Compliance

Question 1

Law

Answer 1

Law is a system of rules created by either government or a society, recognized as binding by the group, and enforced by some specific authority

Question 2

Regulation

Answer 2

By contrast, are written rules dealing with specific details of procedures, issued by an executive body and having the force of law.

Question 3

Types of Legal System

Answer 3

Civil (Code ) Law
Common law
Criminal law
Civil/ Tort law
Administrative (Regulatory) law
Customary law
Religious law
Mixed law

Question 4

A Computer Assisted Crime

Answer 4

Is where a computer was used as a tool to help carry out a crime.

Question 5

Computer Targeted Crime

Answer 5

Concerns incidents where a computer was the victim of an attack crafted to harm it (and its owners) specifically

Question 6

Computer is Incidental

Answer 6

Computer is not necessarily the attacker or the target, but just happened to be involved when a crime was carried out.

Question 7

Engaging in Hactivitism

Answer 7

Which is protesting a government’s or organization’s activities by attacking its systems and/or defacing its website

Question 8

Attackers commonly hop through several systems before attacking their victim so that tracking down the attackers will be more difficult. This exemplified by threat actor approach know as _____

Answer 8

Island-hopping attack

Question 9

Island-hopping attack also known as ___

Answer 9

Supply Chain Attack

Question 10

Three Powerful forces converged in the mild to late 1990s to catapult cybercrime, they are:

Answer 10

1. Explosive growth in internet
2. Abundance of computer experts who have lost their livelihood with the end of Soviet Union
3. Increase in Software developers, ignoring security

Question 11

Now a days exploited targets are known as _____

Answer 11

Malicious bots

Question 12

Malicious Bots organized into _______

Answer 12

Botnets

Question 13

Botnets can be used to carry out ________

Answer 13

DDoS attacks, transfer spam or pornography

Question 14

Hackers who do not have the requisite skills to carry out specific attacks without the tools provided on the internet or through friends are known as _____

Answer 14

Script Kiddies

Question 15

HaaS

Answer 15

Hacking as a Service- commercializing the hacking skills

Question 16

Hackers who patiently wait for the right time to attack you is called ______

Answer 16

Advanced Persistent Threat (APT)
This is a military term that has been around for ages.

Question 17

Group of attackers is not in a hurry to launch an attack quickly, but will wait for the most beneficial moment and attack vector to ensure that activities go unnoticed. This referee to as_______

Answer 17

Low-and-Slow attack

Question 18

A handful of users are targeted by two phishing attacks; one user opens zero-day payload

Answer 18

Phishing and Zero-Day payload

Question 19

The user machine is assessed remotely by a specific tool.

Answer 19

Back door

Question 20

The attacker elevates access to important user, service, and admin accounts, and specific systems. ______ Movement

Answer 20

Lateral Movement

Question 21

Data is acquired from target servers and staged for exfiltration

Answer 21

Data Gathering

Question 22

Data is exfiltrated via encrypted files over HTTP to external, compromised machine at a hosting provider

Answer 22

Exfiltrate

Question 23

Common Internet Crime Schemes

Answer 23

• Business e-mail compromise
• Business fraud
• Charity and disaster fraud
• Counterfeit prescription drugs
• Credit card fraud
• Election crimes and security
• Identity Theft
• Illegal Sports Betting
• Nigerian letter or “419”
• Ponzi/ Pyramid
• Ransomware
• Sextortion

Question 24

The First International treaty seeking to address computer crimes

Answer 24

The Council of Europe (CoE) Convention on Cybercrime

Question 25

The Council of Europe (CoE) Convention on Cybercrime also known as ____

Answer 25

The Budapest Convention.
(Creation of a framework for establishing jurisdiction and extradition of accused. This can only take place only if it is crime in both countries)

Question 26

As of ________ (this date) countries around the world (not just in Europe) have signed or ratified the treaty, contributing to the global growth in effective cybercrime legislation that is internationally interoperable.

Answer 26

April 21, 1968

Question 27

According to the United Nations (UN), how many countries in the world now have cybercrime laws.

Answer 27

154 Countries- 79%

Question 28

Some of the U.S. laws are most relevant to data breaches

Answer 28

• California Consumer Privacy Act (CCPA)
• Health Insurance Profitability and Accountability Act (HIPPA)
• Health Information Technology for Economics and Clinical Health (HI-TECH) Act
• Gramm-Leach-Bliley Act of 1999
• Economic Espionage Act of 1996

Question 29

Global organizations that move across borders must be aware of and follow the _______

Answer 29

Organization for Economic Cooperation Development (OECD)

Question 30

The Principle of OECD (8)

Answer 30

• Collection Limitation
• Data Quality
• Purpose Verification
• Use Limitation
• Security Safeguards
• Openness
• Individual Participation
• Accountability

Question 31

The European Union in many cases takes individual privacy much more seriously than most other countries in the world, so in 1995 it enacted _______

Answer 31

Data Protection Directive

Question 32

_______ was adopted by EU in April 2016 and became enforceable in May 2018

Answer 32

The General Data Protection Regulation (GDPR)

Question 33

GDPR is very stringent and violating them exposes an organization to a maximum fine of ______%

Answer 33

4%

Question 34

How many entities GDPR Defines?

Answer 34

Three

Question 35

What are (3) entities in GDPR?

