Legal, Regulations, Investigations and Compliance Flashcards by David Geneve

Breach of data security

attackers alter or compromise the static data store on computers

How well did you know this?

Not at all

Perfectly

breach of physical security

attackers intercept communications lines and listen to sensitive conversation or gain access to documents in the trash.

How well did you know this?

Not at all

Perfectly

breach of communication security

attackers use malicious code to crack the integrity and confidentiality of digitally transmitted information.

How well did you know this?

Not at all

Perfectly

breach of operations security

attackers compromise day to day processes or procedures through methods such as IP spoofing

How well did you know this?

Not at all

Perfectly

breach of personnel security

attackers gain information from company employees

How well did you know this?

Not at all

Perfectly

Covers individual and business rights and obligations under the law.

torte law

How well did you know this?

Not at all

Perfectly

Combines aspects of two or more legal systems

mixed law

How well did you know this?

Not at all

Perfectly

derives from the broad legal principals and the interpretation of doctrinal writings

civil law

How well did you know this?

Not at all

Perfectly

Regulates organizations and their employees using a system of punishment

administrative law

How well did you know this?

Not at all

Perfectly

Responsible for maintaining peace and order among a population

criminal law

How well did you know this?

Not at all

Perfectly

covers all aspect of social and spiritual behavior within society.

religious law

How well did you know this?

Not at all

Perfectly

4 categories of computer crimes

computer as the target
computer as the instrument
computer as incidental to other crimes
crimes associated with the prevalence of computers

How well did you know this?

Not at all

Perfectly

Computer as the target category

involve sabotage of computers and networks

stealing information

How well did you know this?

Not at all

Perfectly

Computer as the instrument category

computer used as a means to create chaos

How well did you know this?

Not at all

Perfectly

computer as incidental to other crimes category

computers aren’t essential for the crimes, just facilitate

How well did you know this?

Not at all

Perfectly

crimes associated with the prevalence of computers

software piracy

stealing computer equipment

How well did you know this?

Not at all

Perfectly

Breach of physical security

involves a breach in the actual hardware that makes up the system, network, or building
dumpster diving
wiretapping
shoulder surfing

How well did you know this?

Not at all

Perfectly

breach of personnel security

attackers trick employees

How well did you know this?

Not at all

Perfectly

breach of communications security

unauthorized people use digital communication lines to compromise the integrity and confidentiality of information transmitted between authorized parties.
trap doors
tunneling
timing
virus/worm/trojan
salami

How well did you know this?

Not at all

Perfectly

salami attack

attacker takes a small amount of money from a large quantity of individuals

How well did you know this?

Not at all

Perfectly

breach of data security

attackers alter or compromise the static data stored on computers.

How well did you know this?

Not at all

Perfectly

breach of operations security

attackers take advantage of day to day processes or procedures
IP spoofing
password sniffing
scanning
excess privileges
data diddling

How well did you know this?

Not at all

Perfectly

Data diddling

an attacker alters data either when it is entered or soon after the data is processed by the application and is ready for output.

How well did you know this?

Not at all

Perfectly

civil law

basis of legal system in Europe
based on Roman law
derives from broad legal principles and the interpretation of doctrinal writings

How well did you know this?

Not at all

Perfectly

common law

depends on judicial decisions that were based on tradition, custom, and precedent.

Criminal codes dealing with computer crimes

18 USC 1029 18 USC 1362 18 USC 2510 18 USC 3121

Laws dealing with privacy

Federal Privacy Act HIPPA Gramm-Leach-Bliley

direct evidence

eyewitness statement

demonstrative evidence

chart used to explain a concept to a jury

documentary evidence

printed transcripts of telephone conversations

real evidence

perishable object capable of reproduction

5 evidence life cycle stages

``` collection and identification analysis storage, preservation, and transportation court presentation return to owner ```

definition of due care

an organization takes all reasonable steps to protect against security breaches

definition of due diligence

an organization properly investigates possible weaknesses and vulnerabilities

``` Where does the greatest risk of cybercrime come from? A. outsiders B. nation-states C. insiders D. script kiddies ```

C. insiders

What is the largest hindrance to fighting computer crime? A. computer criminals are generally smarter than computer investigators B. adequate funding to stay ahead of the computer criminals. C. activity associated with computer crime is truly international D. there are so many more computer criminals than investigators that it is impossible to keep up.

