Domain 9 Flashcards
Which of the following types of information, if compromised, could adversely affect the national interest or the conduct of federal initiatives?
a) Technical information
b) Administrative information
c) Restricted data information
d) Classified information
Classified information
Of the following types of law, which type does NOT require law enforcement to take action against an individual?
a) Civil law
b) Regulatory law
c) Administrative law
d) Criminal law
Civil law
Using peer-to-peer file sharing software to download copyrighted material without authorization would be a violation of several sections of ISC(2) ‘s Code of Ethics. It would also be a violation of several of the Computer Ethics Institute’s “Commandments. “ Which of these commandments would NOT apply to this situation?
a) Thou shall not snoop around in other people’s computer files.
b) Thou shall not use a computer to steal.
c) Thou shall not copy or use proprietary software for which you have not paid.
d) Thou shall not appropriate other people’s intellectual output.
e) Thou shall use a computer in ways that ensure consideration and respect for your fellow humans.
Thou shall not snoop around in other people’s computer files
In our interconnected world, there are five key issues of information ethics: software piracy, data security and privacy, data integrity, human/product safety and fairness/honesty. Who holds the GREATEST role in maintaining ethical responsibility?
a) Vendors, contractors, developers, managers and users all share an equal role.
b) Hardware and software vendors
c) Service contractors
d) System developers and maintainers
Vendors, contractors, developers, managers and users all share an equal role
There are often wide variations and differences in law between countries. Which of the following legal characteristics are shared by Japan, Korea, Thailand and Taiwan in respect to software development?
a) None of these countries address the issue of patents for computer programs.
b) All of these countries specify that both source and object code may be copyrighted.
c) All of these countries have laws providing trade secret protection.
d) None of these countries specify that both source and object code may be copyrighted.
e) None of these countries have laws providing trade secret protection.
f) All of these countries address the issue of patents for computer programs.
None of these countries address the issue of patents for computer programs
In a global information environment, it is important that we understand that the laws we live by may vary in other markets. Which of the following represents the current status of Brazilian law in respect to protection of proprietary information assets?
a) Computer software may be patented, hardware cannot.
b) Patents are not necessary, as specific “trade secrets” laws provides protection.
* c) Computer hardware may be patented, software cannot.
d) Both computer software and hardware may be patented.
e) Neither computer software nor hardware may be patented.
Computer hardware may be patented, software cannot
Which of the following general types of law is also known as “tort” law?
a) Criminal law
b) Regulatory law
c) Administrative law
d) Civil law
Civil law
In law, “burden of proof is the level to which the prosecution must “prove” guilt in order to win a conviction. In which type of law is the necessary burden of proof “a preponderance of evidence?”
a) Administrative law
b) Regulatory law
c) Criminal law
d) Civil law
Civil law
All companies and corporations registered with the SEC (Securities and Exchange Commission) are required to institute security programs. Which of the following US regulations codifies this requirement?
a) The Foreign Corrupt Practices Act
b) Computer Security Act of 1987
c) Fair Credit Reporting Act
d) Computer Fraud and Abuse Act
The Foreign Corrupt Practices Act
Bad news - you have lost a civil case pertaining to your infringement of someone’s copyright and are now awaiting sentencing. In this type of case, which of the following is NOT a possible result of your conviction?
a) You may go to jail.
b) You may have to pay compensatory damages.
c) You may have to pay punitive damages.
d) You may have to pay statutory damages.
e) You may have to pay attorneys fees and court costs.
You may go to jail
Which of the following is NOT a common difficulty in pursuing and prosecuting computer criminals across international borders?
a) Lack of universal cooperation
b) Differences in interpretation of applicable laws
c) Jail terms
d) Outdated laws against fraud
Jail terms
Good news! You have won a civil case against an ex-employee that departed with a large amount of proprietary data from your company upon his departure. This data (which left on a single ZIP disk in the employee’s pocket) related to a new development project you expected to market for approximately $100,000. However, you were unable to quantify to the jury what the intrinsic value of the data itself really is, and no other company has “beaten you to the market. “ What is the most likely amount of compensatory damages the jury will award in this case?
a) $5. 00 - the value of the ZIP disk.
b) $100,000 - your projected value of the project.
c) $1,100,000 - the projected project value and punitive damages.
d) $50,000 - half the amount of your actual loss.
$5. 00 - the value of the ZIP disk
Which of the following terms describes the right to protect the expression of ideas?
a) Patent
b) Trade secret
c) Copyleft
d) Copyright
Copyright
The minimum and customary practice of responsible protection of information assets is defined by which of the following terms?
a) Due Diligence
b) Due Process
c) Policy Management
d) Due Care
Due Care
Which of the following is considered to be one of the primary differences in official governmental privacy regulations between the United States and the European Union?
a) The European Union does not have a consistent overall privacy policy.
b) The United States has no privacy policies.
c) The United States does not have a consistent overall privacy policy.
d) The European Union has no privacy policies.
e) European Union privacy policies have no enforcement mechanism.
f) United States privacy policies have no enforcement mechanism.
The United States does not have a consistent overall privacy policy
Using ISC2’s Code of Ethics as a guideline, which of the following would be an acceptable action?
a) Hire employees from a competitor, who may know development plans.
b) Use information you overheard from a competitor’s conversation at a restaurant.
c) Use competitor product comparison information from magazine reviews for advertising purposes.
d) Obtain a competitor’s mailing list or customer list.
Use competitor product comparison information from magazine reviews for advertising purposes
What is the first thing an Information Systems Security Manager must understand in order to create an environment that discourages computer abuse and promotes ethical behavior?
a) Motivations for ethical behavior
b) Motivations for unethical behavior
c) How to use system controls to prevent unethical behavior
d) How to use rewards and punishment to control behavior
Motivations for unethical behavior
What is the official form of protection for a specific physical product?
a) Trademark
b) Trade Secret
c) Copyright
d) Patent
Patent
What would be the most appropriate protection level granted to proprietary source code?
a) Copyright
b) Trade Secret
c) Patent
d) Trademark
Trade Secret
What is the first step to be accomplished in a preliminary legal investigation?
a) Gather evidence
b) Determine if a crime has occurred
c) Interview witnesses
d) Inspect damage
Determine if a crime has occurred
In a computer forensics investigation, what of the following would be the crucial first step to be performed?
a) Authenticate file system
b) Analyze data
c) Disk image backup
d) Search for hidden or encrypted files
e) Perform disk integrity checking
Disk image backup
What type of evidence is a common exception to the Hearsay Rule?
a) Business records
b) Overheard conversations
c) Best evidence
d) Second hand evidence
Business records
Which of the following is NOT one of the formal steps in the Evidence Life Cycle?
a) Collection and identification
b) Storage, preservation and transportation
c) Interpretation
d) Presentation in court
e) Return to victim or owner
Interpretation
