Senior management can delegate the liability for organizational security to network administrators. True False
false - delegate their task not responsibility or liability.
Performing semi-annual internal audits on security controls is an example of Due Diligence. True False
Hiring a security officer to ensure compliance with an organization’s mid-term iniatives is an example of a ____________ goal.
Strategic
Operational
Tactical
Security
______________ are detailed step-by-step tasks that are performed to achieve a certain goal.
Standards
Procedures
Policies
Guidelines
__________ goals are long-term goals that are aligned with an organization’s IT goals.
Security
Strategic
Tactical
Operational
A specific plan, such as an Incident Response Plan, is an example of an ______________ goal.
Operational
Tactical
Strategic
Security
An overall statement made by senior management that dictates the role that security will play within the organization is an example of a(an)
Security Plan Security Baseline Security Standard Security Policy
Which of the following is not an aspect of a security policy
- must be developed to integrate security into all business functions and processes
- must be easily understood by all
- must be kept confidential
- must be generic
must be kept confidential
A(n) ___________ security policy assigns responsibilities for security within the organization.
system-specific
organizational
issue-specific
baseline
A firewall policy is an example of a(n) ___________ security policy.
issue-specific
system-specific
baseline
organizational
A policy that is designed to implement a specific set of rules or laws, such as HIPAA, is an example of a(n) _______________ policy.
advisory
informative
security
regulatory
A Rules of Behavior or Acceptable Use Policy that specifies the behaviors that a company considers acceptable or not acceptable is an example of a(n) ____________ policy.
advisory
informative
regulatory
security
______________ are mandatory activities, actions, or rules established by an organization.
Baselines
Standards
Guidelines
Policies
A federal act that requires government agencies to implement security programs is known as
HIPAA
ISO 27001
CoBiT
FISMA
Wally’s Widget World wants to establish a security program. Which of the following might be useful to this goal?
ISO 27004
CoBiT
FISMA
ISO 27001
The policy statement “System Administrators will ensure that hard drives are securely wiped three times before disposal” would likely be found in which of the following policy documents?
Acceptable Use Policy
BYOD Policy
Data Retention and Destruction Policy
Intellectual Property Policy
Data Retention and Destruction Policy
Identity theft is a federal crime.
True
False
Under the CAN-SPAM Act, it is illegal to send spam.
True
False
_____ governs the prosecution of those charged with serious offenses against public order, such as murder.
Criminal law
Administrative law
Tort law
Civil law
Which of the following lack contractual capacity to enter into a contract:
A and B
Neither A nor B
People who are mentally incompetent
Children under the age of 18
The term _____________ refers to software license agreements that are included within a box of physical-media software.
browsewrap contract
click-wrap contract
shrink-wrap contract
none of the above
A ___________________ is usually presented to a user when they are purchasing software or services via the Internet.
browsewrap contract
none of the above
click-wrap contract
shrink-wrap contract
The purpose of the ____________ is to remove barriers to electronic commerce by validating electronic contracts.
Electronic Signatures Act (ESA)
Electronic Communications Act (ECA)
Uniform Commercial Code (UCC)
Uniform Electronic Transactions Act (UETA)
Uniform Electronic Transactions Act (UETA)
A(n) _____________________ is an invitation to enter into a relationship or transaction of some kind.
offer
negotiation
acceptance
capacity
Historically, a contract acceptance had to have exactly the same words and terms as the original offer. This was called __________________.
the mailbox rule
the mirror image rule
None of the above.
meeting of the minds
The power of a court to decide certain types of cases is ______________ jurisdiction.
none of the above
supreme
personal
subject matter
The first federal legislation that identified computer crimes as distinct offenses:
Computer Fraud and Abuse Act
U.S. PATRIOT Act
None of the above
Identity Theft and Assumption Deterrence Act
Computer Fraud and Abuse Act
______________________ law deals with crimes, but _______________ law governs disputes between individuals.
Criminal, tort
Criminal, contract
Criminal, civil
Tort, criminal
Phishing crimes would most likely be prosecuted under which federal act?
CAN-SPAM
Anti-Phishing Consumer Protection Act
Identity Theft and Assumption Deterrence Act
CFAA
Identity Theft and Assumption Deterrence Act
A website operator who did not appropriately secure his web server could be liable under which type of tort?
Answers:
Intentional
None of the above
Negligence
Strict liability
___________________ is a legal concept that means people can be held responsible for their actions, even when they didn’t intend to cause harm to another person.
Unintentional liability
Strict liablility
Negligent liability
Intentional liability
Which of the following Amendment to the Bill of Rights is one that many system owners require users to “waive” by using banne
_________________ is the area of law that protects a person’s creative ideas, inventions. and innovations.
Civil law
Intellectual property law
Export controls regulations
Criminal law
Intellectual property law
Utility, plan, and design are all types of _________________
Patents
None of the above
Trademarks
Copyrights
A ________________ protects the formulas, processes, methods, and information that give a business a competitive edge.
strict liability
utility patent
trade secret
copyright
_________________ are used to protect words, logos, and symbols that identify a product or service.
Patents
Trademarks
Trade secrets
Strict liability
Which would be a violation of copyright law?
