Legal Issues In Information Security C841

The main goal of information security is to protect: A confidentiality, integrity, and availability B non-public personally identifiable information C financial data of public entities D personal health data and biometrics

The _____________________ established the national banking system in the United States. A Bank Holding Company Act of 1956 B Bank Secrecy Act of 1970 C Gramm-Leach-Bliley Act D National Bank Act of 1864

What does ISO stand for? A International Organization for Security B Independent Standards Organization C International Security Organization D International Organization for Standardization

When testing a disaster recovery plan, which test involves hypothetical role-playing of a disaster? A full interruption B parallel C scenario D walk-through

____________ is the practice of tracking a user's actions on the Internet in order to create a user profile. A Clickstreaming B Targeted advertising C Radio Frequency Identification (RFID) D Online profiling

What are the four privacy torts that still exist today? A ECPA, Privacy Act, E-Government Act, and Patriot Act B intrusion into seclusion, portrayal in a false light, appropriation of likeness or identity, and public disclosure of private facts C right to privacy, reasonable person standard, fair information practice principles, and the Wiretap Act D in the U.S. Constitution, the First Amendment, Third Amendment, Fourth Amendment, and Fifth Amendment

The ________________________ protects the personal information of children online. A Children's Internet Protection Act (CIPA) B Family Educational Rights and Privacy Act (FERPA) C Health Insurance Portability and Accountability Act (HIPAA) D Children's Online Privacy Protection Act (COPPA)

Congress can create laws in areas where the________________ allows it. A U.S. Constitution B President C U.S. Supreme Court D House of Representatives

Compensatory, consequential, nominal, and liquidated are all types of ____________. A performance B remedies C damages D breach

The _________________ creates international guiding principles for computer forensic examiners. A International Organization on Computer Evidence (IOCE) B American Bar Association Forensic Division C International Association of Computer Investigative Specialists (IACIS) D U.S. Federal Bureau of Investigations (FBI)

All of the following are eligibility requirements for the president of the United States except: A None of these B must be a resident of the United States for at least 14 years at the time of election C must be at least 35 years old

Massachusetts' "Standards for the Protection of Personal Information of Residents of the Commonwealth" was released in September 2008 and is known for being "unique" in terms of its data protection standard. Which of the following statements best captures that uniqueness? A It attempts to regulate businesses outside of Massachusetts by requiring businesses to encrypt the personal data of Massachusetts residents. B The standard states that an information security program must include specific security requirements. C Under the data protection standard, personal information is a person's first and last name, or first initial and last name, and any of the following: Social Security number, driver's license number, or state identification card number. D It states that an entity's information security program must be a good fit for its size and scope. It also must fit the entity's type of business.

In 1998, Congress passed the _________________________.This law helps protect copyrights in the multimedia world. It also contains provisions that help insulate Internet service providers from the actions of their customers. A Online Copyright Infringement Liability Limitation Act B Computer Maintenance Competition Assurance Act C Vessel Hull Design Protection Act D Digital Millennium Copyright Act

How does the U.S. Constitution refer to itself? A The just Laws of the United States B The first Law of the States C The Federal Government blueprint D The supreme Law of the Land

_______________________ attempts to use real numbers to calculate risk and potential loss. A Qualitative risk analysis B Quantitative risk analysis C A disaster recovery plan D An incident response analysis

SOX ___________ imposes criminal liability for fraudulent financial certifications. A Section 302 B Section 708 C Section 906 D Section 404

A(n) _____________ is a formal request for a higher authority to review the decision of a lower court. A holding B appeal C writ of certiorari D pleading

The Federal Reserve reports directly to: A the U.S. Congress B the U.S. Supreme Court C the Senate D the president

One of the main goals of _______________ is to protect an organization's bottom line. A tactical planning B IT management C an incident response plan D risk management

The Family Policy Compliance Office (FPCO) provides oversight for the ____________________. A Children's Online Privacy Protection Act (COPPA) B Family Educational Rights and Privacy Act (FERPA) C Health Insurance Portability and Accountability Act (HIPAA) D Children's Internet Protection Act (CIPA)

In which of the following places would a person have "a reasonable expectation of privacy"? A on the street B in the workplace C in a public restroom D in one's home

Which of the following are types of export control regulations? 1 Export Administration Regulations (EAR) 2 None of these 3 International Traffic in Arms Regulations (ITAR) A 1,3 B 1,2

Which of the following statements best captures the function of the Federal Trade Commission (FTC)? A to promote consumer protection and eliminate practices that are harmful to competitive business B to make frequent reports to the president on its actions C to create the penalties for individuals and organizations that violate rules D to be one of the most important regulatory authorities for consumer and some business practice issues

What makes a distributed denial of service attack "distributed"? A It attacks multiple systems. B It involves multiple systems to launch the attack. C It involves technological and physical systems to launch the attack. D It involves many IP addresses.

