Domain 1

Question 1

Requires federal agencies to take extra security measures to prevent unauthorized access to computers that hold sensitive info.
Requires security awareness training to employees.
Assigns NIST for InfoSec and NSA for Crypto

Answer 1

U.S. Computer Security Act of 1987

Question 2

Prevents unauthorized use or disclosure of information, ensuring that only those who are authorized to access information can do so.

Answer 2

Confidentiality

Question 3

Includes names, addresses, Social Security numbers, contact information, and financial or medical data.

Answer 3

Personally Identifiable Information (PII)

Question 4

Includes all information in PII but also includes a patient’s medical records and healthcare payment history.

Answer 4

Personal Health Information (PHI)

Question 5

Safeguards the accuracy and completeness of information and processing methods.

Answer 5

Integrity

Question 6

Ensures that authorized users have reliable and timely access to information, and associated systems and assets when needed.

Answer 6

Availability

Question 7

General purpose statement that says what the org is, what it does, and why it exists

Answer 7

Mission Statement

Question 8

Conduct that a reasonable person exercises in a given situation, which provides a standard for determining negligence.

Answer 8

Due Care

Question 9

If an organization fails to follow a standard of due care

Answer 9

Culpable Negligence

Question 10

Prudent management and execution of Due Care

Answer 10

Due Diligence

Question 11

Comprised of a set of activities undertaken by an organization in its attempts to abide by applicable laws, regulations, and standards.

Answer 11

Compliance

Question 12

• Classified national defense or foreign relations information
• Records of financial institutions or credit reporting agencies
• Government computers

Answer 12

U.S. Computer Fraud and Abuse Act

Question 13

• Prohibits eavesdropping, interception, or unauthorized monitoring of wire, oral, or electronic communications.
• Provides legal basis for network monitoring

Answer 13

U.S. Electronic Communications Privacy Act (ECPA)

Question 14

• Establish written standards of conduct for organizations, provide relief in sentencing for organizations that have demonstrated due diligence, and place responsibility for due care on Sr. Mgmt.
• Fines up to $290 Million

Answer 14

U.S. Federal Sentencing Guidelines

Question 15

• Combats industrial espionage, particularly when such activity benefits a foreign entity.
• Criminal offense to take, download, receive, or possess trade secret information that has been obtained w/o owner authorization

Answer 15

U.S. Economic Espionage Act

Question 16

Enacted to combat the use of computer technology to produce and distribute pornography involving children, including adults portraying children

Answer 16

U.S. Child Pornography Prevention Act

Question 17

• Authority to intercept wire, oral, & electronic communications relating to computer fraud and abuse offenses
• Authorizes access to Voicemail with search warrant
• Expands list and clarifies scope
• Allows ISP’s to disclose customer information to law enforcement in emergency situations, w/o exposing provider to civil liability suits
• Clarifies LEO authority to trace communications on the Internet and other computer networks

Answer 17

U.S. Patriot Act

Question 18

• Established the Public Company Accounting Oversight Board (PCAOB)
• Established new standards for entities including auditing, governance, and financial disclosures

Answer 18

Sarbanes-Oxley Act (SOX)

Question 19

Extends the Computer Security Act by requiring regular audits of U.S. government information systems and organizations providing information services to the U.S. federal government

Answer 19

U.S. Federal Information Systems Management Act (FISMA)

Question 20

Establishes standards for sending commercial e-mail, charges the U.S. Federal Trade Commission (FTC) with enforcement provisions, and provides penalties that include fines and imprisonment

Answer 20

U.S. Can-SPAM Act

Question 21

Permits U.S.- based organizations to certify themselves as properly handling private data belonging to citizens

Answer 21

Safe Harbor

Question 22

Defines 3 criminal offenses related to computer crime: unauthorized access, unauthorized modification, and hindering authorized access

Answer 22

The Computer Misuse Act

Question 23

Attempts to protect intellectual property rights by using access control technologies to prevent unauthorized copying or distribution of protected digital media

Answer 23

Digital Rights Management (DRM)

Question 24

NIST SP800-53 discusses a set of security controls as what type of security tool?

Answer 24

A baseline

Question 25

How many physical disks are required for RAID 1?

Answer 25

3

Question 26

What are communication systems that rely on start and stop flags or bits to manage data transmission?

Answer 26

Asynchronous

Question 27

Motion detector that uses high microwave frequency signal transmissions to identify potential intruders

Answer 27

Wave Pattern

Question 28

Analysis technique that only reports alerts after they exceed a certain threshold. Specific form of sampling.

Answer 28

Clipping

Question 29

The____layer transmits data as bits.

Answer 29

Physical

Question 30

Known as intelligent fuzzing

Answer 30

Generational Fuzzing

Question 31

Variation in the latency for different packets

Answer 31

Jitter

Question 32

Suite of specifications used to handle vulnerability and security configuration information

Answer 32

(SCAP) Security Content Automation Protocol

Question 33

Types of structural coverage

Answer 33

Statement, branch or decision, loop, path, and data flow