C. activity associated with computer crime is truly international

``` Computer forensics is the marriage of computer science, information technology, and engineering with A. Law B. Information Systems C. analytical thought D. scientific method ```

A. Law

What principal allows an investigator to identify aspects of the person responsible for a crime when, whenever committing a crime, the perpetrator leaves traces while stealing assets? A. meyer's principal of legal impunity B. criminalistic principals C. IOCE/Group of 8 nations principals for computer forensics. D. Locard's principle of exchange

D. Locard's principle of exchange

Which of the following is part of the five rules of evidence? A. be authentic, be redundant, be admissible B. be complete, be authentic, and be admissible C. be complete, be redundant, and be authentic D. be redundant, be admissible, and be complete

B. be complete, be authentic, and be admissible

``` What is not mentioned as a phase of an incident response? A. documentation B. prosecution C. containment D. investigation ```

B. prosecution

``` Which best emphasizes the abstract concepts of law and is influenced by the writings of legal scholars and academics. A. criminal law B. civil law C. religious law D. administrative law ```

B. civil law

``` Which type of intellectual property cover the expression of ideas than the ideas themselves? A. trademark B. patent C. copyright D. trade secret ```

C. copyright

``` Which type of intellectual property protects the goodwill a merchant or vendor invests in its products? A. trademark B. patent C. copyright D. trade secret ```

A. trademark

``` Which of the following are computer forensics guidelines? A. IOCE, MOM, SWGDE B. MOM, SWGDE, IOCE C. IOCE, SWGDE, ACPO D. ACPO, MOM, IOCE ```

C. IOCE, SWGDE, ACPO

``` Which of the following are categories of software licensing? A. freeware, open source, commercial B. commercial, academic, open source C. academic, freeware, open source D. freeware, commercial, academic ```

D. freeware, commercial, academic

``` What are the rights and obligations of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information best related to? A. privacy B. secrecy C. availability D. reliability ```

A. privacy

triage encompasses which of the following incident response subphases? A. collection, transport, testimony B. traceback, feedback, loopback C. detection, identification, notification D. confidentiality, integrity, availability

C. detection, identification, notification

The integrity of a forensic bit stream image is determined by A. comparing hash totals to the original source B. keeping good notes C. taking pictures D. encrypting keys

A. comparing hash totals to the original source

When dealing with digital evidence, the crime scene A. must never be altered B. must be completely reproducible in a court of law C. must exist in only one country D. must have the least amount of contamination that is possible.

D. must have the least amount of contamination that is possible.

When outsourcing IT systems A. all regulatory and compliance requirements must be passed on to the provider B. the outsourcing organization is free from compliance obligations C. the outsourced IT systems are free from compliance obligations D. the provider is free from compliance obligations

A. all regulatory and compliance requirements must be passed on to the provider

The ISC2 code of ethics resolves conflicts between canons by A. there can never be conflicts between canons B. working through adjudication C. the order of the canons D. vetting all canon conflicts through the board of directors

C. the order of the canons

When dealing with digital evidence, the chain of custody A. must never be altered B. must be completely reproducible in a court of law C. must exist in only one country D. must follow a formal documented process

D. must follow a formal documented process

To ensure proper forensics action when needed, an incident response program must A. avoid conflicts of interest by ensuring organization legal council is not part of the process B. routinely create forensic images of all desktops and servers C. only promote closed incidents to law enforcement D. treat every incident as though it may be a crime

D. treat every incident as though it may be a crime

A hard drive is recovered from a submerged vehicle. The drive is needed for a court case. What is the best approach to pull information off the drive. A. wait for the drive to dry and then install it in a desktop and attempt to retrieve the information via normal operating system commands. B. place the drive in a forensic oven to dry it and then use a degausser to remove any residual humidity prior to installing the drive in a laptop and using the OS to pull off information. C. While the drive is still wet, use a forensic bit to bit copy program to ensure the drive is preserved in its native state. D. Contact a professional data recovery organization, explain the situation and request they pull a forensic image.

