CISSP (Chapter 9 - Legal, Regulations, Investigations, and Compliance) Flashcards

1
Q

Which of the following does the Internet Architecture Board consider unethical?
A. Creating a computer virus
B. Entering information into a web page
C. Performing a penetration test on a host on the Internet
D. Disrupting Internet communications

A

D. The Internet Architecture Board (IAB) is a committee for Internet design, engineering, and management. It considers the use of the Internet to be a privilege that should be treated as such. The IAB considers the following acts unethical and unacceptable behavior:
• Purposely seeking to gain unauthorized access to Internet resources
• Disrupting the intended use of the Internet
• Wasting resources (people, capacity, and computers) through purposeful actions
• Destroying the integrity of computer-based information
• Compromising the privacy of others
• Negligence in the conduct of Internet-wide experiments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
What is the study of computers and surrounding technologies and how they relate to crime?
A. Computer forensics
B. Computer vulnerability analysis
C. Incident handling
D. Computer information criteria
A

A. Computer forensics is a field that specializes in understanding and properly extracting evidence from computers and peripheral devices for the purpose of prosecution. Collecting this type of evidence requires a skill set and understanding of several relative laws

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following does the Internet Architecture Board consider unethical behavior?
A. Internet users who conceal unauthorized accesses
B. Internet users who waste computer resources
C. Internet users who write viruses
D. Internet users who monitor traffic

A

B. This question is similar to Question 1. The IAB has declared wasting computer resources through purposeful activities unethical because it sees these resources as assets that are to be available for the computing society.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

After a computer forensics investigator seizes a computer during a crime investigation, what is the next step?
A. Label and put it into a container, and then label the container.
B. Dust the evidence for fingerprints.
C. Make an image copy of the disks.
D. Lock the evidence in the safe.

A

C. Several steps need to be followed when gathering and extracting evidence from a scene. Once a computer has been confiscated, the first thing the computer forensics team should do is make an image of the hard drive. The team will work from this image instead of the original hard drive so it stays in a pristine state and the evidence on the drive is not accidentally corrupted or modified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A CISSP candidate signs an ethics statement prior to taking the CISSP examination. Which of the following would be a violation of the (ISC)2
Code of Ethics that could cause the candidate to lose his or her certification?
A. E-mailing information or comments about the exam to other CISSP candidates
B. Submitting comments on the questions of the exam to (ISC)2
C. Submitting comments to the board of directors regarding the test and content of the class
D. Conducting a presentation about the CISSP certification and what the certification means

A

A. A CISSP candidate and a CISSP holder should never discuss with others what was on the exam. This degrades the usefulness of the exam to be used as a tool to test someone’s true security knowledge. If this type of activity is uncovered, the person could be stripped of their CISSP certification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If your company gives you a new PC and you find residual information about confidential company issues, what should you do based on the (ISC)2 Code of Ethics?
A. Contact the owner of the file and inform him about it. Copy it to a disk, give it to him, and delete your copy.
B. Delete the document because it was not meant for you.
C. Inform management of your findings so it can make sure this type of thing does not happen again.
D. E-mail it to both the author and management so everyone is aware of what is going on.

A

C. When dealing with the possible compromise of confidential company information or intellectual property, management should be informed and be involved as soon as possible. Management members are the ones who are ultimately responsible for this data and who understand the damage its leakage can cause. An employee should not attempt to address and deal with these issues on his own.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Why is it difficult to investigate computer crime and track down the criminal?
A. Privacy laws are written to protect people from being investigated for these types of crimes.
B. Special equipment and tools are necessary to detect these types of criminals.
C. Criminals can hide their identity and hop from one network to the next.
D. The police have no jurisdiction over the Internet

A

C. Spoofing one’s identity and being able to traverse anonymously through different networks and the Internet increase the complexity and difficulty of tracking down criminals who carry out computer crimes. It is very easy to commit many damaging crimes from across the country or world, and this type of activity can be difficult for law enforcement to track down

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
Protecting evidence and providing accountability for who handled it at different steps during the investigation is referred to as what?
A. The rule of best evidence
B. Hearsay
C. Evidence safety
D. Chain of custody
A