- Copying a photograph or image from the web and posting it onto your own webpage
- Copying a blog post and posting it in your own blog
- Copying the source code of a webpage or program and using it in your own webpage or program
- All of the above
Copyrighted material is protected ________________.
forever
as soon as it is formally registered
as soon as it is created
only if it has the copyright symbol attached to it
What is required for an invention or discovery to be patentable?
Must be novel
Must be useful
Must be non-obvious
All of the above
Copyright for written works lasts
- The life of the author plus 70 years after death
- Forever
- 25 years
- 1 year or until re-registered
The life of the author plus 70 years after death
Allof the following are exmaples of consumer financial information except:
Employment history
Address and telephone numbers
Social Security numbers
Biometric data
The purpose of the _______________ is to address financial uncertainty and provide the nation with a more stable economy.
- Federal Deposit Insurance Company
- Federal Reserve System
- Office of the Comptroller of the Currency
- Office of Thrift Supervision
The mission of the __________________ is to protect consumers and to make certain that business is competitive by elminating practices that are harmful to businesses.
- Federal Trade Commission (FTC)
- Federal Financial Institutions Examination Council (FFIEC)
- National Credit Union Administration (NCUA)
- Office of Thrift
Supervision
Federal Trade Commission (FTC)
Which Gramm-Leach-Bliley Act rule requires fedreal bank regulatory agencies, the SEC, and the FTC, to issue security standards for the institutions that they regulate?
Pretexting Rule
Privacy Rule
Safeguards Rule
Red Flag Rule
A business merchant wants to accept credit card payments. Which of the following must the merchant follow to ensure the safetey of those payments and cardholder data?
GLBA
SOX
FISMA
PCI-DSS
Which Act established the public’s right to request information from federal agencies?
Mail Privacy Statute
Privacy Act of 1974
Electronic Communications Privacy Act
Freedom of Information Act
Freedom of Information Act
Which of the following is a true statement regarding “privacy”?
- An individual’s right to control the use of and disclosure of personal information
- Private personal information may become public under the Freedom of Information Act
- A security service we provide to our customers
- All of the above
The ____________protects the information of children online.
- Children’s Online Privacy Protection Act (COPPA)
- Children’s Online Privacy Protection Act (COPPA)
- Children’s Internet Protection Act (CIPA)
- Family Educational Rights and
Privacy Act (FERPA)
- Health Insurance Portability and Accountability Act (HIPAA)
Children’s Online Privacy Protection Act (COPPA)
Which ensures that children won’t be expsosed to obscene materials on the Internet while at public libraries and schools?
- HIPAA
- CIPA
- FERPA
- COPPA
Which of the following is true regarding COPPA and CIPA rules?
COPPA defines a minor as under the age of 13, while CIPA defines a minor as under the age of 17
Both define a minor as anyone under the age of 17
Both define a minor as anyone under the age of 13
None of the above.;
COPPA defines a minor as under the age of 13, while CIPA defines a minor as under the age of 17
The ________ Amendment protects people from unreasonable government search and seizure.
Second
Seventh
Fourth
First
The _______________ governs access to the contents of stored communications, as well as access to transmission data about the communications.
Pen Register and Trap and Trace Statute
USA Patriot Act
Electronic Communications Privacy Act
Wiretap Act
Electronic Communications Privacy Act
HIPAA’s _______________ provisions are designed to encourage “the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information.”
Genetic Information Non-Discrimination Act
Administrative Simplification
Privacy Rule
Security Rule
Administrative Simplification
All of the following are examples of protected health information (PHI) except:
Information regarding physical or mental health
Past, present, or future health information
Publically available information regarding insurance companies
Payments for health care
Publically available information regarding insurance companies
With respect to protected health information, HIPAA:
Requires state laws to mirror HIPAA rules
Prohibits state laws that are contrary to HIPAA
Is automatically the controlling law in the event of a conflict with a state law
Forbids the creation of any state laws protecting health information
Prohibits state laws that are contrary to HIPAA
The state with some of the strictest patient privacy protection is:
California.
Virginia
Alabama
Texas
The HIPAA _____________ states how covered entitites must protect the confidentiality, integrity, and availability of electronic personal health information.
Administrative Simplification Rule
Red Flag Rule
Privacy Rule
The main goal of __________________ is to protect shareholders and investors from financial fraud.
Sarbanes-Oxley Act (SOX)
Public Company Accounting Oversight Board
Securities and Exchange Commission
Gramm-Leach Bliley Act
Congress created the ____________ in response to the September 11, 2001, terrorist attacks.
Federal Information Security Management Act (FISMA)
Computer Security Act (CSA)
Office of Management and Budget (OMB)
National Security Agency (NSA)
Federal Information Security Management Act (FISMA)
________________ restrict the transmission of certain types of information to non-US citizens or non-permanent residents who are located in the United States.
