Domain 9 - Legal, Regulations, Investigations, and Compliance Flashcards
- There are three primary kinds of spoofing. They are e-mail spoofing, web-site spoofing, and:
a. System masquerades
b. Gopher spoofing
c. IP spoofing
d. Social engineering
Explanation: Answer c is the correct answer, and is taken verbatim from Investigating Computer-Related Crime. The other answers are incorrect…for a), a system masquerade is not a form of spoofing, it replaces a legitimate computer with the masquerading computer; for b), gopher spoofing is not a primary kind of spoofing, but a subset of P spoofing; and d) is not a type of spoofing at all, but a type of user masquerade.
- A Trojan horse differs from a virus in the following two very important aspects:
a. First, it is not found on Unix boxes; second, it could stand alone as an independent executable file.
b. First, it does not replicate or infect other files; second, it has a limit to how many times it can occur on a system.
c. First, it does not replicate or infect other files; second, it cannot be found by anti-virus software using virus signature files.
d. First, it does not replicate or infect other files; second, it could stand alone as an independent executable file.
Explanation: Answer d is the correct answer, and is taken verbatim from Investigating Computer-Related Crime. The other answers are incorrect. Trojans CAN be found on Unix boxes, it can occur many times on a system, and it can not typically be found using virus signature files.
- The U.S. Freedom of Information Act (FOIA) regulates:
a. Dissemination of and access to data.
b. How government agencies collect, use, maintain or disseminate information pertaining to individuals.
c. Private industry in collecting, using, maintaining and disseminating information pertaining to individuals.
d. What constitutes records for the purposes of the Internal Revenue laws.
Explanation: Answer a is the correct answer, and is taken verbatim from the cited reference. The other answers are incorrect because they each describe other laws. Answer b is incorrect because it describes the Privacy Act of 1974. Answer c is incorrect because it describes the Fair Credit Reporting Act. Answer d is incorrect because it describes IRS Revenue Ruling 71-20.
- The business records exception to the hearsay rule, Fed. R. Evid. 803(6), in general refers to any memorandum, report, record or data compilation (1) made at or near the time of the event, and (2):
a. By a customer who was conducting business with the organization.
b. By, or from information transmitted by, an employees during normal business hours.
c. Transmitted using a digital signature.
d. By, or from information transmitted by, a person with knowledge if the record was kept in the course of a regularly conducted business activity, and it was the regular practice of that business activity to make the record
Explanation: Answer d is the correct answer, and is taken verbatim from Investigating Computer-Related Crime. The other answers are incorrect.
- Intrusion management is a four-step process. The steps are:
a. Avoidance, testing, detection and investigation
b. Identification, authentication, investigation and prosecution
c. Avoidance, detection, investigation and prosecution
d. Detection, communication, investigation and recovery
Explanation: Answer a is the correct answer, and is taken verbatim from Investigating Computer-Related Crime. The other answers are incorrect because identification and authentication (answer b) is a functional area of vulnerability, but not part of the four-step process; prosecution (answer c) can be a result of investigation, but not part of the four-step process itself; and, communication (answer d) should be part of the detection and investigation processes, and recovery is a subset of the detection and investigation processes as well.
- The first case successfully prosecuted under the Computer Fraud and Abuse Act of 1986 was:
a. Robert T. Morris worm
b. Kevin Mitnick computer hacking
c. Melissa virus
d. Clifford Stoll’s cyber-spy case
Explanation: Answer a is the correct answer, and is taken verbatim from the cited reference. The other answers are incorrect because they were not the first case successfully prosecuted under the Computer Fraud and Abuse Act of 1986.
- There are two primary types of message flooding, they are:
a. Disabling services and freezing up X-Windows
b. Malicious use of telnet and packet flooding
c. Broadcast storms and attacking with LYNX clients
d. E-mail and log flooding
Explanation: Answer d is the correct answer, and is taken verbatim from the cited reference. Answers a, b and c all describe attacks, but not message flooding attacks.
- According to Eugene Spafford, computer break-ins are ethical only:
a. To catch a person committing fraud.
b. To prove the security of a computer network system.
c. In extreme situations, such as a life-critical emergency.
d. Whenever corporate management has been forewarned to the break-in attempts.
Explanation: Answer c is the correct answer, and is taken verbatim from “Ermann, Williams & Shauf”. The other answers are incorrect because they were not cited by Dr. Spafford.
- On a DOS disk, the space taken up by the “real” file when you erase it is called:
a. Slack space
b. Unallocated space
c. Swap files
d. Cache files
Explanation: Answer b is the correct answer, and is taken verbatim from Stephenson. The other answers are incorrect. Answers a, b and c all describe other types of space on a DOS disk, but they do not fit the definition.
- “…to prove the content of a writing, recording, or photograph, the original writing, recording, or photograph is required, except as otherwise provided in these rules or by Act of Congress.” Is taken from the:
a. Chain of custody rule
b. Hearsay rule
c. Best evidence rule
d. Distinctive evidence rule
Explanation: Answer c is the correct answer, and is taken verbatim from Stephenson. The other answers are incorrect, but they all are distracters.
- The U.S. Economic Espionage Act of 1996 defines someone as undertaking in economic espionage if they knowingly perform any of five activities. One of these activities includes:
a. Intentionally, without authorization to access any nonpublic computer of a department of agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the government of the United States.
b. Does not obtain consent for the collection, use, or disclosure of personal information
c. Causes loss aggregating at least $5,000 in value during any 1-year period to one or more individuals.
d. Receives, buys, or possesses a trade secret, knowing the same to have been stolen or appropriated, obtained, or converted without authorization.
Explanation: Answer d is the correct answer, and is taken verbatim from BS 7799. The other answers are incorrect. Answer a is incorrect, it is from the Computer Fraud and Misuse Act. Answer b is incorrect; it is from the Online Privacy Protection Act of 1999. Answer c is incorrect; it is from the Computer Fraud and Misuse Act.
- U.S. Criminal law identifies a crime as being a wrong against:
a. A private citizen
b. Society
c. The U.S. government
d. Taxpayers
Explanation: Answer b is the correct answer, and is taken verbatim from the reference cited. The other answers are incorrect because they are not specifically addressed within any definitions of U.S. criminal law definitions. However, they are sometimes specifically addressed within specific state and local laws.
- What kind of cases are much easier to convict because the burden of proof required for a conviction is much less:
a. Misdemeanor
b. Civil
c. Criminal
d. Domestic
Explanation: Answer b is the correct answer, and is taken verbatim from the cited reference. The other answers are incorrect since a criminal case requires a preponderance of evidence beyond a reasonable doubt. “Misdemeanor” and “domestic” are not considered case classifications.
- U.S. criminal law falls under two main jurisdictions, they are:
a. Federal and local
b. County and local
c. Federal and state
d. National and international
Explanation: Answer c is the correct answer, and is taken verbatim from the reference cited. The other answers are incorrect because local and county jurisdictions do not address criminal law because they are addressed by federal and state laws. There is not formal terminology with regard to national or international jurisdictions.
- Real evidence is:
a. Things such as tools used in the crime.
b. Made up of tangible objects that prove or disprove guilt.
c. Evidence used to aid the jury in the form of a model, experiment, chart, or an illustration offered as proof.
d. Oral testimony, whereby the knowledge is obtained from any of the witness’s five senses.
Explanation: Answer b is the correct answer, and is taken verbatim from the reference cited below. Answer a is an example of physical evidence. Answer c is an example of demonstrative evidence. Answer d is an example of direct evidence