LAW

Question 1

Real evidence

Answer 1

which consists of tangible or physical objects such such as hard drives, DVDs, USB, or printed business records.

Question 2

Direct evidence

Answer 2

is testimony provided by a witness regarding what the witness actually experienced with his five senses, rather than having gained the knowledge indirectly through another person (hearsay).

Question 3

Circumstantial evidence

Answer 3

is evidence that serves to establish the circumstances related to other evidence.

It is an inference of information from relevant facts.
Offers indirect proof and cannot be used as sole evidence.

Ex: support claims made regarding other evidence or the accuracy of other evidence.

Question 4

Corroborative evidence

Answer 4

provides additional support for a fact that might have been called into question and it does not establish a particular fact on its own.

It used as a supplementary tool to help prove a primary piece of evidence. In order to strengthen a particular fact or element of a case.

Question 5

Hearsay

Answer 5

Second-hand evidence and treated as less reliable.

Computer-based evidence is an example, but there are exceptions related to routine business records, binary disk and memory images.

Rule 1001 of the US Federal Rules of Evidence allows for readable reports of data contained on a computer to be considered as best evidence.

Question 6

Best evidence

Answer 6

Original documents are preferred over copies.

The best evidence rule that meets these criteria, which relevant, authentic, accurate, complete, and convincing.

Rule1001 of the US Federal Rules of Evidence allows for readable reports of data contained on a
computer to be considered as best evidence.

Question 7

Secondary evidence

Answer 7

consists of copies of original documents, and oral descriptions. Computer-generated logs and documents might also constitute secondary rather than best evidence.

Rule 1001 of the US Federal Rules of Evidence allows for readable reports of data contained on a computer to be considered as best evidence.

Question 8

Exigent Circumstances

Answer 8

Justification for the seizure of evidence without a warrant due to the extreme likelihood that the evidence will be destroyed or threat to human life.

Question 9

Common law

Answer 9

• is the legal system used in the United States, UK Canada
• significant emphasis on particular cases and judicial (legal, court, justice) examples as determinants of laws.

It emphasizes the role of court rulings to provide legal precedent. This emphasis allows the interpretation of law to
evolve over time with new judicial rulings.

Question 10

The most significant difference between civil and common law is

Answer 10

under civil law, judicial precedents and particular case rulings do not carry the weight they do under common law.

Question 11

Civil law

Answer 11

• is also called Tort law.
• Based on rules, not precedence.
   Codification of law and heavy reliance on legislation as the primary source of law, as opposed to jurisprudence.
   Emphasizes the abstract concepts of law and is influenced by the writings of legal scholars and academics.
   victim will be an individual, group, or organization.
   Judges play a more active role in determining the facts.

Question 12

Tort law

Answer 12

is the primary component of civil law and is the most significant source of lawsuits seeking financial damages.

deals with injury, loosely defined, that results from someone violating their responsibility to provide a duty of care.

Question 13

Criminal law

Answer 13

• pertains to those laws where the victim can be seen as society itself.
• The crime must be proved beyond any reasonable doubt.
• Punishment loss of freedom or monetary

Question 14

Statutory

Common Types of Financial Damages

Answer 14

Statutory damages are prescribed by law and can be awarded to the victim even if the victim incurred no actual loss or injury.

Question 15

Compensatory

Common Types of Financial Damages

Answer 15

The purpose is to provide the victim with a financial award to compensate for the loss or injury incurred as a direct result of the wrongdoing.

These are some of the oldest in history. It’s designed to bring justice to victim.

An eye for an eye and a tooth for a tooth is purely compensatory.

Question 16

Punitive

Common Types of Financial Damages

Answer 16

These damages are typically awarded to attempt to discourage a particularly bad violation where the compensatory or statutory damages alone would not act as a deterrent.

Question 17

Computer Security Act of 1987

Answer 17

pertains to confidential and sensitive information maintained by federal agencies. This act does not deal with data held by private organizations.

Question 18

Motive

Answer 18

indicates why a crime is committed

Question 19

Opportunities

Answer 19

indicates when and where a crime occurred.