D. Properly following the chain of custody for evidence is crucial for it to be admissible in court. A chain of custody is a history that shows how evidence was collected, analyzed, transported, and preserved in order to establish that it is sufficiently trustworthy to be presented as evidence in court. Because electronic evidence can be easily modified, a clearly defined chain of custody demonstrates that the evidence is trustworthy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
If an investigator needs to communicate with another investigator but does not want the criminal to be able to eavesdrop on this conversation, what type of communication should be used?
A. Digitally signed messages
B. Out-of-band messages
C. Forensics frequency
D. Authentication and access control
A

B. Out-of-band communication means to communicate through some other type of communication channel. For example, if law enforcement agents are investigating a crime on a network, they should not share information through e-mail that passes along this network. The criminal may still have sniffers installed and thus be able to access this data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
Why is it challenging to collect and identify computer evidence to be used in a court of law?
A. The evidence is mostly intangible.
B. The evidence is mostly corrupted.
C. The evidence is mostly encrypted.
D. The evidence is mostly tangible
A

A. The evidence in computer crimes usually comes straight from computers themselves. This means the data are held as electronic voltages, which are represented as binary bits. Some data can be held on hard drives and peripheral devices, and some data may be held in the memory of the system itself. This type of evidence is intangible in that it is not made up of objects one can hold, see, and easily understand. Other types of crimes usually have evidence that is more tangible in nature, and that is easier to handle and control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
The chain of custody of evidence describes who obtained the evidence and \_\_\_\_\_\_\_\_\_\_.
A. Who secured it and stole it
B. Who controlled it and broke it
C. Who secured it and validated it
D. Who controlled it and duplicated it
A

C. The chain of custody outlines a process to ensure that under no circumstance was there a possibility for the evidence to be tampered with. If the chain of custody is broken, there is a high probability that the evidence will not be admissible in court. If it is admitted, it will not carry as much weight

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why is computer-generated documentation usually considered unreliable evidence?
A. It is primary evidence.
B. It is too difficult to detect prior modifications.
C. It is corroborative evidence.
D. It is not covered under criminal law, but it is covered under civil law.

A

B. It can be very difficult to determine if computer-generated material has been modified before it is presented in court. Since this type of evidence can be altered without being detected, the court cannot put a lot of weight on this evidence. Many times, computer-generated evidence is considered hearsay in that there is no firsthand proof backing it up.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
Which of the following is a necessary characteristic of evidence for it to be admissible?
A. It must be real.
B. It must be noteworthy.
C. It must be reliable.
D. It must be important
A

C. For evidence to be admissible, it must be sufficient, reliable, and relevant to the case. For evidence to be reliable, it must be consistent with fact and must not be based on opinion or be circumstantial

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
If a company deliberately planted a flaw in one of its systems in the hope of detecting an attempted penetration and exploitation of this flaw, what would this be called?
A. Incident recovery response
B. Entrapment
C. Illegal
D. Enticement
A

D. Companies need to be very careful about the items they use to entice intruders and attackers, because this may be seen as entrapment by the court. It is best to get the legal department involved before implementing these items. Putting a honeypot in place is usually seen as the use of enticement tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
If an employee is suspected of wrongdoing in a computer crime, what department must be involved?
A. Human resources
B. Legal
C. Audit
D. Payroll
A

A. It is imperative that the company gets human resources involved if an employee is considered a suspect in a computer crime. This department knows the laws and regulations pertaining to employee treatment and can work to protect the employee and the company at the same time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When would an investigator’s notebook be admissible in court?
A. When he uses it to refresh memory
B. When he cannot be present for testimony
C. When requested by the judge to learn the original issues of the investigations
D. When no other physical evidence is available

A

A. Notes that are taken by an investigator will, in most cases, not be admissible in court as evidence. This is not seen as reliable information and can only be used by the investigator to help him remember activities during the investigation.

17
Q
Disks and other media that are copies of the original evidence are
considered what?
A. Primary evidence
B. Reliable and sufficient evidence
C. Hearsay evidence
D. Conclusive evidence
A

C. In most cases, computer-related evidence falls under the hearsay category, because it is seen as copies of the original data that are held in the computer itself and can be modified without any indication. Evidence is considered hearsay when there is no firsthand proof in place to validate it.

18
Q

If a company does not inform employees that they may be monitored and does not have a policy stating how monitoring should take place, what should a company do?
A. Don’t monitor employees in any fashion.
B. Monitor during off-hours and slow times.
C. Obtain a search warrant before monitoring an employee.
D. Monitor anyway—they are covered by two laws allowing them to do this.

