CISSP Sybex Official Study Guide Chapter 4 Review Questions Flashcards

1
Q

Which criminal law was the first to implement penalties for the creators of viruses, worms, and other types of malicious code that cause harm to computer systems?

A. Computer Security Act
B. National Infrastructure Protection Act
C. Computer Fraud and Abuse Act
D. Electronic Communications Privacy Act

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 154). Wiley. Kindle Edition.

A

C. Computer Fraud and Abuse Act

Explanation:
The Computer Fraud and Abuse Act, as amended, provides criminal and civil penalties for individuals convicted of using viruses, worms, Trojan horses, and other types of malicious code to cause damage to computer systems.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 954). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which law governs information security operations at federal agencies?

A. FISMA
B. FERPA
C. CFAA
D. ECPA

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 154). Wiley. Kindle Edition.

A

A. FISMA

Explanation:
A. The Federal Information Security Management Act (FISMA) includes provisions regulating information security at federal agencies. It places authority for classified systems in the hands of the National Security Agency (NSA) and authority for all other systems with the National Institute for Standards and Technology (NIST).

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 954). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 954). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What type of law does not require an act of Congress to implement at the federal level but rather is enacted by the executive branch in the form of regulations, policies, and procedures?

A. Criminal law
B. Common law
C. Civil law
D. Administrative law

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 154). Wiley. Kindle Edition.

A

D. Administrative law

Explanation:
Administrative laws do not require an act of the legislative branch to implement at the federal level. Administrative laws consist of the policies, procedures, and regulations promulgated by agencies of the executive branch of government. Although they do not require an act of Congress, these laws are subject to judicial review and must comply with criminal and civil laws enacted by the legislative branch.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 954). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which federal government agency has responsibility for ensuring the security of government computer systems that are not used to process sensitive and/or classified information?

A. National Security Agency
B. Federal Bureau of Investigation
C. National Institute of Standards and Technology
D. Secret Service

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 154). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 154). Wiley. Kindle Edition.

A

C. National Institute of Standards and Technology

Explanation:
The National Institute of Standards and Technology (NIST) is charged with the security management of all federal government computer systems that are not used to process sensitive national security information. The National Security Agency (part of the Department of Defense) is responsible for managing systems that do process classified and/or sensitive information.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 954). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 954). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the broadest category of computer systems protected by the Computer Fraud and Abuse Act, as amended?

A. Government-owned systems
B. Federal interest systems
C. Systems used in interstate commerce
D. Systems located in the United States

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 154). Wiley. Kindle Edition.

A

C. Systems used in interstate commerce

Explanation:
The original Computer Fraud and Abuse Act of 1984 covered only systems used by the government and financial institutions. The act was broadened in 1986 to include all federal interest systems. The Computer Abuse Amendments Act of 1994 further amended the CFAA to cover all systems that are used in interstate commerce, including a large portion (but not all) of the computer systems in the United States.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 955). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What law protects the right of citizens to privacy by placing restrictions on the authority granted to government agencies to search private residences and facilities?

A. Privacy Act
B. Fourth Amendment
C. Second Amendment
D. Gramm-Leach-Bliley Act

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (pp. 154-155). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 154). Wiley. Kindle Edition.

A

B. Fourth Amendment

Explanation:
B. The Fourth Amendment to the U.S. Constitution sets the “probable cause” standard that law enforcement officers must follow when conducting searches and/or seizures of private property. It also states that those officers must obtain a warrant before gaining involuntary access to such property.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 955). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 955). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Matthew recently authored an innovative algorithm for solving a mathematical problem, and he wants to share it with the world. However, prior to publishing the software code in a technical journal, he wants to obtain some sort of intellectual property protection. Which type of protection is best suited to his needs?

A. Copyright
B. Trademark
C. Patent
D. Trade secret

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 155). Wiley. Kindle Edition.

A

A. Copyright

Explanation:
Copyright law is the only type of intellectual property protection available to Matthew. It covers only the specific software code that Matthew used. It does not cover the process or ideas behind the software. Trademark protection is not appropriate for this type of situation. Patent protection does not apply to mathematical algorithms. Matthew can’t seek trade secret protection because he plans to publish the algorithm in a public technical journal.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 955). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Mary is the cofounder of Acme Widgets, a manufacturing firm. Together with her partner, Joe, she has developed a special oil that will dramatically improve the widget manufacturing process. To keep the formula secret, Mary and Joe plan to make large quantities of the oil by themselves in the plant after the other workers have left. They want to protect this formula for as long as possible. What type of intellectual property protection best suits their needs?

A. Copyright
B. Trademark
C. Patent
D. Trade secret

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 155). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 155). Wiley. Kindle Edition.

A

D. Trade secret

Explanation:
Mary and Joe should treat their oil formula as a trade secret. As long as they do not publicly disclose the formula, they can keep it a company secret indefinitely.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 955). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Richard recently developed a great name for a new product that he plans to begin using immediately. He spoke with his attorney and filed the appropriate application to protect his product name but has not yet received a response from the government regarding his application. He wants to begin using the name immediately. What symbol should he use next to the name to indicate its protected status?

A. ©
B. ®
C. ™
D. †

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 155). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 155). Wiley. Kindle Edition.

A

C. ™

Explanation:
Richard’s product name should be protected under trademark law. Until his registration is granted, he can use the ™ symbol next to it to inform others that it is protected under trademark law. Once his application is approved, the name becomes a registered trademark, and Richard can begin using the ® symbol.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 955). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What law prevents government agencies from disclosing personal information that an individual supplies to the government under protected circumstances?