D. Contact a professional data recovery organization, explain the situation and request they pull a forensic image.

Which organization has been developed to deal with economic, social, and governance issues, and how sensitive data is transported over borders? A. European Union B. Council of Europe C. Safe Harbor D. Organization for Economic Cooperation and Development.

D. Organization for Economic Cooperation and Development.

Different countries have different legal systems. Which of the following correctly describes customary law? A. Not many countries work under this law purely. Most instead use a mixed system where this law, which deals mainly with personal conduct and patterns of behavior is an integrated component. B. It is a rule-based law focused on codified law C. Based on previous interpretations of laws, this system reflects the community's morals and expectations.

A. Not many countries work under this law purely. Most instead use a mixed system where this law, which deals mainly with personal conduct and patterns of behavior is an integrated component.

``` Widgets Inc wishes to protect its logo from unauthorized use. Which of the following will protect the logo and ensure that others cannot copy and use it? A. Patent B. Copyright C. Trademark D. Trade Secret ```

C. Trademark

``` There are 4 categories of software licensing. Which of the following refers to software sold a reduced cost? A. Shareware B. Academic software C. Freeware D. Commercial software ```

B. Academic software

There are different types of approaches to regulations. Which of the following is an example of self-regulation? A. The Health Insurance Portability and Accountability Act. B. Sarbanes-Oxley C. Computer fraud and abuse act D. PCI data security standard

D. PCI data security standard

``` Which of the following means that a company did all it could have reasonably done to prevent a security breach? A. Downstream liability B. Responsibility C. Due diligence D. Due Care ```

D. Due Care

There are 3 different types of incident response teams. Which of the following correctly describes a virtual team? A. It consists of experts who have other duties within the organization. B. It can be cost prohibitive to smaller organizations. C. It is a hybrid model. D. Core members are permanently assigned to the team.

A. It consists of experts who have other duties within the organization

A suspected crime has been reported within your organization. Which of the following steps should the incident response team take first? A. Establish a procedure for responding to the incident. B. Call in forensics experts. C. Determine that a crime has been committed. D. Notify senior management.

C. Determine that a crime has been committed.

``` During an incident response, what stage involves mitigating the damage caused by an incident? A. Investigation B. Containment C. Triage D. Analysis ```

B. Containment

Which of the following is a correct statement regarding computer forensics? A. It is the study of computer technology B. It is a set of hardware-specific processes that must be followed in order for evidence to be admissible in a court of law. C. It encompasses network and code analysis, and may be referred to as electronic data discovery. D. Computer forensics responsibilities should be assigned to a network administrator before an incident occurs.

C. It encompasses network and code analysis, and may be referred to as electronic data discovery.

``` Which of the following dictates that all evidence be labeled with information indicating who secured and validated it? A. Chain of custody B. Due Care C. Investigation D. Motive, Opportunity, and Means ```

A. Chain of custody

``` There are several categories of evidence. How is a witness'es oral testimony categories? A. Best evidence B. Secondary evidence C. Circumstantial evidence D. Conclusive evidence ```

B. Secondary evidence

``` For evidence to be legally admissible, it must be authentic, complete, sufficient, and reliable. Which characteristic refers to the evidence having a reasonable and sensible relationship to the findings? A. Complete B. Reliable C. Authentic D. Sufficient ```

C. Authentic

Which of the following best describes exigent circumstances? A. The methods used to capture a suspect's actions are neither legal nor ethical. B. Enticement is used to capture a suspect's actions C. Hacking does not actually hurt anyone D. The seizure of evidence by law enforcement because there is concern that a suspect will attempt to destroy it.

D. The seizure of evidence by law enforcement because there is concern that a suspect will attempt to destroy it.

What role does the Internet Architecture Board play regarding technology and ethics? A. It creates criminal sentencing guidelines B. It issues ethics-related statements concerning the use of the internet. C. It edits Requests for Comment D. It maintains ten commandments for ethical behavior

B. It issues ethics-related statements concerning the use of the internet.

