CIPPS-ISSMP / Book question Flashcards
Which best fits an organizations mission statement:
A. Are non-technical in nature, so ISSMPs do not have to understand them.
B. Are quickly put together by senior management.
C. Provide everyone in the organization overall direction and focus for their activities.
D. Are very specific and provide specific goals and objectives.
C. Provide everyone in the organization overall direction and focus for their activities.
Which types of organizations need to have a formally documented mission statement?
A. Commerical enterprises
B. Non-Profit organizations.
C. Government agencies
D. All the above.
D. All of the above.
Deploying internet security solutions that are acceptable by clients require knowing the clients?
A. Expections & Location
B. Locatoin & Technical knowledge
C. System Capabilities & expectations
D. Expectations & technical knowledge.
C. System Capabilities and Expectations
All organization security solutions are influenced by the following.
A. Laws, employee culture, profit and competition.
B. Goals, client expectations, regulations and profit.
C. Group and client expectations, competitions and capabilities.
D. Profit, organization objectives, client capabilities and senior management.
C. Group and client expectations, competitions and capabilities.
A systems security solution must be.
A. Cost effective, risk based and acceptable.
B. Risk based, within division budget and restraints.
C. Practical, and 90% effective
D. Acceptable by senior management and provide an ROI (return on investment)
A. Cost effective, risk based and acceptable.
A specific piece of information’s level of classification is dependent on_
A. Need to know.
B. Cost of producing the information.
C. Impact if compromised.
D. Affordability of required security.
C. Impact if compromised.
System secuirty boundary must be determined early based on all BUT the following.
A. Understanding the mission, goals and objectivies.
B. Coordinating the review with end users.
C. Identifing the system components that support each of the business functions.
D. Determining who is operationally and fiscally responsible for the system.
B. Coordinating the review with end users.
Security boundary is important to establishing_
A. who will be doing the certification effort
B. Scoping the security effort.
C. Determining which regulations and laws apply.
D. If a system will need an internet connection or not.
B. Scoping the security effort.
The implementation phase of the system development life cycle includes?
A. Conducting an intial security test
B. Identifing security solutions
C. Determining if the security is acceptable to operate.
D. Defining the system security requirements.
C. Determining if the security is acceptable to operate.
The ISSMP’s job is to provide security support at the end of which phase in the SDLC?
A. Disposition and Disposal
B. Operation and Maintenance
C. Implementation
D. Initiation
A. Disposition and Disposal
Risk Assessments are done in which phase of the SDLC?
A. Intitation
B. Intitation and Implementation
C. Implementation, disposition and disposal
D. Initiation, Implementation, operations and maintenance.
D. Initiation, Implementation, operations and maintenance.
Who sets the information security standards of the public sector?
A. National Security Agency.
B. Internation Organization for Standardization.
C. National Institue of Standard and Technology.
D. International Electrotechnical Commission.
C. National Institue of Standard and Technology.
Families of controls are identified in which of the following documents.
A. NIST Special Pub 8005.3
B. ISO 27002
C. DoDI 8500.2
D. All of the above
D. All of the above
The ISSMP decides between using quantitative and qualitative risk assessments based on?
A. The budget process.
B. Threats
C. Vulnerabilities
D. Management decision process
D. Management decision process
Assurances are those activities that provide management with what about security solutions?
A. Due Diligence
B. Protection
C. Cost effectiveness
D. ROI (return on investment)
A. Due Diligence
Which of the following provides a measure of how well an organziation’s process incluleds the capability to continuously improve its processes.
A. Common criteria evaluation and validation scheme.
B. octave.
C. Software engineering institutes capability maturity model.
D. Commonly accepted security practices and regulations.
C. Software engineering institutes capability maturity model.
Interconnections with other systems outside the system security boundary can have the following effect.
A. Increased dependencies to support the others system security requirements.
B. Requirement to notifiy when security event occurs on your system.
C. Obligations to inform the other system when outages are going to occur.
D. All the above.
D. All the above.
Annal loss expectancy and ROI are expressed in what units?
A. Currency and Percentages.
B. Percentages and Level of Risk.
C. Cost of security and Percentages.
D. Percentages and Savings.
A. Currency and Percentages.
Plan of Actions and Milestones is?
A. A security plan
B. A management tool
C. A list of all system security solutions
D. a checklist of actions for monitoring security during the implementation phase.
B. A management tool
The ideal presentation to senior management and mangers should follow which rules.