A. Privacy Act
B. Electronic Communications Privacy Act
C. Health Insurance Portability and Accountability Act
D. Gramm-Leach-Bliley Act

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 155). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 155). Wiley. Kindle Edition.

A

A. Privacy Act

Explanation:
The Privacy Act of 1974 limits the ways government agencies may use information that private citizens disclose to them under certain circumstances.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 955). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What framework allows U.S. companies to certify compliance with EU privacy laws?

A. COBiT
B. Privacy Shield
C. Privacy Lock
D. EuroLock

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 155). Wiley. Kindle Edition.

A

B. Privacy Shield

Explanation:
The Privacy Shield framework, governed by the U.S. Department of Commerce and Federal Trade Commission, allows U.S. companies to certify compliance with EU data protection law.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 955). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The Children’s Online Privacy Protection Act (COPPA) was designed to protect the privacy of children using the internet. What is the minimum age a child must be before companies can collect personal identifying information from them without parental consent?

A. 13
B. 14
C. 15
D. 16

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 156). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 156). Wiley. Kindle Edition.

A

A. 13

Explanation:
The Children’s Online Privacy Protection Act (COPPA) provides severe penalties for companies that collect information from young children without parental consent. COPPA states that this consent must be obtained from the parents of children younger than the age of 13 before any information is collected (other than basic information required to obtain that consent).

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 955). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which one of the following is not a requirement that Internet service providers must satisfy in order to gain protection under the “transitory activities” clause of the Digital Millennium Copyright Act?

A. The service provider and the originator of the message must be located in different states.
B. The transmission, routing, provision of connections, or copying must be carried out by an automated technical process without selection of material by the service provider.
C. Any intermediate copies must not ordinarily be accessible to anyone other than anticipated recipients and must not be retained for longer than reasonably necessary.
D. The transmission must be originated by a person other than the provider.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 156). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 156). Wiley. Kindle Edition.

A

A. The service provider and the originator of the message must be located in different states.

Explanation:
A. The Digital Millennium Copyright Act does not include any geographical location requirements for protection under the “transitory activities” exemption. The other options are three of the five mandatory requirements. The other two requirements are that the service provider must not determine the recipients of the material and the material must be transmitted with no modification to its content.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 955). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which one of the following laws is not designed to protect the privacy rights of consumers and internet users?

A. Health Insurance Portability and Accountability Act
B. Identity Theft Assumption and Deterrence Act
C. USA PATRIOT Act
D. Gramm-Leach-Bliley Act

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 156). Wiley. Kindle Edition.

A

C. USA PATRIOT Act

Explanation:
The USA PATRIOT Act was adopted in the wake of the September 11, 2001, terrorist attacks. It broadens the powers of the government to monitor communications between private citizens and therefore actually weakens the privacy rights of consumers and internet users. The other laws mentioned all contain provisions designed to enhance individual privacy rights.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 955). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which one of the following types of licensing agreements does not require that the user acknowledge that they have read the agreement prior to executing it?

A. Standard license agreement
B. Shrink-wrap agreement
C. Click-wrap agreement
D. Verbal agreement

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 156). Wiley. Kindle Edition.

A

B. Shrink-wrap agreement

Explanation:
Shrink-wrap license agreements become effective when the user opens a software package. Click-wrap agreements require the user to click a button during the installation process to accept the terms of the license agreement. Standard license agreements require that the user sign a written agreement prior to using the software. Verbal agreements are not normally used for software licensing but also require some active degree of participation by the software user.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 956). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 956). Wiley. Kindle Edition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What industry is most directly impacted by the provisions of the Gramm-Leach-Bliley Act?

A. Healthcare
B. Banking
C. Law enforcement
D. Defense contractors

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 156). Wiley. Kindle Edition.

A

B. Banking

Explanation:
The Gramm-Leach-Bliley Act provides, among other things, regulations regarding the way financial institutions can handle private information belonging to their customers.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 956). Wiley. Kindle Edition.

17
Q

What is the standard duration of patent protection in the United States?

A. 14 years from the application date
B. 14 years from the date the patent is granted
C. 20 years from the application date
D. 20 years from the date the patent is granted

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (pp. 156-157). Wiley. Kindle Edition.

A

C. 20 years from the application date

Explanation:
U.S. patent law provides for an exclusivity period of 20 years beginning at the time the patent application is submitted to the Patent and Trademark Office.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 956). Wiley. Kindle Edition.

18
Q

Which one of the following is the comprehensive EU law that governs data privacy that was passed in 2016 and goes into effect in 2018?

A. DPD
B. GLBA
C. GDPR
D. SOX

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 157). Wiley. Kindle Edition.

A

C. GDPR

Explanation:
The General Data Protection Regulation (GDPR) is a comprehensive data privacy law that protects personal information of EU residents worldwide. The law is scheduled to go into effect in 2018.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 956). Wiley. Kindle Edition.

19
Q

What compliance obligation relates to the processing of credit card information?

A. SOX
B. HIPAA
C. PCI DSS
D. FERPA

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 157). Wiley. Kindle Edition.

A

C. PCI DSS

Explanation:
The Payment Card Industry Data Security Standard (PCI DSS) applies to organizations involved in storing, transmitting, and processing credit card information.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 956). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 956). Wiley. Kindle Edition.

20
Q

What act updated the privacy and security requirements of the Health Insurance Portability and Accountability Act (HIPAA)?

A. HITECH
B. CALEA
C. CFAA
D. CCCA

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 157). Wiley. Kindle Edition.

A

A. HITECH

Explanation:
The Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009 amended the privacy and security requirements of HIPAA.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 956). Wiley. Kindle Edition.

Chapple, Mike; Stewart, James Michael; Gibson, Darril. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide (p. 954). Wiley. Kindle Edition.