Question 20

Means

Answer 20

how a criminal committed the crime.

Question 21

Customary law

Answer 21

to determine what is generally accepted as good practice, which might be treated as a law.
These practices can be later codified as laws.
The concept of best practices is closely associated with customary law. Punishment is some kind of fine.

Question 22

five rules of evidence

Answer 22

o	Be authentic.
o	Be accurate.
o	Be complete.
o	Be convincing.
o	Be admissible

Question 23

exclusionary rule

Answer 23

evidence must be gathered legally or it can’t be used.

The exclusionary rule is designed to exclude evidence obtained in violation of a criminal defendant’s Fourth Amendment rights.

Question 24

Preponderance of evidence

Answer 24

means that the majority of the evidence presented indicates that the defended is liable for the offensive.

Question 25

Data quality principle

Answer 25

OECD privacy guideline principle that states that personal data should be complete, accurate, and maintained in a fashion consistent with the purposes for
the data collection.

Question 26

Purpose specification principle

Answer 26

OECD privacy guideline principle that states that the
purpose for the data collection should be known, and the subsequent use of the data should be limited to the purposes outlined at the time of collection.

Question 27

Individual participation principle

Answer 27

OECD privacy guideline principle that states that

individuals should have control over their data.

Question 28

What is a data aggregator?

Answer 28

Data aggregators are companies that compile, store, and sell personal information. Often these companies compile profiles of this information.

Question 29

What is burden of proof?

Answer 29

in a criminal court is beyond a reasonable doubt,

The burden of proof in civil proceedings is the preponderance of the evidence. “Preponderance” means it is more likely than not.

Question 30

What is the purpose of Council of Europe Convention on Cybercrime?

Answer 30

establishing standards in cybercrime policy to promote international cooperation during the investigation and prosecution of cybercrime.

Question 31

which is strongest form of intellectual property protection?

Answer 31

Patents

Question 32

Trademark

Answer 32

 Associated with marketing: the purpose is to allow for the creation of a brand that distinguishes the source of products or services.
 Protect the goodwill an organization invests in its products, services or image.

Question 33

What are the two different symbols with Trademark?

Answer 33

The superscript TM symbol (™) can be used freely to
indicate an unregistered mark

The circle R symbol (r) is used with marks that have been formally registered as a trademark with the U.S. Patent and Trademark Office

Question 34

Patents

Answer 34

provide a monopoly to the patent holder on the right to use, make, or sell an invention for a period of time in exchange for the patent holder’s making the invention
public.

Must be novel and unique

Question 35

Copyright

Answer 35

 Covers the expression of ideas rather than the ideas themselves

Question 36

fair use doctrine

Answer 36

allows someone to duplicate copyrighted material without requiring the payment, consent, or even knowledge of the copyright holder.

Question 37

first sale doctrine

Answer 37

allows a legitimate purchaser of copyrighted material to sell it to another person.

Question 38

Trademark dilution

Answer 38

an unintentional attack in which the trademarked brand name is used to refer to the larger general class of products of which the brand is a specific instance. Ex. Kleenex

Question 39

Cybersquatting

Answer 39

refers to an individual or organization registering or using, in bad faith, a domain name that is associated
with another person’s trademark.

Money is the motiviation

Question 40

Typosquatting

Answer 40

refers to a specific type of cybersquatting in which the cybersquatter registers likely misspellings or mistypings of legitimate domain trademarks.

Question 41

CoCom, the Coordinating Committee for Multilateral

Export Controls

Answer 41

a multinational agreement to not export certain technologies, which included encryption, to many communist countries.

Question 42

Wassenaar Arrangement

Answer 42

far less restrictive than the former CoCom but did still suggest significant restrictions on the export of cryptographic algorithms and technologies to countries not included in the Wassenaar Arrangement.

Question 43

EU Data Protection Directive

Answer 43

allows for the free flow of information while still
maintaining consistent protections of each member nation’s citizen’s data.