A. 20-page justification
B. 5 slides
C. Answer all the questions that the audience should ask.
D. Be presented in 5 minutes.
D. Be presented in 5 minutes.
How does the need for security compare between systems developed for sale or external use and systems developed for inhouse.
A. systems for sale or external use always have more security concerns.
B. Systems developed for inhouse use alawys have more securiyt concerns.
C. System developed inhouse require security efforts on the part of the internal security team, while those developed for external use can have security outsourced.
D. Both systems have security concerns that must be carefully addressed.
D. Both systems have security concerns that must be carefully addressed.
When should a projects security measures be addressed.
A. As close to the start of the project as possible.
B. Only after security issues are exploited.
C. After the initial project design is done.
D. When the functional specifications are being written.
A. As close to the start of the project as possible.
Which of the following pose the greatest risk of perpetrating a catastrophic threat to an organization’s valuable data without expending great resources?
A. Foreign governmnets and their sponsored hackers
B. Employees
C. Activist for hacktivist groups such as anonymous
D. Customers
B. Employees
How does the use of rapid application development (RAD) affect security planning.
A. The compressed time between releases means security planning and concerns must be brought up early and stressed often.
B. The process of reactive development means security is built in automatically.
C. Security issues are more common in RAD projects.
D. Security issues are less common in RAD projects.
A. The compressed time between releases means security planning and concerns must be brought up early and stressed often.
What security risk are associated with the use of prototyping and prototyping tools.
A. Prototypes always allow hackers to understand what a business plans to do for security in its finished product.
B. Prototyping helps ensure security code.
C. Prototyping tools write code with an eye towards that code’s security.
D. Prototypes and prototyping tools tend to generate basic and insecure code that must be carefully reviewed before use in the finished product.
D. Prototypes and prototyping tools tend to generate basic and insecure code that must be carefully reviewed before use in the finished product.
Risk analysis is a method to do what?
A. Find all possible security issues and how to exploit them.
B. Gather data on the cost to mitigate security threats and the possibility of the threat being exploited.
C. Decide how much money to spend on security.
D. Compare risk and rewards of having a security program.
B. Gather data on the cost to mitigate security threats and the possibility of the threat being exploited.
What mitigations should be listed in a risk analysis.
A. Only those of the project itself.
B. Only mitigations that are software or network related.
C. Only those that can be mitigated with security technology.
D. All mitigations that apply to a risk the project has or inherits.
D. All mitigations that apply to a risk the project has or inherits.
How many levels of risk and mitigations must be taken into account during a risk analysis.
A. only the first level of identifying the risk and its immediate mitigations.
B. As many levels as needed to reach a level of mitigations that is no longer feasible.
C. two levels the risk and its mitigations and then the mitigation if that first mitigation fails.
D. the same number of levels as listed for maximum response times in the security plan.
B. As many levels as needed to reach a level of mitigations that is no longer feasible.
Security cost is defined as what when writing a risk analysis.
A. the monetary cost of developing and implementing security measures, including consulting hardware and additional software and development process cost.
B. the productivity losses associated with time lost to implemented arbitrary security measures.
C. Both of the above.
D. None of the above.
C. Both of the above.
Who should review and sign off on security plans.
A. Key players as well as anyone mandated by the enterprise itself.
B. only those people required by the enterprise’s policies.
C. outside consultants only.
D. A third party auditor.
A. Key players as well as anyone mandated by the enterprise itself.
When are security reviews necessary?
A. when legally mandated or required by company policy.
B. It depends on the project.
C. When any changes are made.
D. When a breach occurs.
B. It depends on the project.
What impact can access to a project’s source code have on security?
A. It improves security because more people can look for issues.
B. It has no real effect, there isn’t much intrest in enterprise in-house projects.
C. It can compromise security and access should be limited.
D. The source code cannot impact security only executable code that actually run can impact security.
C. It can compromise security and access should be limited.
Who should have access to a projects bug or defect database?
A. Everyone at the company.
B. Only those who require access to do their jobs.
C. IT should be public.
D. The IT support team.
B. Only those who require access to do their jobs.
Web 2.0 projects often have more security needs in what area.
A. Data encryption, transmission and storage.
B. Server hardening and updating.
C. Both of the above
D. None of the above.
C. Both of the above
What impact does virtualization have on security?
A. Unique risk must be taken into account.
B. No impact- security is treated as if virtualization is not in use.
C. Virtualization reduces security risk.
D. The same issues as those relevant to all of the systems being run on the virtual machine combined.
A. Unique risk must be taken into account.
What is the role of security in the maintenance phase of a project?