Social media sites
Export control regulations
Import control regulations
Office of International Information Transference
Export control regulations
The ________________ requires all federal agencies to create a breach notification plan.
Office of Management and Budget (OMB)
Computer Security Act (CSA)
Department of Homeland Security (DHS)
Federal Information and Security Management Act (FISMA)
Office of Management and Budget (OMB)
The ________________ was created by Congress to protect data collected by the government.
Federal Information and Security Management Act (FISMA)
Privacy Act of 1974
E-Government Act of 2002
Computer Security Act (CSA)
Under the ____________, federal agencies must 1) review their IT sytems for privacy risks, 2) post privacy policies on their Web sites, 3) post machine-readable privacy policies on their Web sites, and 4) report privacy activities to OMB
None of the Above
E-Government Act of 2002
Computer Security Act (CSA)
Privacy Act of 1974
FISMA requires the Department of Commerce to create information security standards and guidelines. To which of the following organizations did the Department of Commerce delegate this responbility?
U.S. Government Accountability Office (GAO)
National Institute of Standards and Technology (NIST)
Institute of
Electrical and Electronics Engineers (IEEE)
Office of Management and Budget (OMB)
National Institute of Standards and Technology (NIST)
FISMA requires federal agencies to secure national security systems using a risk-based approach, but this does not apply to _____________ information.
intellectual property
sensitive
personally identifiable
classified
Which was the first state to have a breach notification law?
California
Utah
Arizona
New York
Which of the following FIPPS principles addresses ensuring that individuals are told of how the data collected on them is to be used?
Collection minimization/limitation
Purpose specification
Use limitation
Accountability
A _______________ is a notice that is provided by an agency of a new system that is collecting information on indivdiuals.
Systems of Records Notice (SORN)
System of Records (SOR)
Privacy Threshold Analysis
Privacy Impact Assessment
Systems of Records Notice (SORN)
· When performing computer forensics, what is a potential source of digital evidence?
door handle
faxed documents
none of the above
cell phone
A judge or jury can consider only _____________ evidence when they decide cases.
digital
real
admissable
current
What is a forensic duplicate image?
A backup copy of the original data
A backup copy of digital evidence made in a forensic lab
A system image
A bit-by-bit copy of the original storage media
A bit-by-bit copy of the original storage media
Data that is stored in memory is
Volatile
Static
Persistent
Volatile
Forensically sound
At a federal level, what is the name of the main guidance regarding the submission of evidence at a trial?
Federal Rules of Evidence
Rules of Evidence Admissibility
Federal Admissibility Rules
Daubert Rules
Federal Rules of Evidence
What does the best evidence rule require?
That hearsay evidence must be delivered by an expert witness
That all evidence must be submitted in digital form whenever possible
That all evidence must be forensically
sound
That original documents be used at trial.
That original documents be used at trial.
Which of the following is not an exception to the Fourth Amendment’s search warrant requirement?
Plain view doctrine
Exigent circumstances
Interference
Consent
The purpose of computer forensics is to:
Find evidence that helps investigators analyze an event or incident
None of the above
Manage risk
Aid organizations in developing a risk mitigation plan
Find evidence that helps investigators analyze an event or incident
Which of the following is true regarding Locard’s exchange principle?
People leave trace evidence in the physical world, but not in the digital world
Computer forensic specialists do not need to understand the laws of evidence and legal procedure, only good evidence collection procedures
People leave trace evidence whenever they interact with other people and with their surroundings
All of the above
People leave trace evidence whenever they interact with other people and with their surroundings
CCE, CCFE, CFCE, and GCFA are all examples of
Computer forensic examiner certifications
Federal computer forensic oversight boards
State agencie that regulate how digital evidence is collected
Federal agencies
empowered to license forensic examiners
Computer forensic examiner certifications
All of the following statements are true except:
- Forensic examiners must use established practices and procedures when collecting evidence.
- Admissable evidence is good evidence. Inadmissable evidence is bad
evidence.
- All evidence is admissable regardless of collection methods as long as it is reproducible in a tangible form.
- To be admissable, evidence must be collected in a lawful manner.
All evidence is admissable regardless of collection methods as long as it is reproducible in a tangible form.
During the ____________ phase of an investigation, computer forensic examiners secure the crime scene and ensure that no one tampers with, or modifies, evidence.
preservation
identification
examination
collection
Which of the following is NOT true regarding chain of custody?
It’s a journal that records every interaction that a person or object has with the evidence.
It’s used to prove that evidence is reliable.
It’s used to help prove evidence is admissible.
It’s used to record all details about the scene of a crime.
It’s used to record all details about the scene of a crime.
The test for measuring the reliability of a scientific methodlogy in computer forensic investigations is called the ____________ test.
best evidence
Daubert
federal evidence
None of the above.
Which of the following is NOT a Daubert test to determine the reliability of evidence gathered by a specific tool?
Does the tool have a known error rate?
Has the tool been tested?
Does the tool function manually
or electronically?
Has the tool been peer reviewed?
Does the tool function manually or electronically?