The categories of laws in the U.S. are:
Civil, criminal, administrative, and family
Intellectual, privacy, and computer crime
Criminal, civil, and administrative
Criminal, civil, and family
Trademarks, copyrights, and patents are all a part of:
Intellectual property law
Civil law
Administrative law
Private property law
An organization has developed a new type of printer. What approach should the organization take to protect this invention?
Trade secret
Copyright
Trademark
Patent
A financial services organization is required to protect information about its customers. Which of these laws requires this protection:
HIPAA
COPPA
CALEA
GLBA
A suspect has been forging credit cards with the purpose of stealing money from their owners through ATM withdrawals. Under which U.S. law is this suspect most likely to be prosecuted?
Computer Fraud and Abuse Act
Access Device Fraud
Computer Security Act
Sarbanes-Oxley Act
Which U.S. law gives law enforcement organizations greater powers to search telephone, e-mail, banking, and other records?
Patriot Act
Communications Assistance for Law Enforcement Act
Federal Information Security Management Act
Gramm-Leach-Bliley Act
The Payment Card Industry Data Security Standard (PCI DSS) requires encryption of credit card in which circumstances:
Stored in databases, stored in flat files, and transmitted over public and private networks
Stored in databases, and transmitted over public networks
Stored in databases, stored in flat files, and transmitted over public networks
Stored in databases, and transmitted over public and private networks
A security incident as defined as:
Unauthorized entry
Exposure of sensitive information
Theft of sensitive information
Violation of security policy
The phases of a comprehensive security incident plan are:
Declaration, triage, investigation, analysis, containment, recovery, debriefing
Investigation, analysis, containment, recovery, debriefing
Declaration, triage, containment, recovery, debriefing
Declaration, triage, investigation, analysis, documentation, containment, recovery, debriefing
A security manager has discovered that sensitive information stored on a server has been compromised. The organization is required by law to notify law enforcement. What should the security manager do first to preserve evidence on the server:
Disconnect power to the server
Back up the server
Shut down the server
Notify management
All of the following statements about a security incident plan are correct EXCEPT:
The plan should be tested annually
The plan should be reviewed annually
The plan should be published annually
Training on plan procedures should be performed annually
The purpose of a security incident debrief is all of the following EXCEPT:
Review of log files
Review of technical architecture
Review of operational procedures
Review of technical controls
Why would a forensic examiner wish to examine a computer’s surroundings during a forensic investigation?
Evaluate cleanliness
Interrogate the suspect
Search for DNA evidence
Search for any removable media and documents
A case of employee misconduct that is the subject of a forensic investigation will likely result in a court proceeding. What should included in the forensic investigation:
Legible notes on all activities
Law enforcement investigation
Chain of custody for all evidence
Dual custody for all evidence
The (ISC)2 code of ethics includes all of the following EXCEPT:
Provide diligent and competent service to principals
Protect society and the infrastructure
Act honorably, honestly, justly, responsibly, and legally
Advance and protect the profession
A security manager has been asked to investigate employee behavior on the part of a senior manager. The investigation has shown that the subject has suffered a serious lapse in judgment and has violate the organization’s code of conduct. The security manager has been asked to keep the results of the investigation a secret. How should the security manager respond?
Leak the results of the investigation to the media
Cover up the results of the investigation
Deliver the results of the investigation a recommendations for next steps to his superiors
Notify law enforcement
A forensics investigator has been asked to examine the workstation used by an employee who has been known to misbehave in the past. This investigation is related to more potential misconduct. What approach should the investigator take in this new investigation?
Approach this investigation objectively, without regard to the history of this employee’s conduct
Approach this investigation subjectively, given the history of this employee’s conduct
Assume the employee is guilty and search for evidence to support this
Assume the employee is innocent and search for evidence to refute this
The allegation that an employee has violated company policy by downloading child pornography onto a company workstation should result in:
Notification of affected customers
Termination of the employee
The declaration of a security incident
A forensic investigation and possible disciplinary action
An organization has developed its first-ever computer security incident response procedure. What type of test should be undertaken first?
Parallel test
Simulation
Walkthrough
Document review
An organization’s security incident management strategy consists of response procedures to be used when an incident occurs. What other measures should the organization undertake:
None
Develop proactive procedures to aid in incident prevention
Train selected personnel on incident response procedures
Partner with law enforcement on incident response procedures
The purpose of the containment step in a security incident response plan is:
To prevent the spread of the incident
To recover the affected system to its pre-incident state
To isolate the system
To collect evidence for possible disciplinary action or prosecution
The U.S. law that made sending unsolicited commercial e-mail illegal is:
STOP-SPAM
DMCA
Controlling The Assault of Non-Solicited Pornography and Marketing Act
The purpose of administrative laws in the U.S. is:
To define courtroom and law enforcement procedures
To define activities such as assault, arson, theft, burglary, bribery, and perjury
To define contract, tort, property, employment, and corporate law
To regulate the operation of U.S. government agencies
The U.S. Code defines:
Both criminal and civil laws
Administrative laws
Civil laws
Criminal laws
The type of intellectual property law that protects a written work is known as:
Service mark