A. Security must be maintained by regular code and security reviews by patching and updating software and hardware.
B. Security must be maintained by patching and updating software and hardware by security reviews, but code reviews are no longer necessary.
C. Security must be maintained by regular code and security reviews but patching is irrelevant o this issue.
D. security is no longer needed during th emaintenance phase.
A. Security must be maintained by regular code and security reviews by patching and updating software and hardware.
What is the difference between a public cloud system and a community cloud system.
A. a public cloud involves a third-party providing services to an organization via the internet, a community cloud is a private cloud that is shared between several parties.
B. a public cloud involves a third-party service to an organization via the internet, a community cloud means the organization manages some resources available in house and has other resources provided to it by an external third party.
C. a public cloud involves a third-party providing services to an organization, the internet, community is another word for private.
D. They are the same.
A. a public cloud involves a third-party providing services to an organization via the internet, a community cloud is a private cloud that is shared between several parties.
What types of security testing should be done on the system to ensure that it meets security.
A. Component level security testing is more than able to validate the systems security.
B. Component level, end to end and penetration testing should all be used to validate the systems security.
C. End to end security testing is the best way to validate that the system meets its security bar.
D. Penetration testing is the best way to validate that the system meets it security bar.
B. Component level, end to end and penetration testing should all be used to validate the systems security.
What kind of data should be used in security testing?
A. Mock data that follows real patterns
B. Live data with sensitive information stripped out.
C. Live data in its entirety.
D. Live data with sensitive information stripped out.
A. Mock data that follows real patterns
What benefit does using components of software that is certified or accredited bring to a system’s security.
A. Neither certification nor accreditation never has an effect on the system’s security.
B. In some cases, it can help increase the system’s security level.
C. It negatively affects the system’s security.
D. Certification can help improve security, but accreditation has no impact on security.
B. In some cases, it can help increase the system’s security level.
Cyber vulnerability testing consists of which of the following activities.
A. War driving and war dialing.
B. Network probing and network scanning.
C. Penetration testing.
D. All off the above.
D. All off the above.
What is the intent of metrics?
A. Objective measurement of the enterprise risk posture.
B. Objective evaluation of value to the organization in terms of business need.
C. Determine if operations are preforming within SLAs.
D. Objective measurement of the enterprise security posture.
B. Objective evaluation of value to the organization in terms of business need.
An emerging formal pratice to identify key people, process, technology, and environment that fulfull the mission and then to align security operations wtih these key resources is know as what?
A. Enterprise risk management.
B. Enterprise security management
C. Risk management.
D. Mission assurance.
D. Mission assurance.
Given existence of enterprise security guidance and enterprise employees, business partners, vendors and other covered entities are aware and understand the policies, standards, procedures, and guidelines, there is a need to enforce compliance in daily operations. Enforcement requires?
A. Monitoring for noncompliance.
B. Detecting and responding to noncompliance.
C. Both A & B.
D. None of the above.
C. Both A & B.
Which of the following statements is false about enterprise security standard (ESS)?
A. You can develop on ESS from an industry security standard or form security legislation or both.
B. The structure of the ESS becomes the foundation for the enterprise security framework (ESF).
C. To save money and since ESS is unique to each organization anyways, developing the ESS from staff experience, through somewhat arbitrary is an acceptable practice.
D. The enter security standard (ESS) is a list of all applicable security controls group by families.
C. To save money and since ESS is unique to each organization anyways, developing the ESS from staff experience, through somewhat arbitrary is an acceptable practice.
Which of the following statements is true about incident response.
A. Some potential members of an incident response team are senior management, legal, corporate communications, and operations.
B. Incident response team (IRT) and cyber incident response team (CIRT) are similar phrases for the same organizational function.
C. The new media will print what they want anyways, so it is ok for anyone on the security team to speak to them about security incident details.
D. All cyber incidents are unique and upon detection are immediately escalated to subject matter experts.
A. Some potential members of an incident response team are senior management, legal, corporate communications, and operations.
Which of the following statement is false:
A. In a given environment, people perform processes using technology to produce results.
B. Security is a support structure of safeguards for cost management and never contributes to revenue generation.
C. A key differentiating characteristic of the cyber domain from other domains is physical proximity.
D. The complement to legislative compliance is good business practice.
B. Security is a support structure of safeguards for cost management and never contributes to revenue generation.
What is the purpose of a service level agreement?