Answer 35

• Data Subject: The individual to whom the data pertains
• Data Controller: Any Organization that collects data on EU residents
• Data Processor: Any Organization that processes data for a data controller

Question 36

To ensure that data is protected, the GDPR requires that most data controllers and data processors formally designate a _______

Answer 36

Data Protection Officer (DPO)

Question 37

DPOs are internal compliance officers that act semi-independently to ensure that their organizations follow the _________

Answer 37

The Letter of Regulation

Question 38

Key provisions of GDPR (5)

Answer 38

• Consent
• Right to be informed
• Right restrict processing
• Right to be forgotten
• Data Breaches

Question 39

According to GDPR; data breaches to be report within ______ hours of ______

Answer 39

72 hours of becoming aware of it.

Question 40

How many countries have no legally mandated notification requirements whatsoever?

Answer 40

UN lists 62 countries

Question 41

Wassenaar Arragement implements export controls for ________

Answer 41

Conventional Arms and Dual-Use Goods and Technologies.

Question 42

Conventional Arms and Dual-Use Goods and Technologies - how many countries lays out rules

Answer 42

42 Countries
Wassenaar arrangements

Question 43

Rules of Export Controls for the following laid up by Wassenaar arrangements. (9) Categories

Answer 43

• Category 1: Special Materials and Related Equipment
• Category 2: Material Processing
• Category 3: Electronics
• Category 4: Computers
• Category 5: Part1: Telecommunications
• Category 5: Part 2: information Security
• Category 6: Sensors and Lasers
• Category 7: Navigation and Avionics
• Category 8: Marine
• Category 9: Aerospace and Propulsion

Question 44

The main goal of Wassenaar Agreement is to _____

Answer 44

Prevent the build up of military capabilities that could threaten regional and international security and stability.

Question 45

In some cases, no products that contain ____________ functions can be exported to specific country.

Answer 45

Cryptographic functions

Question 46

___________ is a movement of machine-readable data across a political boundary such as country’s border.

Answer 46

Transborder data flow (TDF)

Question 47

Transborder Data Flow (TDF) sometimes called _________

Answer 47

Cross-border data flows.

Question 48

Privacy Generic approach is _______ rules that stretch across all industry boundaries.

Answer 48

Horizontal Enactment

Question 49

Regulatory by Industry is _________ Enactment

Answer 49

Vertical Enactment

Question 50

Examples of Intellectual Property (IP) ____

Answer 50

Song Lyrics, Inventions, Logos, and Secret recipes

Question 51

Four types of IP laws

Answer 51

• Trade Secrets
• Copyrights
• Trademarks
• Patents

Question 52

Four important type of IP (Intellectual Property) law

Answer 52

Trade Secrets
Copy Rights
Trademarks
Patents

Question 53

Copyright protection exists for the duration of ______

Answer 53

Life of the creator plus 70 years

Question 54

What does the term “warez” sites means….

Answer 54

Warez is a term that refers to copyrighted works distributed or traded without fees or royalties, in general violation of the copyright law.

Question 55

What is the Protocol warez uses

Answer 55

BitTorrent

Question 56

Patent is the strongest form of Intellectual Property (IP)
Protection. Patent is usually up ______ years from the date of approval

Answer 56

20 Years

Question 57

Another reason for the increase in patent litigation is emergence of nonpraticing entities (NPEs), also known as

Answer 57

Patent troll

Question 58

Four Categories of software licensing

Answer 58

Freeware
Shareware or Trialware
Commercial Software
Academic Software

Question 59

If your company process credit cards, then it has to comply with _________

Answer 59

Payment Card Industry Data Security Standard (PSI DSS)

Question 60

If your Organization is financial institution that is considered part of the critical infrastructure of the United Kingdom, then it has to comply with _______

Answer 60

CBEST Standard

Question 61

If your organization wants to sell cloud services to the U.S. government, it has to be certified by _______

Answer 61

Federal Risk and Authorization Management Program (FedRAMP)

Question 62

Under the GPDR, you’d have 72 hours from the time of discovery, while HIPPA, you could have up to

Answer 62

60 Days

Question 63

Due diligence and Due Care associated with which level of management

Answer 63

Due Diligence: Leaders, laws, and regulations
Due Care: Applicable to everyone, failure to exercise it could be used to show negligence

Question 64

Responsibility generally refers_______

Answer 64

To the obligation and expected actions and behaviour of a particular party.

Question 65

An Obligation may have _____

Answer 65

A defined set of actions that are required, or a more general and open approach, which enables the party to decide how it will fulfill the particular obligation.

Question 66

Accountability refers____

Answer 66

To the ability to hold a party responsible for certain actions or inaction

Question 67

Proximate cause is an__

Answer 67

• Act or omission that naturally and directly produces a consequence.
• It is the superficial or obvious cause for an occurrence.
• it refers to a cause that leads directly, or in an unbroken sequence, to a particular result. It can be seen as an element of negligence in a court of law.

Question 68

Administrative investigation focuses on____

Answer 68

Policy violations
Worse case - someone get fired

Question 69

LEA stands for

Answer 69

Law enforcement agencies

Question 70

Regulatory investigations initiated by ______

Answer 70

Government regulator when there is a reason to believe that the organization is not in compliance

Question 71

Business Software Alliance (BSA) is mainly for

Answer 71

Software and Piracy

Question 72

The Federation Against Software Theft (FAST) and BSA promotes

Answer 72

The enforcement of proprietary rights of software

Question 73

_________ is an act of omission that naturally and directly produces a consequence

Answer 73

Proximate Cause

Question 74

Canadian Law that deals with Protection of person information

Answer 74

Personal Information Protection and Electronic Documents Act

Question 75

Legal System - Rule-Based and not Precedent based

Answer 75

Civil (code) Law