``` Which of the following statements is not true of dumpster diving? A. It is legal B. It is unethical C. It is illegal D. It is a non-technical attack ```

C. It is illegal

``` Which of the following is a legal form of eavesdropping when performed with prior consent or a warrant? A. Denial of Service B. Dumpster Diving C. Wiretapping D. Data diddling ```

C. Wiretapping

``` What type of common law deals with violations committed by individuals against government laws, which are created to protect the public? A. Criminal Law B. Civil Law C. Tort Law D. Regulatory law ```

A. Criminal Law

``` During what stage of incident response is it determined if the source of the incident was internal or external, and how the offender penetrated and gained access to the asset? A. Analysis B. Containment C. Tracking D. Follow-up ```

C. Tracking

Which of the following is not true of a forensics investigation? A. The crime scene should be modified as necessary. B. A file copy tool may not recover all data areas of the device that are necessary for investigation. C. Contamination of the crime scene may not negate derived evidence, but it should still be documented. D. Only individual with knowledge of basic crime scene analysis should have access to the crime scene.

A. The crime scene should be modified as necessary.

Great care must be taken to capture clues from a computer or device during a forensics exercise. Which of the following does not correctly describe the efforts that should be taken to protect an image? A. The original image should be hashed with MD5 or SHA-256. B. Two time-stamps should be created C. New media should be properly purged before images are created on them. D. Some systems must be imaged while they are running.

D. Some systems must be imaged while they are running.

``` Which of the following attacks can be best prevented by limiting the amount of electrical signals emitted from a computer system? A. Salami B. Emanations capturing C. Password sniffing D. IP spoofing ```

B. Emanations capturing

As a CISSP candidate, you must sign a code of ethics. Which of the following is from the ISC2 code of ethics for the CISSP? A. Information should be shared freely and openly; thus sharing confidential information should be ethical. B. Think about the social consequences of the program you are writing or the system you are designing C. Discourage unnecessary fear or doubt D. Do not participate in internet wide experiments in a negligent manner.

C. Discourage unnecessary fear or doubt

``` What concept states that a criminal leaves something behind and takes something with them? A. Modus operandi B. Profiling C. Locard's principal of exchange D. Motive, opportunity, and means ```

C. Locard's principal of exchange

Which of the following was the first international treaty seeking to address computer crimes by coordinating national laws and improving investigative techniques and international cooperation? A. Council of Global Convention on Cybercrime B. Council of European Convention on Cybercrime C. Organization for economic cooperation and development D. Organization for cybercrime cooperation and development

B. Council of European Convention on Cybercrime

Lee is a new security manager who is in charge of ensuring that his company complies with the European Union principles on privacy when his company is interacting with their European partners. The set of principles that deals with transmitting data considered private is encompassed within which of the following laws or regulation? A. Data protection directive B. Organization for economic cooperation and development C. Federal private bill D. Privacy protection law

A. Data protection directive

``` The common law system is broken down into which of the following categories? A. common, civil, criminal B. legislation, bills, regulatory C. civil, criminal, regulatory D. legislation, bills, civil ```

C. civil, criminal, regulatory

Privacy is becoming more threatened as the world relies more and more on technology. There are several approaches to addressing privacy, including the generic approach and regulation by industry. Which of the following best describes these two approaches? A. The generic approach is vertical enactment. Regulation by industry is horizontal enactment B. The generic approach is horizontal enactment. Regulation by industry is vertical enactment C. The generic approach is government enforced. Regulation by industry is self-enforced D. The generic approach is self enforced. Regulation by industry is government enforced.

B. The generic approach is horizontal enactment. Regulation by industry is vertical enactment

Which of the following best describes the organization that developed the best practices that Stephanie needs to ensure her company's procedures map to? A. Internet activities board B. International organization on computer evidence C. Department of defense forensics committee D. International forensics standards board

B. International organization on computer evidence

``` Which of the following best describes what Stephanie needs to build for the deployment teams? A. Local and remote imaging B. Forensics field kit C. Chain of custody procedures and tools D. Digital evidence collection software ```

B. Forensics field kit