A. SLAs are only used as a formal agreement between the enterprise and external service provider to establish services, performance parameters, and finical penalties for performance outside of specified parameters.
B. The SLA records common understanding about services provided and the performance parameters within to provide service.
C. SLA specified performance measures in terms of thresholds in number of transactions per hour, available bandwidth, downtime tolerances.
D. SLA is a formal agreement that specifies pay for performance within operations departments.
B. The SLA records common understanding about services provided and the performance parameters within to provide service.
What is enterprise risk posture?
A. Intentionally assumed position of safeguards throughout the entire origination.
B. The probability of specific eventualities throughout the entire organization.
C. The aggregation of all the safeguards and precauthions that mitigate risk.
D. The formal articulation of an intentionally assumed position on dealing with potential negative impact.
D. The formal articulation of an intentionally assumed position on dealing with potential negative impact.
What is data exfiltration?
A. The unauthorized use of USB drives.
B. The unauthorized transmission of data between departments.
C. The unauthorized transmission of data into the organization from a service provider.
D. The unauthorized transmission of data out of the organization.
D. The unauthorized transmission of data out of the organization
Which of the following groups is not representative of the nine core security principles.
A. Nonrepudiation, possession, utility.
B. Authorized use, privacy, authorized access.
C. Confidentiality, integrity, authenticity.
D. Availability, privacy, utility.
B. Authorized use, privacy, authorized access.
Which of the following is true about security compliance managment program (SCMP)
A. Governance, identifies and enumerate all relevant security compliance requirements, these may include, legislation, regulation, directives, instructions contractual and good business practices.
B. The planning function determines the appropriate steps to take to establish and maintain compliance - the results of planning will include a list of necessary security technology to insert IT operations.
C. Implementation takes the policies, standards, procedures, and guidelines and inserts them into information technology systems. Deployment makes compliance part of daily operations throughout the enterprise.
D. The role of adjudication is to resolve conflicts in the best interest of enterprise senior management and executives.
A. Governance, identifies and enumerate all relevant security compliance requirements, these may include, legislation, regulation, directives, instructions contractual and good business practices.
Which of the following is false about system harding?
A. System hardening is the elimination of know vulnerability exploits, and generally turning off or uninstalling unnecessary functions.
B. Each operating system, each version of the same operating system, and each patch release of the same operating system may have different procedures for hardening the system.
C. Disabling Un-useful services will require OS parameter changes at the kernel or registry level or mods to services that initiate or run at startup.
D. None of the above.
D. None of the above.
What is the difference between legislative managment and litigation management?
A. Litigation management is the use of lobby groups by senior management to establish working relationships with the local judiciary and legislation management is the use of lobby groups with congress to influence the content of security laws.
B. Legislative management attempts to avoid litigation, and litigation management intends to minimize the negative effects on an organization in the event of an incident.
C. Litigation management involves establishing working relationships between senior management and security personnel; and the enterprise legal department and legislative management is the result of this working relationship.
D. Litigation management comes before legislative management.
B. Legislative management attempts to avoid litigation, and litigation management intends to minimize the negative effects on an organization in the event of an incident.
Which of the following is a ture statement about digital policy management (DPM)?
A. A digital policy infrastructure is the collection of policy managers, policy clients, PDPs and PEPs.
B. DPM is the process of creating and disseminating information technology policies.
C. DPM is the automated enforcement of policy on the network.
D. None of the above.
C. DPM is the automated enforcement of policy on the network.
The most dangerous type of malware is?
A. A spear phishing attack because it targets a specific weakness in people.
B. Zero-day exploit because it tries to exploit unknown or undisclosed vulnerabilities.
C. A physical breach because it is the hardest to see coming.
D. Insider threat using a USB thumb sucker attack because of unique knowledge of the enterprise.
B. Zero-day exploit because it tries to exploit unknown or undisclosed vulnerabilities.
Which of the following statements about bots is false.
A. A bot is a type of malware that perform a specific function as directed by the bot herder.
B. A bot is a term for a software robot.
C. Successful penetration of a PC by a bot makes that PC part of a botnet.
D. A bot has limited lifetime, typically less than 60 days, and must perform its nefarious activities before it removes itself from the infected system.
D. A bot has limited lifetime, typically less than 60 days, and must perform its nefarious activities before it removes itself from the infected system.
What is the purpose of security policies.