_______________________ is part of the executive management team's responsibility for protecting an organization's information assets. A A-I-C triad B risk management C information security governance D C-I-A triad

____________ was created by Congress to make health insurance portable. A CIPA B HITECH Act C FERPA D HIPAA

Plant patents are granted to inventors who invent or discover new: A management techniques for improved efficiency B manufacturing methods C processes D varieties of plants

_____________ are used to protect words, logos, and symbols that identify a product or services. A Patents B Copyrights C Trade secrets D Trademarks

Which of following is not one of the categories of vulnerabilities? A facility B people C process D domain

Which of the following reports, which generally are shared only between the organizations that are doing business with one another, are used by auditors to assess the ICFR at one entity that does business with another entity? A SOC-2 B SOC-1 C SOC-4 D SOC-3

What is a test for measuring the reliability of a scientific methodology? A Locard's B Silver Platter C Merrell D Daubert

Some people believe that COPPA requirements violate freedom of speech without censorship guaranteed by the ______________ Amendment. A First B Second C Fourth D Seventh

In forming a contract, the parties must bargain for something of value. This is called ____________________. A meeting of the minds B consideration C offer D acceptance

___________________ refers to applying safeguards designed to lower risks to a level deemed acceptable but without eliminating such risks. A Risk transfer B Residual risk C Risk avoidance D Risk mitigation

_______________________ covers unsolicited commercial e-mail messages and requires commercial e-mail senders to meet certain requirements. A Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) B Anti-cybersquatting and Consumer Protection Act C Computer Fraud and Abuse Act D Pen Register and Trap and Trace Statute

___________________ is used to assess the vulnerabilities and threats that could harm electronic protected health information (EPHI). A risk analysis B workforce security C information access management D security management processing

FISMA requires the Department of Commerce to create information security standards and guidelines. To which of the following organizations did the Department of Commerce delegate this responsibility? A U.S. Government Accountability Office (GAO) B Institute of Electrical and Electronics Engineers (IEEE) C National Institute of Standards and Technology (NIST) D Office of Management and Budget (OMB)

Data destruction policies do not include which of the following? A consequences for improper destruction B how long the data should be retained C identification of data ready for destruction D proper destruction methods for different kinds of data or storage media

A judge or jury can consider only __________ evidence when deciding cases. A real B admissible C digital D current

Which of the following statements best fits the highest burden of proof? A "beyond a reasonable doubt" B "not arbitrary or capricious" C "preponderance of the evidence" D "clear and convincing evidence"

The American legal system is based in large part on ____________________ common law. A state B colonial C English D French

What kind of policy would contain a No Retaliation element? A intellectual property B authentication C acceptable use D anti-harassment

A _____________________ does not require the user to make an affirmative action to accept the terms of the contract. Agreement is assumed when the user visits the Web page or downloads a product. A clickwrap contract B shrinkwrap contract C remedy D browsewrap contract

Which of the following statements best captures the difference between civil law and criminal law? A Criminal law only requires paying fines, whereas in civil law the punishment is jail. B Criminal law requires a trial by jury, whereas civil law requires only a hearing. C In civil law, a defendant isn't sent to jail as a punishment. Instead, civil law imposes fines. D In civil law a defendant is not required to reimburse a plaintiff for damages, whereas this is a requirement in criminal law.

Which Gramm-Leach-Bliley Act rule requires federal bank regulatory agencies, the SEC, and the FTC to issue security standards for the institutions that they regulate? A Privacy Rule B Red Flags Rule C Pretexting Rule D Safeguards Rule

Which of the following items is not part of the in "SP 800-37, Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach" that NIST uses to create a risk management framework (RMF) approach to FISMA compliance? A select minimum security controls B categorize IT systems C monitor security controls only when necessary D implement security controls in IT systems

Which of the following lack(s) contractual capacity to enter into a contract: Each correct answer represents a complete solution. Choose all that apply. 1 people who are mentally incompetent 2 children under the age of 18 3 people who have a criminal record 4 undocumented U.S. citizens A 1,2 B 3,4