A

A. Before a company can monitor its employees, it is supposed to inform them that this type of activity can take place. If a company monitors an employee without telling him, this could be seen as an invasion of privacy. The employee had an expected level of privacy that was invaded. The company should implement monitoring capabilities into its security policy and employee security-awareness programs

19
Q

What is one reason why successfully prosecuting computer crimes is so challenging?
A. There is no way to capture electrical data reliably.
B. The evidence in computer cases does not follow best evidence directives.
C. These crimes do not always fall into the traditional criminal activity categories.
D. Wiretapping is hard to do legally.

A

C. We have an infrastructure set up to investigate and prosecute crimes: law enforcement, laws, lawyers, courts, juries, judges, and so on. This infrastructure has a long history of prosecuting “traditional” crimes. Only in the last ten years or so have computer crimes been prosecuted more regularly; thus, these types of crimes are not fully rooted in the legal system with all of the necessary and useful precedents.

20
Q

When can executives be charged with negligence?
A. If they follow the transborder laws
B. If they do not properly report and prosecute attackers
C. If they properly inform users that they may be monitored
D. If they do not practice due care when protecting resources

A

D. Executives are held to a certain standard and are expected to act responsibly when running and protecting a company. These standards and expectations equate to the due care concept under the law. Due care means to carry out activities that a reasonable person would be expected to carry out in the same situation. If an executive acts irresponsibly in any way, she can be seen as not practicing due care and be held negligent.

21
Q

To better deal with computer crime, several legislative bodies have taken what steps in their strategy?
A. Expanded several privacy laws
B. Broadened the definition of property to include data
C. Required corporations to have computer crime insurance
D. Redefined transborder issues

A

B. Many times, what is corrupted, compromised, or taken from a computer is data, so current laws have been updated to include the protection of intangible assets, as in data. Over the years, data and information have become many companies’ most valuable asset, which must be protected by the laws.

22
Q

Many privacy laws dictate which of the following rules?
A. Individuals have a right to remove any data they do not want others to know.
B. Agencies do not need to ensure that the data are accurate.
C. Agencies need to allow all government agencies access to the data.
D. Agencies cannot use collected data for a purpose different from what they were collected for.

A

D. The Federal Privacy Act of 1974 and the European Union Principles on Privacy were created to protect citizens from government agencies that collect personal data. These acts have many stipulations, including that the information can only be used for the reason for which it was collected

23
Q

Which of the following is not true about dumpster diving?
A. It is legal.
B. It is illegal.
C. It is a breach of physical security.
D. It is gathering data from places people would not expect to be raided

A

B. Dumpster diving is the act of going through someone’s trash with the hope of uncovering useful information. Dumpster diving is legal if it does not involve trespassing, but it is unethical.

24
Q

Ron is a new security manager and needs to help ensure that his company can easily work with international entities in the case of cybercrime activities. His company is expanding their offerings to include cloud computing to their customers, which are from all over the world. Ron knows that several of their partners work in Europe, who would like to take advantage of his company’s cloud computing offerings.

Which of the following should Ron ensure that his company’s legal team is aware of pertaining to cybercrime issues?
A. Business exemption rule of evidence
B. Council of Europe (CoE) Convention on Cybercrime
C. Digital Millennium Copyright Act
D. Personal Information Protection and Electronic Documents Act

A

B. Council of Europe (CoE) Convention on Cybercrime is the first international treaty seeking to address computer crimes by coordinating national laws and improving investigative techniques and international cooperation.

25
Q

Ron is a new security manager and needs to help ensure that his company can easily work with international entities in the case of cybercrime activities. His company is expanding their offerings to include cloud computing to their customers, which are from all over the world. Ron knows that several of their partners work in Europe, who would like to take advantage of his company’s cloud computing offerings.

Ron needs to make sure the executives of his company are aware of issues pertaining to transmitting privacy data over international boundaries. Which of the following should Ron be prepared to brief his bosses on pertaining to this issue?
A. OECD Guidelines
B. Exigent circumstances
C. Australian Computer Emergency Response Team’s General Guidelines
D. International Organization on Computer Evidence

A

A. Global organizations that move data across other countries’ boundaries must be aware of and follow the Organisation for Economic Co-operation and Development (OECD) Guidelines, which deal with the protection of privacy and transborder flows of personal data

26
Q

Ron is a new security manager and needs to help ensure that his company can easily work with international entities in the case of cybercrime activities. His company is expanding their offerings to include cloud computing to their customers, which are from all over the world. Ron knows that several of their partners work in Europe, who would like to take advantage of his company’s cloud computing offerings.