A. To provide a description of acceptable behaviors within the enterprise.
B. To clearly convey the uses for secuirty services and mechanisms within the enterprise.
C. To exert control over the organization by the security department.
D. To provide a description of acceptable behavior with the intent of minimizing risk to the organization.
D. To provide a description of acceptable behavior with the intent of minimizing risk to the organization.
A Privately held restrauaunt chain in New Jersey is likely thinking about its compliance needs. Which is likely to apply.
A. HIPPA
B. GLB
C. PCI-DSS
D. Sec Rules
C. PCI-DSS
Which one of the following is not a benefit of developing a disaster recovery plan.
A. Reducing distruption to operations.
B. Training personnel to perform alternate roles.
C. Minimizing decision making during a disastrous event.
D. Minimizing legal liability and insurance premiums.
B. Training personnel to perform alternate roles.
A business continuity policy should be reviewed and re-evaluated.
A. Annually in light of managements strategic vision.
B. Bi-annually in preparation for audit review.
C. Whenever critical systems are outsourced.
D. During implementations of system upgrades.
A. Annually in light of managements strategic vision.
Which of the following is a key phase of BC and DR plans?
A. Damage assessment.
B. Personnel evacuation
C. Emergency transportation
D. Emergency response.
D. Emergency response.
The vitally important issue for emergency response is?
A. Calling emergency services.
B. Protecting the corporate image.
C. Accounting for employees.
D. Employee evacuation.
C. Accounting for employees.
Which of the following is not required for understanding the organization. Understanding the organization BLANK?
A. Organizational Chart.
B. Risk appetite.
C. Information technology infrastructure.
D. Core business functions.
A. Organizational Chart
Key milestones in developing the projects plan and governance include all of the below except?
A. Risk analysis.
B. Data gathering.
C. Audit approval.
D. Training, education and awareness.
C. Audit approval
The output of a business impact analysis is.
A. A prioritized list of critical data.
B. A prioritized list of sensitive systems
C. The recommendations for alternate processing
D. The scope of the business continuity plan
A. A prioritized list of critical data
When a critical system cannot function at an acceptable level without input from a system on which it is dependent, which of the following statements is incorrect?
A. The system on which it is dependent is at a higher priority.
B. The system on which it is dependent is at a lower priority.
C. The system on which it is dependent is at the same priority.
D. The critical system feeds a lower priority system.
B. The system on which it is dependent is at a lower priority.
People based threats include?
A. Theft, whitelisting, industrial actions.
B. Industrial actions, blacklisting, pandemics.
C. Pandemics, theft, industrial actions.
D. Pandemics, call forwarding, theft.
C. Pandemics, theft, industrial actions.
Risk Acceptance is usually most appropriate when?
A. Impact is high, and probability is low.
B. Probability is high, and impact is low.
C. Impact is high, and probability is high.
D. Impact is low, and probability is low.
D. Impact is low, and probability is low.
Heat maps reflect the level of risk an activity poses and include all of the below except?
A. A suggested risk appetite boundary
B. Proposed risk countermeasures.
C. Risk zones
D. Color coding
B. Proposed risk countermeasures.
The notification activation phase of the BCP and DRP includes.
A. A Sequence of recovery goals.
B. Activities to notify recovery personnel.
C. The basis for declaring an emergency.
D. The assessment of system damage.
A. A Sequence of recovery goals.
A system information form contains all the of following information except.
A. Recovery priority
B. Maximum outage time
C. Dependencies on other systems
D. Recovery point objective.
D. Recovery point objective.
Documenting recovery procedures is for
A. Implementing recovery strategy.
B. Highlighting points requiring coordination between teams.
C. Outsourcing disaster recovery system development.
D. Providing instructions for the least knowledgeable recovery personnel.
C. Outsourcing disaster recovery system development.
The primary purposes of testing are to
A. Satisfy audit requirements.
B. Check that sources of data are adequate.
C. Raise staff awareness of recovery plans.
D. Prove the ability to recover from disruptions.
A. Satisfy audit requirements.
Plan maintenance should be scheduled
A. After testing to account for hardware and personnel changes.
B. In anticipation of audit activity.
C. When changes are made to protected systems.
D. When changes are made to supported business processes.
B. In anticipation of audit activity.
Communications is a critical activity durning the response and recovery phases of an incident. The communications plan must provide.
A. Alternative types of communications media
B. A list of contacts reachable through a communications tree.
C. Alternative communications service providers
D. Immediate access to mobile devices for key communicators.
C. Alternative communications service providers
An emergency operations center must be provided to centrally manage the incident it should include.
A. A provision for secure and confidential discussions
B. Office space for recovery team leaders
C. Access to all BC and DR Plans
D. Forms of refreshment for EOC personnel
B. Office space for recovery team leaders
Through training plan activities help ensure.