In a situation where phishing attackers attempt to steal personal information, which of the following federal acts can be used to prosecute such a crime? A Anti-Cybersquatting Consumer Protection Act B Identity Theft and Assumption Deterrence Act C Computer Fraud and Abuse Act D CAN-SPAM

Schools may make the following type of disclosure without obtaining parental or student consent: A disclosure of any information to any school official with a need to know B disclosure of grades or test scores C disclosure of school disciplinary records D disclosure to press for purposes of article promotion

In May 2007, the ___________________ required all federal agencies to create a breach notification plan. This instruction was issued in response to a large data breach at the Department of Veterans Affairs. A HIPAA B OMB C FISMA D GAO

At the federal level, what is the name of the main guidance regarding the submission of evidence at trial? A Federal Admissibility Rules B Federal Rules of Evidence C Daubert Rules D Rules of Evidence Admissibility

Which Act established the public's right to request information from federal agencies? A Privacy Act of 1974 B Mail Privacy Statute C Freedom of Information Act D Electronic Communications Privacy Act

Which of the following is an information security issue you should consider in a cloud computing contract? 1 What is the level of compliance with the Uniform Electronic Transactions Act? 2 How is data defined and used? 3 Which type of user creates data? A 2,3 B 1,2

PHI refers to: A public health information B private health insurance C public health insurance D protected health information

SOX ______________ requires CEOs and CFOs to certify a company's SEC reports. A Section 906 B Section 708 C Section 302 D Section 404

The Enron scandal and similar corporate scandals led to the creation of which of the following? A Public Company Accounting Oversight Board B Securities and Exchange Commission C Gramm-Leach-Bliley Act D Sarbanes-Oxley Act

Which of the following is not a risk management technique? A certification B mitigation C avoidance D acceptance

The purpose of the Gramm-Leach-Bliley Act __________________ is to fight identity theft. A Pretexting Rule B Safeguards Rule C Privacy Rule D Red Flags Rule

___________ includes reviewing transaction logs and uses real-time monitoring to find evidence. A Log analysis B Network analysis C Code analysis D Media analysis

Online Privacy Alliance (OPA) is an organization of companies dedicated to protecting online privacy. Members of OPA agree to create a privacy policy for a customer that is easy to read and understand. Which of the following provisions is not included in the policy? A types of data collected B how data is used C how collected data is secured D the option of choosing who sees the data

Unlike ______________, trade secrets aren't registered. A person or business doesn't have to meet any registration or procedural formalities for protection. A servicemarks B intellectual property C prior art D patents

Collection and use of a child's personal information, such as name, e-mail address, or social security number, by a Web site operate is governed by: A Children's Internet Protection Act (CIPA) B Health Insurance Portability and Accountability Act (HIPAA) C Children's Online Privacy Protection Act (COPPA) D Family Educational Rights and Privacy Act (FERPA)

A(n) ___________ is an invitation to enter into a relationship or transaction of some kind. A negotiation B capacity C acceptance D offer

Which of the following is not a common contingency plan? A incident response B information assurance C business continuity D disaster recovery

_____________ is an individual's right to control the use and disclosure of his or her own personal data. A Integrity B Privacy C Preference D Access

What is considered to be personal information by most states? 1 None of these 2 account numbers 3 Social Security numbers A 2,3 B 1,2

_________________________ involves tricking other people into breaking security procedures and sharing sensitive information. A E-mail spam B Shoulder surfing C Integrity D Social engineering

HIPAA's _____________________ provisions are designed to encourage "the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information." A Security Rule B Genetic Information Non-Discrimination Act C Administrative Simplification D Privacy Rule

The _______________________, also known as the Currency and Foreign Transactions Reporting Act, was created to fight drug trafficking, money laundering, and other crimes. A National Bank Act of 1864 B Bank Holding Company Act of 1956 C Bank Secrecy Act of 1970 D Gramm-Leach-Bliley Act

Each agency must report yearly to the OMB on its FISMA compliance activities. An agency also must send a copy of their yearly report to each of these agencies with the exception of: A House of Representatives Committee on Oversight and Government Reform B House of Representatives Committee on Science and Technology C Senate Committee on Foreign Relations D U.S. Government Accountability Office (GAO)

_______________________ criminal law defines the conduct that constitutes a crime and establishes penalties. A Substantive B Tort C Felony D First degree