What does Ron need to ensure that the company follows to allow its European partners to use its clouding computing offering?
A. Personal Information Protection and Electronic Documents Act
B. Business exemption rule of evidence
C. International Organization on Computer Evidence
D. Safe Harbor requirements

A

D. If a non-European organization wants to do business with a European entity, it will need to adhere to the Safe Harbor requirements if certain types of data will be passed back and forth during business processes.

27
Q

Jan’s company develops software that provides cryptographic functionality. The software products provide functionality that allows companies to be compliant with its privacy regulations and laws.

Which of the following issues does Jan’s team need to be aware of as it pertains to selling its products to companies that reside in different parts
of the world?
A. Convergent technologies advancements
B. Wassenaar Arrangement
C. Digital Millennium Copyright Act
D. Trademark laws
A

B. Wassenaar Arrangement implements export controls for “Conventional Arms and Dual-Use Goods and Technologies.” The main goal of this arrangement is to prevent the buildup of military capabilities that could threaten regional and international security and stability. Cryptography is a technology that is considered a dual-use good under these export rules.

28
Q

Jan’s company develops software that provides cryptographic functionality. The software products provide functionality that allows companies to be compliant with its privacy regulations and laws.

Which of the following groups should Jan suggest that her company join for software piracy issues?
A. Software Protection Association
B. Federation Against Software Theft
C. Business Software Association
D. Piracy International Group
A

A. Software Protection Association (SPA) has been formed by major companies to enforce proprietary rights of software. The association was created to protect the founding companies’ software developments, but it also helps others ensure that their software is properly licensed. These are huge issues for companies that develop and produce software, because a majority of their revenue comes from licensing fees.

29
Q

Jan’s company develops software that provides cryptographic functionality. The software products provide functionality that allows companies to be compliant with its privacy regulations and laws.

Which of the following is the most important functionality the software should provide to meet its customers’ needs?
A. Provide Safe Harbor protection
B. Protect personally identifiable information
C. Provide transborder flow protection
D. Provide live forensics capabilities

A

B. Personally identifiable information (PII) is data that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual. This type of data commonly falls under privacy laws and regulation protection requirements

30
Q

Which of the following has an incorrect definition mapping?

i. Best evidence is the primary evidence used in a trial because it provides the most reliability.
ii. Secondary evidence is not viewed as reliable and strong in proving innocence or guilt (or liability in civil cases) when compared to best evidence.
iii. Conclusive evidence is refutable and cannot be contradicted.
iv. Circumstantial evidence can prove an intermediate fact that can then be used to deduce or assume the existence of another fact.
v. Hearsay evidence pertains to oral or written evidence presented in court that is secondhand and has no firsthand proof of accuracy or reliability.

A. i
B. ii
C. iii
D. v

A

C. The following has the proper definition mappings:

i. Best evidence is the primary evidence used in a trial because it provides the most reliability.
ii. Secondary evidence is not viewed as reliable and strong in proving innocence or guilt (or liability in civil cases) when compared to best evidence.
iii. Conclusive evidence is irrefutable and cannot be contradicted.
iv. Circumstantial evidence can prove an intermediate fact that can then be used to deduce or assume the existence of another fact.
v. Hearsay evidence pertains to oral or written evidence presented in court that is secondhand and has no firsthand proof of accuracy or reliability.

31
Q

Which of the following has an incorrect definition mapping?

i. Civil (code) law - Based on previous interpretations of laws
ii. Common law - Rule-based law, not precedence-based
iii. Customary law - Deals mainly with personal conduct and patterns of behavior
iv. Religious law - Based on religious beliefs of the region

A. i, iii
B. i, ii, iii
C. i, ii
D. iv

A

C. The following has the proper definition mappings:

i. Civil (code) law Civil law is rule-based law, not precedence-based
ii. Common law Based on previous interpretations of laws
iii. Customary law Deals mainly with personal conduct and patterns of behavior
iv. Religious law Based on religious beliefs of the region