Quiz 9

Question 1 of 25

Medal-premium 1

The categories of laws in the U.S. are:

Select one of the following:

  • Civil, criminal, administrative, and family

  • Intellectual, privacy, and computer crime

  • Criminal, civil, and administrative

  • Criminal, civil, and family

Question 2 of 25

Medal-premium 1

Trademarks, copyrights, and patents are all a part of:

Select one of the following:

  • Intellectual property law

  • Civil law

  • Administrative law

  • Private property law

Question 3 of 25

Medal-premium 1

An organization has developed a new type of printer. What approach should the organization take to protect this invention?

Select one of the following:

  • Trade secret

  • Copyright

  • Trademark

  • Patent

Question 4 of 25

Medal-premium 1

A financial services organization is required to protect information about its customers. Which of these laws requires this protection:

Select one of the following:

  • HIPAA

  • COPPA

  • CALEA

  • GLBA

Question 5 of 25

Medal-premium 1

A suspect has been forging credit cards with the purpose of stealing money from their owners through ATM withdrawals. Under which U.S. law is this suspect most likely to be prosecuted?

Select one of the following:

  • Computer Fraud and Abuse Act

  • Access Device Fraud

  • Computer Security Act

  • Sarbanes-Oxley Act

Question 6 of 25

Medal-premium 1

Which U.S. law gives law enforcement organizations greater powers to search telephone, e-mail, banking, and other records?

Select one of the following:

  • Patriot Act

  • Communications Assistance for Law Enforcement Act

  • Federal Information Security Management Act

  • Gramm-Leach-Bliley Act

Question 7 of 25

Medal-premium 1

The Payment Card Industry Data Security Standard (PCI DSS) requires encryption of credit card in which circumstances:

Select one of the following:

  • Stored in databases, stored in flat files, and transmitted over public and private networks

  • Stored in databases, and transmitted over public networks

  • Stored in databases, stored in flat files, and transmitted over public networks

  • Stored in databases, and transmitted over public and private networks

Question 8 of 25

Medal-premium 1

A security incident as defined as:

Select one of the following:

  • Unauthorized entry

  • Exposure of sensitive information

  • Theft of sensitive information

  • Violation of security policy

Question 9 of 25

Medal-premium 1

The phases of a comprehensive security incident plan are:

Select one of the following:

  • Declaration, triage, investigation, analysis, containment, recovery, debriefing

  • Investigation, analysis, containment, recovery, debriefing

  • Declaration, triage, containment, recovery, debriefing

  • Declaration, triage, investigation, analysis, documentation, containment, recovery, debriefing

Question 10 of 25

Medal-premium 1

A security manager has discovered that sensitive information stored on a server has been compromised. The organization is required by law to notify law enforcement. What should the security manager do first to preserve evidence on the server:

Select one of the following:

  • Disconnect power to the server

  • Back up the server

  • Shut down the server

  • Notify management

Question 11 of 25

Medal-premium 1

All of the following statements about a security incident plan are correct EXCEPT:

Select one of the following:

  • The plan should be tested annually

  • The plan should be reviewed annually

  • The plan should be published annually

  • Training on plan procedures should be performed annually

Question 12 of 25

Medal-premium 1

The purpose of a security incident debrief is all of the following EXCEPT:

Select one of the following:

  • Review of log files

  • Review of technical architecture

  • Review of operational procedures

  • Review of technical controls

Question 13 of 25

Medal-premium 1

Why would a forensic examiner wish to examine a computer’s surroundings during a forensic investigation?

Select one of the following:

  • Evaluate cleanliness

  • Interrogate the suspect

  • Search for DNA evidence

  • Search for any removable media and documents

Question 14 of 25

Medal-premium 1

A case of employee misconduct that is the subject of a forensic investigation will likely result in a court proceeding. What should included in the forensic investigation:

Select one of the following:

  • Legible notes on all activities

  • Law enforcement investigation

  • Chain of custody for all evidence

  • Dual custody for all evidence

Question 15 of 25

Medal-premium 1

The (ISC)2 code of ethics includes all of the following EXCEPT:

Select one of the following:

  • Provide diligent and competent service to principals

  • Protect society and the infrastructure

  • Act honorably, honestly, justly, responsibly, and legally

  • Advance and protect the profession

Question 16 of 25

Medal-premium 1

A security manager has been asked to investigate employee behavior on the part of a senior manager. The investigation has shown that the subject has suffered a serious lapse in judgment and has violate the organization’s code of conduct. The security manager has been asked to keep the results of the investigation a secret. How should the security manager respond?

Select one of the following:

  • Leak the results of the investigation to the media

  • Cover up the results of the investigation

  • Deliver the results of the investigation a recommendations for next steps to his superiors

  • Notify law enforcement

Question 17 of 25

Medal-premium 1

A forensics investigator has been asked to examine the workstation used by an employee who has been known to misbehave in the past. This investigation is related to more potential misconduct. What approach should the investigator take in this new investigation?

Select one of the following:

  • Approach this investigation objectively, without regard to the history of this employee’s conduct

  • Approach this investigation subjectively, given the history of this employee’s conduct

  • Assume the employee is guilty and search for evidence to support this

  • Assume the employee is innocent and search for evidence to refute this

Question 18 of 25

Medal-premium 1

The allegation that an employee has violated company policy by downloading child pornography onto a company workstation should result in:

Select one of the following:

  • Notification of affected customers

  • Termination of the employee

  • The declaration of a security incident

  • A forensic investigation and possible disciplinary action

Question 19 of 25

Medal-premium 1

An organization has developed its first-ever computer security incident response procedure. What type of test should be undertaken first?

Select one of the following:

  • Parallel test

  • Simulation

  • Walkthrough

  • Document review

Question 20 of 25

Medal-premium 1

An organization’s security incident management strategy consists of response procedures to be used when an incident occurs. What other measures should the organization undertake:

Select one of the following:

  • None

  • Develop proactive procedures to aid in incident prevention

  • Train selected personnel on incident response procedures

  • Partner with law enforcement on incident response procedures

Question 21 of 25

Medal-premium 1

The purpose of the containment step in a security incident response plan is:

Select one of the following:

  • To prevent the spread of the incident

  • To recover the affected system to its pre-incident state

  • To isolate the system

  • To collect evidence for possible disciplinary action or prosecution

Question 22 of 25

Medal-premium 1

The U.S. law that made sending unsolicited commercial e-mail illegal is:

Select one of the following:

  • STOP-SPAM

  • DMCA

  • Controlling The Assault of Non-Solicited Pornography and Marketing Act

  • Computer Security Act

Question 23 of 25

Medal-premium 1

The purpose of administrative laws in the U.S. is:

Select one of the following:

  • To define courtroom and law enforcement procedures

  • To define activities such as assault, arson, theft, burglary, bribery, and perjury

  • To define contract, tort, property, employment, and corporate law

  • To regulate the operation of U.S. government agencies

Question 24 of 25

Medal-premium 1

The U.S. Code defines:

Select one of the following:

  • Both criminal and civil laws

  • Administrative laws

  • Civil laws

  • Criminal laws

Question 25 of 25

Medal-premium 1

The type of intellectual property law that protects a written work is known as:

Select one of the following:

  • Copyright

  • Trademark

  • Patent

  • Service mark

Icon_fullscreen
Joshua Villy
Quiz by , created over 3 years ago

1 CSI270 Quiz on Quiz 9, created by Joshua Villy on 08/05/2013.

Eye 173
Pin 0
Balloon-left 0
Tags
Joshua Villy
Created by Joshua Villy over 3 years ago
Close