CISSP: Legal, Regulations, Investigations, and Compliance Flashcards
- Possible damages in a civil case are classified as all the following except
A. Compensatory
B. Punitive
C. Statutory
D. Financial
D. Financial
Although damages in a civil case are of a financial nature, they are classified as compensatory, punitive, and statutory. Review “Civil penalties.”
- Penalties for conviction in a civil case can include
A. Imprisonment
B. Probation
C. Fines
D. Community service
C. Fines
Fines are the only penalty a jury can award in a civil case. The purpose of a fine is financial restitution to the victim. Review “Civil penalties.”
- Computer attacks motivated by curiosity or excitement describe
A. “Fun” attacks
B. Grudge attacks
C. Business attacks
D. Financial attacks
A. “Fun” attacks
Grudge attacks are motivated by revenge. Business attacks may be motivated by a number of factors, including competitive intelligence. Financial attacks are motivated by greed. Review “Major Categories of Computer Crime.”
- Intellectual property includes all the following except
A. Patents and trademarks
B. Trade secrets
C. Copyrights
D. Computers
D. Computers
Patents and trademarks, trade secrets, and copyrights are all considered intellectual property and are protected by intellectual property rights. Computers are considered physical property. Review “Intellectual property.”
- Under the Computer Fraud and Abuse Act of 1986 (as amended), which of the following is not considered a crime?
A. Unauthorized access
B. Altering, damaging, or destroying information
C. Trafficking child pornography
D. Trafficking computer passwords
C. Trafficking child pornography
The Child Pornography Prevention Act (CPPA) of 1996 addresses child pornography. Review “U.S. Child Pornography Prevention Act of 1996.”
- Which of the following is not considered one of the four major categories of evidence?
A. Circumstantial evidence
B. Direct evidence
C. Demonstrative evidence
D. Real evidence
A. Circumstantial evidence
Circumstantial evidence is a type of evidence, but it’s not considered one of the four main categories of evidence. In fact, circumstantial evidence may include circumstantial, direct, or demonstrative evidence. Review “Types of evidence.”
- In order to be admissible in a court of law, evidence must be
A. Conclusive
B. Relevant
C. Incontrovertible
D. Immaterial
B. Relevant
The tests for admissibility of evidence include relevance, reliability, and legal permissibility. Review “Admissibility of evidence.”
- What term describes the evidence-gathering technique of luring an individual toward certain evidence after that individual has already committed a crime; is this considered legal or illegal?
A. Enticement/Legal
B. Coercion/Illegal
C. Entrapment/Illegal
D. Enticement/Illegal
A. Enticement/Legal
Entrapment is the act of encouraging someone to commit a crime that the individual may have had no intention of committing. Coercion involves forcing or intimidating someone to testify or confess. Enticement does raise certain ethical arguments but isn’t normally illegal. Review “Admissibility of evidence.”
- In a civil case, the court may issue an order allowing a law enforcement official to seize specific evidence. This order is known as a(n)
A. Subpoena
B. Exigent circumstances doctrine
C. Writ of Possession
D. Search warrant
C. Writ of Possession
A subpoena requires the owner to deliver evidence to the court. The exigent circumstances doctrine provides an exception to search-and-seizure rules for law enforcement officials in emergency or dangerous situations. A search warrant is issued in criminal cases. Review “Collection and identification.”
- When should management be notified of a computer crime?
A. After the investigation has been completed
B. After the preliminary investigation
C. Prior to detection
D. As soon as it has been detected
D. As soon as it has been detected
Management should be informed of a computer crime as soon as it has been detected. Management needs to be aware of , and support, investigations and other activities that follow the detection of the crime.
Which relatively new type of attack is sophisticated, targeted, slow, and stealthy?
a. Dumpster diving
b. A worm infection of email servers
c. Advanced persistent threat (ATP)
d. A virus infection distributed in a file system utility download
C. The APT uses many tools and techniques over a long period to compromise a specific target covertly.
Which of the following is used during forensic analysis to help establish a timeline of a computer crime?
a. MAC times
b. Chain of custody
c. Codified laws
d. Trans-border information flow
A. The modify, access, create times recorded by most file systems are often used by forensic investigators to establish a timeline that supports the claim of a criminal act.
Which of the following is an example of self-regulation?
a. Sarbanes-Oxley (SOX)
b. Gramm-Leach-Bliley Act (GLBA)
c. Payment Card Industry Data Security Standard (PCI-DSS)
d. Third-party governance
C. PCI-DSS is an industry regulation developed and enforced by the payment card industry, an example of an industry regulating itself.
A computer that is attacked and compromised and then used to attack deeper into a network, where valuable assets are stored, became involved in the computer crime in which manner?
a. As an advanced persistent threat (APT)
b. As a target
c. As a support system used during a computer crime
d. As a clone system
B. The computer first was attacked. This makes it the target of that first attack and compromise.
Which phase of incident response involves taking specific actions to reduce or stop the losses of an active breach of security?
a. Triage
b. Containment
c. Prevention
d. Recovery
B. Containment is action taken to mitigate or stop the losses occurring from an active breach.