A. All team members understand their responsibilities.
B. All team members understand the roles of others.
C. Team Cooperation
D. Plans are current.
D. Plans are current.
Under the electronic communications privacy act the expression: “Electronic communications” does not incorporate which of the following.
I. Tone only paging devices.
II. Electronic funds transfer information
III. Tracking devices
IV. Wire or oral communications
A. I, II, II and IV
B. I
C. I and II
D. I and III
A. I, II, II and IV
The digital millennium copyright act (DMCA) has specific provisions designed to legislate against and thus aid in preventing what type of action?
A. Circumvention of Tecnologies used to protect copyright work.
B. Creation of malicious code.
C. Digital manipulation or alteration of copyrighted computer code.
D. Digital reproduction of copyrighted documents and artwork.
A. Circumvention of Tecnologies used to protect copyright work.
Which of the following fields of management focuses on establishing and maintaining consistency of a system’s or product’s performance and its functional and physical attributes with its requirements, design, and operational information throughout its life?
A. Configuration management
B. Risk management
C. Procurement management
D. Change management
A. Configuration management
What questions are asked when deciding the outcome of a US federal trademark disputation case? (choose all that apply)
a. When the trademark was created.
B. How distinctive is the mark.
C. Who owns the mark.
D. How unique and recognized is the mark.
C. Who owns the mark.
D. How unique and recognized is the mark.
To sue for copyright infringement in the US what is the first step that a copyright holder must take.
A. No action is necessary as copyright attaches as a right of the author as soon as the work is created.
B. Register a copyright application with the copyright office of the library of congress.
C. Formally publish the work
D. Put the alleged infringer on notice that you intend to bring an action.
B. Register a copyright application with the copyright office of the library of congress.
The judge in a civil court case can issue an order allowing for a civil search of anothers party’s goods and to seize specific evidence. This order is known as a what?
A. Subpoena
B. Doctrine of exigent circumstances
C. Anton Pillar order
D. Search Warrant.
C. Anton Pillar order
Your team has detected that an outside party attempted to do a port scan on a highly sensitive system. According to the US government model, what is the maximum amount of time that should elapse before the relevant information is reported.
A. 1 hour
B. 1 Day
C. 1 Week
D. 1 Month
A. 1 hour
Your company has a policy prohibiting pornography on company equipment, and an employee has become aware of a network user who has an image of a nude child on his computer. When you investigate the matter, you find that the person has several photos of children on a nude beach, but none of them involves sex or focus on the child’s genitalia. Which of the following is true.
A. It is child pornography, and the computer user can be charged with possession of child pornography.
B. It is child pornography, and the computer user can be charged or disciplined.
C. It is not child pornography, and the computer user can be disciplined.
D. It is not child pornography, and the computer user cannot be changed or disciplined.
C. it is not child pornography, and the computer user can be disciplined.
Tracing violations or attempted violations of system security to the user responisble is a function of what?
A. Authentication
B. Access Management
C. Integrity Checking
D. Accountability
D. Accountability
Why is a conflict of interest considered troubling from the standpoint of fraud prevention.
A. A conflict of intrest violates canons of professinal responsibility.
B. A Conflict of interest is obviously unethical and causes waste.
C. A Conflict of interest can be a sign of fraud, if not the source of it.
D. A Conflict of interest violates federal law and is there for illegal.
C. A Conflict of interest can be a sign of fraud, if not the source of it.
The penalties that can be sanctioned to the losing party in a case can include:
A. Probation
B. Community Service
C. Fines
D. Imprisonment
C. Fines
Evidence needs to be one of the following in order to be deemed as admissible in a court of law.
A. Conclusive
B. Incontrovertible
C. Irrefutable
D. Relevant
D. Relevant
RFC 1087 Sets the IAB “Ethics and the Internet” categorization of unethical actions which of the following is not considered as an unethical under the IAB?
A. Downloading pornography
B. Compromising user privacy without authorization
C. Taking resources such as stationary and using equipment for personal use.
D. Seeking to gain unauthroized access to resources.
A. Downloading pornography.
What is evidence gathering technique that occurs when law enforcement officer entices a party into enacting a criminal offense, they may not have otherwise committed with the air of capturing the person in a “Sting operation” is considered legal or illegal.
A. Enticement / legal
B. Coercion / legal
C. Entrapment / illegal
D. Enticement / illegal
C. Entrapment / illegal
