Chapter 9 - Legal Regulations, Investigations, & Compliance Flashcards
Where does the greatest risk of cybercrime come from? A. Outsiders B. Nation-states C. Insiders D. Script kiddies
C. Insiders
What is the largest hindrance to fighting computer crime? A. Computer criminals are generally smarter than computer investigators B. Adequate funding to stay ahead of the computer criminals C. Activity associated with computer crime is truly international D. There are so many more computer criminals than investigators that it is impossible to keep up
C. Activity associated with computer crime is truly international
Computer forensics is the marriage of computer science, information technology, and engineering with … A. Law B. Information Systems C. Analytical thought D. The scientific method
A. Law
What principal allows an investigator to identify aspects of the person responsible for a crime when, whenever committing a crime, the perpetrator leaves residual traces while stealing information? A. Meyer’s principal of legal impunity B. Criminalistic principals C. IOCE/Group of 8 Nations prinicpals for computer forensics D. Locard’s principle of exchange
D. Locard’s principle of exchange
Which of the following is part of the 5 rules of evidence? A. Be authentic, be redundant, and be admissable B. Be complete, be authentic, and be admissable C. Be complete, be redundant, and be authentic D. Be redundant, be admissable, and be complete
B. Be complete, be authentic, and be admissable
What is not mentioned as a phase of an incident report? A. Documentation B. Prosecution C. Containment D. Investigation
B. Prosecution
Which best emphasizes the abstract concept of law and is influenced by the writings of legal scholars and academics? A. Criminal Law B. Civil Law C. Religious Law D. Administrative Law
B. Civil Law
Which type of intellectual property covers the expression of ideas rather than the ideas themselves? A. Trademark B. Patent C. Copyright D. Trade Secret
B. Copyright
Which type of intellectual property protects the goodwill a merchant or vendor invests in its products? A. Trademark B. Patent C. Copyright D. Trade Secret
A. Trademark
Which of the following are computer forensic guidelines? A. IOCE, MOM, SWGDE B. MOM, SWGDE and IOCE C. IOCE, SWGDE amd ACPO D. ACPO, MOM and IOCE
C. IOCE, SWGDE and ACPO
Which of the following are categories of software licensing? A. Freeware, Open Source, and Commercial B. Commercial, Academic, and Open Source C. Academic, Freeware and Open Source D. Freeware, Commercial and Academic
D. Freeware, Commercial, Academic
What are the rights and obligations of individuals and organizations with respect to the collection, use, retaintion, and disclosure of personal information BEST related to? A. Privacy B. Secrecy C. Availability D. Reliability
A. Privacy
Triage encompasses which of the following incident response subphases? A. Collection, transport, testimony B. Tracebacl, feedback, loopback C. Detection, identification, notification D. Confidentiality, itegrity, availabiliyt
C. Detection, identification, notification
The integrity of a forensic bit stream image is determined by: A. Comapring hash totals to the original source B. Keeping good notes C. Taking pictures D. Encrypted keys
A. Comparing hash totals to the original source
When dealing with digital evidence,the crime scene A. Must never be altered B. Must be completely reproducible in a court of law C. Must exist only in one country D. Must have the least amount of contamination that is possible
D. Must have the least amount of contamination as possible
When outsourcing IT systems A. All regulatory and compliance requirements must be passed on to the provider B. the outsourcing organization is free from compliance obligations C. the outsourced IT systems are free from from compliance obligations D. the provider is free from compliance obligations
A. All regulatory and compliance requirements must be passed on to the provider
The (ISC)2 code of ethics resolves conflicts between canons by A. there can never be conflicts between canons B. working through adjudication C. the order of the canons D. vetting all canon conflicts through the coard of directors
C. the order of the canons
When dealing with digital evidence, the crime scene A. Must never be altered B. Must be completely reproducible in a court of law C. Must exist only in one country D. Must have the least amount of contamination that is possible
D. Must have the least amount of contamination as possible
To ensure proper forensics action when needed, - an incident response progam should … A. Avoid conflicts of interests by ensuring organization legal council is not part of the process B. Routinely create forensic images of all desktops and servers C. Only promote dlosed incidents to law enforcement D. Treat every incident a though it may be a crime
D.Treat every incident as though it may be a crime
A hard drive is recovered from a submerged vehicle. The drive is needed for a court case. What is the best approach to pull information off the drive? A. Wait for the drive to dry and then install it is a desktop and attemp to retrieve the information via normal operating system commands B. Place the drive in a forensic oven to dry it and then use a degausser to remove any residual humidity prior to installing the drive in a laptop and using the OS to pull off the information C. While the drive is still wet use a forensic bit to bit copy program to ensure the drive is preserved in its “native” state D. Contact a professional data recovery organization, explain the situation and request they pull a forensic image
D. Contact a professional data recovery organization, explain the situation and request they pull a forensic image
Common Law
Based on legal precedents, past decisions, an societal traditions - judges not actively involved in the determination of facts - common law now relies on statutes and regulations: Crimimal, Tort and Administrative. Criminal - harmful to public; tort - against individual or business (origin - criminal law); administrative - artifact of Anglo-American common law lega system = governance of public bodies - proper scope
Civil Law
Roman Empire, Napolean-Code of France 1804-thought to be a codification of law, reliance on legislation over jurisprudence - this is not accurate in all places. Emphasizes abstract concepts, influenced by writings legal scholars and academics, judges distinct from lawyers and play a more active role.
Customary Law
Reflect’s scoeity’s norms and values
Religious Law
Discover truth of law