Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

EC CISSP > Domain 9 > Flashcards

Domain 9 Flashcards

1
Q

Which of the following types of information, if compromised, could adversely affect the national interest or the conduct of federal initiatives?

a) Technical information
b) Administrative information
c) Restricted data information
d) Classified information

A

Classified information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Of the following types of law, which type does NOT require law enforcement to take action against an individual?

a) Civil law
b) Regulatory law
c) Administrative law
d) Criminal law

A

Civil law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Using peer-to-peer file sharing software to download copyrighted material without authorization would be a violation of several sections of ISC(2) ‘s Code of Ethics. It would also be a violation of several of the Computer Ethics Institute’s “Commandments. “ Which of these commandments would NOT apply to this situation?

a) Thou shall not snoop around in other people’s computer files.
b) Thou shall not use a computer to steal.
c) Thou shall not copy or use proprietary software for which you have not paid.
d) Thou shall not appropriate other people’s intellectual output.
e) Thou shall use a computer in ways that ensure consideration and respect for your fellow humans.

A

Thou shall not snoop around in other people’s computer files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In our interconnected world, there are five key issues of information ethics: software piracy, data security and privacy, data integrity, human/product safety and fairness/honesty. Who holds the GREATEST role in maintaining ethical responsibility?

a) Vendors, contractors, developers, managers and users all share an equal role.
b) Hardware and software vendors
c) Service contractors
d) System developers and maintainers

A

Vendors, contractors, developers, managers and users all share an equal role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

There are often wide variations and differences in law between countries. Which of the following legal characteristics are shared by Japan, Korea, Thailand and Taiwan in respect to software development?

a) None of these countries address the issue of patents for computer programs.
b) All of these countries specify that both source and object code may be copyrighted.
c) All of these countries have laws providing trade secret protection.
d) None of these countries specify that both source and object code may be copyrighted.
e) None of these countries have laws providing trade secret protection.
f) All of these countries address the issue of patents for computer programs.

A

None of these countries address the issue of patents for computer programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In a global information environment, it is important that we understand that the laws we live by may vary in other markets. Which of the following represents the current status of Brazilian law in respect to protection of proprietary information assets?

a) Computer software may be patented, hardware cannot.
b) Patents are not necessary, as specific “trade secrets” laws provides protection.
* c) Computer hardware may be patented, software cannot.
d) Both computer software and hardware may be patented.
e) Neither computer software nor hardware may be patented.

A

Computer hardware may be patented, software cannot

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following general types of law is also known as “tort” law?

a) Criminal law
b) Regulatory law
c) Administrative law
d) Civil law

A

Civil law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In law, “burden of proof is the level to which the prosecution must “prove” guilt in order to win a conviction. In which type of law is the necessary burden of proof “a preponderance of evidence?”

a) Administrative law
b) Regulatory law
c) Criminal law
d) Civil law

A

Civil law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

All companies and corporations registered with the SEC (Securities and Exchange Commission) are required to institute security programs. Which of the following US regulations codifies this requirement?

a) The Foreign Corrupt Practices Act
b) Computer Security Act of 1987
c) Fair Credit Reporting Act
d) Computer Fraud and Abuse Act

A

The Foreign Corrupt Practices Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Bad news - you have lost a civil case pertaining to your infringement of someone’s copyright and are now awaiting sentencing. In this type of case, which of the following is NOT a possible result of your conviction?

a) You may go to jail.
b) You may have to pay compensatory damages.
c) You may have to pay punitive damages.
d) You may have to pay statutory damages.
e) You may have to pay attorneys fees and court costs.

A

You may go to jail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following is NOT a common difficulty in pursuing and prosecuting computer criminals across international borders?

a) Lack of universal cooperation
b) Differences in interpretation of applicable laws
c) Jail terms
d) Outdated laws against fraud

A

Jail terms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Good news! You have won a civil case against an ex-employee that departed with a large amount of proprietary data from your company upon his departure. This data (which left on a single ZIP disk in the employee’s pocket) related to a new development project you expected to market for approximately $100,000. However, you were unable to quantify to the jury what the intrinsic value of the data itself really is, and no other company has “beaten you to the market. “ What is the most likely amount of compensatory damages the jury will award in this case?

a) $5. 00 - the value of the ZIP disk.
b) $100,000 - your projected value of the project.
c) $1,100,000 - the projected project value and punitive damages.
d) $50,000 - half the amount of your actual loss.

A

$5. 00 - the value of the ZIP disk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following terms describes the right to protect the expression of ideas?

a) Patent
b) Trade secret
c) Copyleft
d) Copyright

A

Copyright

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The minimum and customary practice of responsible protection of information assets is defined by which of the following terms?

a) Due Diligence
b) Due Process
c) Policy Management
d) Due Care

A

Due Care

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is considered to be one of the primary differences in official governmental privacy regulations between the United States and the European Union?

a) The European Union does not have a consistent overall privacy policy.
b) The United States has no privacy policies.
c) The United States does not have a consistent overall privacy policy.
d) The European Union has no privacy policies.
e) European Union privacy policies have no enforcement mechanism.
f) United States privacy policies have no enforcement mechanism.

A

The United States does not have a consistent overall privacy policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Using ISC2’s Code of Ethics as a guideline, which of the following would be an acceptable action?

a) Hire employees from a competitor, who may know development plans.
b) Use information you overheard from a competitor’s conversation at a restaurant.
c) Use competitor product comparison information from magazine reviews for advertising purposes.
d) Obtain a competitor’s mailing list or customer list.

A

Use competitor product comparison information from magazine reviews for advertising purposes

17
Q

What is the first thing an Information Systems Security Manager must understand in order to create an environment that discourages computer abuse and promotes ethical behavior?

a) Motivations for ethical behavior
b) Motivations for unethical behavior
c) How to use system controls to prevent unethical behavior
d) How to use rewards and punishment to control behavior

A

Motivations for unethical behavior

18
Q

What is the official form of protection for a specific physical product?

a) Trademark
b) Trade Secret
c) Copyright
d) Patent

A

Patent

19
Q

What would be the most appropriate protection level granted to proprietary source code?

a) Copyright
b) Trade Secret
c) Patent
d) Trademark

A

Trade Secret

20
Q

What is the first step to be accomplished in a preliminary legal investigation?

a) Gather evidence
b) Determine if a crime has occurred
c) Interview witnesses
d) Inspect damage

A

Determine if a crime has occurred

21
Q

In a computer forensics investigation, what of the following would be the crucial first step to be performed?

a) Authenticate file system
b) Analyze data
c) Disk image backup
d) Search for hidden or encrypted files
e) Perform disk integrity checking

A

Disk image backup

22
Q

What type of evidence is a common exception to the Hearsay Rule?

a) Business records
b) Overheard conversations
c) Best evidence
d) Second hand evidence

A

Business records

23
Q

Which of the following is NOT one of the formal steps in the Evidence Life Cycle?

a) Collection and identification
b) Storage, preservation and transportation
c) Interpretation
d) Presentation in court
e) Return to victim or owner

A

Interpretation

EC CISSP (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions