB None of the Above E-Government Act of 2002 Computer Security Act (CSA) Privacy Act of 1974 FISMA requires the Department of Commerce to create information security standards and guidelines. To which of the following organizations did the Department of Commerce delegate this responbility? U.S. Government Accountability Office (GAO) Office of Management and Budget (OMB) National Institute of Standards and Technology (NIST) FISMA requires federal agencies to secure national security systems using a risk-based approach, but this does not apply to _____________ information. intellectual property sensitive personally identifiable classified Which was the first state to have a breach notification law? California Utah Arizona New York Which of the following FIPPS principles addresses ensuring that individuals are told of how the data collected on them is to be used? Collection minimization/limitation Purpose specification Use limitation Accountability A _______________ is a notice that is provided by an agency of a new system that is collecting information on indivdiuals. Systems of Records Notice (SORN) System of Records (SOR) Privacy Threshold Analysis Privacy Impact Assessment Systems of Records Notice (SORN) · When performing computer forensics, what is a potential source of digital evidence? door handle faxed documents none of the above cell phone A judge or jury can consider only _____________ evidence when they decide cases. digital real admissable current What is a forensic duplicate image? A backup copy of the original data A backup copy of digital evidence made in a forensic lab A system image A bit-by-bit copy of the original storage media A bit-by-bit copy of the original storage media Data that is stored in memory is Volatile Static Persistent Volatile Forensically sound At a federal level, what is the name of the main guidance regarding the submission of evidence at a trial? Federal Rules of Evidence Rules of Evidence Admissibility Federal Admissibility Rules Daubert Rules Federal Rules of Evidence What does the best evidence rule require? That hearsay evidence must be delivered by an expert witness That all evidence must be submitted in digital form whenever possible That all evidence must be forensically
sound That original documents be used at trial. That original documents be used at trial. Which of the following is not an exception to the Fourth Amendment’s search warrant requirement? Plain view doctrine Exigent circumstances Interference Consent The purpose of computer forensics is to: Find evidence that helps investigators analyze an event or incident None of the above Manage risk Aid organizations in developing a risk mitigation plan Find evidence that helps investigators analyze an event or incident Which of the following is true regarding Locard’s exchange principle? People leave trace evidence in the physical world, but not in the digital world Computer forensic specialists do not need to understand the laws of evidence and legal procedure, only good evidence collection procedures People leave trace evidence whenever they interact with other people and with their surroundings All of the above People leave trace evidence whenever they interact with other people and with their surroundings CCE, CCFE, CFCE, and GCFA are all examples of Computer forensic examiner certifications Federal computer forensic oversight boards State agencie that regulate how digital evidence is collected Federal agencies
empowered to license forensic examiners Computer forensic examiner certifications All of the following statements are true except:
All evidence is admissable regardless of collection methods as long as it is reproducible in a tangible form. During the ____________ phase of an investigation, computer forensic examiners secure the crime scene and ensure that no one tampers with, or modifies, evidence. preservation identification examination collection Which of the following is NOT true regarding chain of custody? It’s a journal that records every interaction that a person or object has with the evidence. It’s used to prove that evidence is reliable. It’s used to help prove evidence is admissible. It’s used to record all details about the scene of a crime. It’s used to record all details about the scene of a crime. The test for measuring the reliability of a scientific methodlogy in computer forensic investigations is called the ____________ test. best evidence Daubert federal evidence None of the above. Which of the following is NOT a Daubert test to determine the reliability of evidence gathered by a specific tool? Does the tool have a known error rate? Has the tool been tested? Does the tool function manually
or electronically? Has the tool been peer reviewed? Does the tool function manually or electronically? |