Laws, Regulations, and Compliance

part-1

provide a 50–100-word explanation on why you chose your answer. Please cite your sources for your answers from your course materials or other credible resources.

1. Which guidelines state that the data gathered for private individuals should only be used for the purpose for which it is collected?

A. European Union Principles on Privacy
B. Computer Security Act of 1987
C. Economic Espionage Act of 1996

2. Which pillar of Basel II determines the lowest amount of funds that a financial institute must keep on hand?

A. Supervision
B. Market Discipline
C. Minimum Capital Requirements

3. Your organization’s website follows the Platform for Privacy Preferences Project (P3P) guidelines for user privacy on its public website. Which organization developed P3P?

A. Internet Architecture Board (IAB)
B. World Wide Web Consortium (W3C)
C. European Union

4. Based on the Federal Privacy Act of 1974, which type of permission must be obtained by a government agency to disclose private information that the agency collected?

A. Verbal permission
B. Implied permission
C. Written permission

5. What is the correct definition of a data aggregator?

A. A company that compiles, stores, and sells personal information
B. A company that analyzes personal information
C. A company that secures personal information

6. You work for a pharmaceutical company. The research department of your company has recently created a chemical formula for a new drug. Which property law term applies in this case?

A. Trade secret
B. Copyright
C. Trademark

7. You work for a United States federal agency. Your manager indicates that you must identify computers that contain sensitive information. Which law requires this?

A. HIPAA Act
B. Computer Security Act of 1987
C. Economic Espionage Act of 1996

8. Which statement is true of reverse engineering?

A. It involves compiling vendor object codes.
B. It analyzes the operation of an application.
C. It removes security flaws from object code.

9. Which of the following is MOST important in determining whether a disaster recovery test is successful?

A. Critical business processes are duplicated
B. Only business data files from offsite storage are used
C. IT staff fully recovers the processing infrastructure

10. An organization determined that if its email system failed for 3 days, the cost to the organization would be eight times greater than if it could be recovered in one day period. This determination most likely was the result of:

A. Disaster recovery planning
B. Business impact analysis
C. Full interruption testing

11. Which of the following should be performed FIRST in the aftermath of a denial of service DOS attack?

A. Restore servers from backup media stored offsite
B. Conduct an assessment to determine system status
C. Perform an impact analysis of the outage

12. Which of the following is the MOST important element to ensure the successful recovery of a business during a disaster?

A. Network redundancy is maintained through separate providers
B. Hot site equipment needs are re certified on a regular basis
C. Detailed technical recovery plans or maintained off site

part-2

provide a 50–100-word explanation on why you chose your answer. Please cite your sources for your answers from your course materials or other credible resources.

1. You are researching computer crimes. All of the following are categories of this type of crime, EXCEPT:

A. Computer-assisted crime
B. Computer-targeted crime
C. Computer-commerce crime

2. Which crime term is used to indicate when and where a crime occurred?

A. Means
B. Motive
C. Opportunity

3. Which type of law governs the payment of compensation and fines without sentencing the offenders to jail?

A. Civil law
B. Criminal law
C. Copyright law

4. An employee is suspected of criminal activity involving access to data in excess of the employee’s authority. You have obtained the original signed copy of the no-right-to-privacy agreement that the employee signed when he was hired. What kind of evidence is this agreement?

A. Best evidence
B. Secondary evidence
C. Corroborative evidence

5. As part of an incident investigation, you need to ensure that the primary copy of the original media is stored properly. All of the following steps should be completed, EXCEPT:

A. Label the primary copy with the date, time, collector’s initials, and case number, if applicable.
B. Encrypt the primary copy to ensure the contents are protected.
C. Seal the primary copy in a container and label the container to ensure that the primary copy is safe.

6. Which crime term is used to indicate how a criminal committed a crime?

A. Means
B. Motive
C. Opportunity

7. Which statement is true of circumstantial evidence?

A. It helps prove either a point or an idea.
B. It requires inference from the available facts.
C. It relies on original documents to prove a fact.

8. To investigate computer crimes, with which agency does FBI work?

A. Interpol and NSA
B. Secret Service and local law enforcement
C. Department of Defense

9. When an organization is using an automated tool to manage and house its continuity plans, which would have following is the PRIMARY concern?

A. Ensuring accessibility should a disaster occur
B. Versioning controls as plans are modified
C. Tracking changes in personnel and plan assets

10. Which of the following actions should be taken when an information security manager discovers that a hacker is footprinting the network perimeter?

A. Reboot the border router connected to the firewall
B. Check intrusion detection system logs
C. Enable server trace routing on the Demilitarized Zone segment

11. One performing a business impact analysis, which of the following should calculate the recovery time and the cost estimates?

A. Business continuity coordinator
B. Business process owners
C. Information security manager

12. Which of the following is MOST closely associated with a business continuity program?

A. Periodically testing network redundancy
B. Updating the hot site equipment configuration every quarter
C. Developing recovery time objectives for critical functions

Tags: No tags