• Notifying individuals how their personal data is collected and used
• Allowing individuals to opt out of sharing their personal data with third parties
• Requiring individuals to opt into sharing the most sensitive personal data
• Providing reasonable protections for personal data

Question 44

Privacy Act of 1974

Answer 44

was created to codify protection of US citizens’ data that is being used by the federal government.

It defined guidelines regarding how US citizens’ personally identifiable information would be used, collected, and distributed.

Question 45

Prudent man rule

Answer 45

Organizations should engage in business practices that a prudent, right thinking person would consider to be appropriate.

When attempting to determine whether certain actions or inactions constitute negligence, the prudent man rule is often applied. Due diligence and due care

Question 46

Chain of custody

Answer 46

requires that, once evidence is attained, who, what, when, and where with regard to the handling of evidence must be fully documented.

The goal is to show that throughout the evidence lifecycle it is both known and documented how the evidence was handled. This also supports evidence integrity.

Question 47

Entrapment

Answer 47

a legal defense where the defendant claims an agent of law enforcement persuaded the defendant to commit a crime that he or she would otherwise not have committed.

Ex: allowing downloads on a honeypot is a possible example of entrapment if it is used to make formal trespassing charges. Entrapment is illegal.

Question 48

Enticement

Answer 48

encouraging someone to commit a crime after that person was already intent on the commission of a crime.

Honeypot: The attacker will be enticed to go to the honeypot system because it has many open ports. Enticement is legal.

Question 49

Computer Fraud and Abuse Act—18 CFR } 1030

Answer 49

pertaining to computer crimes.

It covered criminalized attacks on protected computers,
including government and financial computers, as well
as those engaged in foreign or interstate commerce,

Question 50

Electronic Communications Privacy Act - ECPA

Answer 50

Electronic Communications Privacy Act—Provides search and seizure protection to non-telephony electronic communications.

Question 51

Gramm–Leach–Bliley Act (GLBA):

Answer 51

requires financial institutions to protect the confidentiality and integrity of consumer financial information and forces them to notify consumers of their privacy practices.

Question 52

California Senate Bill 1386 (SB1386)

Answer 52

first U.S. state-level breach notification laws. Requires organizations experiencing a personal data breach involving California residents to notify them of the potential disclosure.

Question 53

Sarbanes–Oxley Act of 2002 (SOX):

Answer 53

created regulatory compliance mandates for publicly traded companies. The primary goal is to ensure adequate financial disclosure and financial auditor independence.

Question 54

Information security attestation

Answer 54

involves having a third-party organization review the practices of the service provider and make a statement about the security posture of the organization. Ex: SAS 70 and ISO 27001 certification

The goal of the service provider is to provide evidence that they should be trusted.

Question 55

vendor management

Answer 55

The goal of vendor governance is to ensure that the business is continually getting sufficient quality from its third-party providers.

Question 56

What was the primary purpose of the 1997 U.S. Federal Sentencing Guidelines?

Answer 56

to provide guidelines for dealing with white collar crimes

Question 57

What are the three basic questions answered by the chain of custody?

Answer 57

who controlled the evidence
who secured the evidence
who obtained the evidence

Question 58

What is the primary concern of the natural surveillance facet of the CPTED approach?

Answer 58

to ensure that criminals feel uncomfortable making an attack

Question 59

What is the proper life cycle of evidence steps?

Answer 59

collection
analysis
storage
court presentation
return to owner

Question 60

Unallocated space

Answer 60

Portions of a disk partition that do not contain active data.

This includes memory that has never been allocated, and previously allocated memory that has been marked unallocated. If a file is deleted, the portions of the disk that held the deleted file are marked

Question 61

Slack space

Answer 61

Data is stored in specific size chunks known as clusters.

A cluster is the minimum size that can be allocated by a file system. If a particular file, or final portion of a file, does not require the use of the entire cluster, then some
extra space will exist within the cluster. This leftover space is known as slack space.

Question 62

A hacker is attacking your web sites. Which plan you need to use?

Answer 62

Cyber Incident Response Plan—

Plan designed to respond to disruptive cyber events, including network-based attacks, worms, computer viruses, Trojan horses, etc.