Of the following information security assurance documents, which is the most flexible? A guideline B procedure C policy D standard

_________________ means guilty mind. A Mala prohibita B Mens rea C Actus reus D Mala in se

_____________________ is the area of law that protects a person's creative ideas, inventions, and innovations. A Civil law B Criminal law C Property interest law D Intellectual property law

Audits are ___________ performed by independent organizations. A never B occasionally C seldom D always

Which of the following was not one of the outcomes of the Enron scandal? A The SEC began to require that the accuracy of financial statements be certified in a number of different ways. B Investors started to significantly lose confidence in large public companies. C The SEC began to require more information to be reported on its financial statements. D Public companies are required to file one comprehensive financial disclosure statement with the SEC.

The separation of duties principle requires which of the following practices? A that two or more employees must split critical task functions so that no employee knows all of the steps of the critical task B ensuring that only one employee exclusively holds the knowledge about a critical function in an organization C that critical task functions are never revealed to employees because they are likely to use the information to harm the organization D the application of hardware and software vendor patches in a timely manner

Which of the following is not one of the events that that triggers a Form 8-K disclosure requirement? A getting a loan B acquiring an inheritance C selling off significant assets D filing for bankruptcy

Nevada's Security of Personal Information Law requires protection of personal information in a number of ways and applies to which of the following? A federal agencies B non-profit organizations C independent contractors D data collectors

Which of the following is true about COBRA and HIPAA? A COBRA was enacted to fight Medicare fraud. B HIPAA regulates discrimination based on health history while COBRA ensures health coverage continues. C They provide the same functions but are governed by different branches of the federal government. D COBRA and HIPAA are overseen directly by the executive branch.

Why is continuous monitoring an important activity in risk management? A It helps define the financial goals for long-term viability. B It enables an organization to update policies and controls that aren't effective. C It automatically responds to threats and vulnerabilities. D It helps define long-term business strategy.

Under the ____________________, federal agencies must 1) review their IT systems for privacy risks; 2) post privacy policies on their Web sites; 3) post machine-readable privacy policies on their Web sites; and 4) report privacy activities to the OMB. A Federal Information and Security Management Act (FISMA) B E-Government Act of 2002 C Privacy Act of 1974 D Computer Security Act (CSA)

Before ____________________, many workers experienced "job lock" and were afraid that they would lose health care benefits if they changed jobs. A COBRA B HIPAA C HITECH D the creation of the Department of Health and Human Services (HHS)

What type of standard states a minimum level of behavior or actions that must be met to comply with a policy? A minimal B safeguard C procedural D baseline

Which of the following may be exempt from state breach notification laws because they are already subject to other laws with specific data security requirements? 1 GLBA financial institutions 2 None of these 3 entities covered by HIPAA A 1,3 B 1,2

In which of the following circumstances would a library need to disable a TPM? A at the request of any school official B at the request of a child with a document of written consent from his/her parent C at the request of an adult to view content for research or other lawful purpose D at the request of anyone over the age of 17

A merchant of an e-commerce Web site wants to accept credit cards as a form of payment. Which of the following must the merchant follow to ensure the safety of those payments? A FISMA B SOX C GLBA D PCI DSS

Which of the following is not one of the responsibilities of information security managers? A make sure that security is used to support business goals B create information security standards, guidelines, and procedure C participate in risk assessments D manage the security infrastructure

A ____________________ is owned by many investors in the form of stock. A closed corporation B sole proprietorship C privately held company D public company

All of the following statements are true except: A To be admissible, evidence must be collected in a lawful manner. B Admissible evidence is good evidence. Inadmissible evidence is bad evidence. C Forensic examiners must use established practices and procedures when collecting evidence. D All evidence is admissible regardless of collection method as long as it is reproducible in a tangible form.

The term ______________ refers to large and complex data collections. A Big Data B ISP C blog D search engine

Because their employer is the government, public employees receive ___________ protections. A extra B few C special D no

The ________________________ ensures minors can't accidentally view obscene or objectionable material from school or library computers. A Children's Online Privacy Protection Act (COPPA) B Health Insurance Portability and Accountability Act (HIPAA) C Family Educational Rights and Privacy Act (FERPA) D Children's Internet Protection Act (CIPA)

There are ______regional Federal Reserve Banks, which serve different geographic districts. A 22 B 20 C 16 D 12

Which of the following roles is not included in the domain of a creditor? A gives information to consumer reporting agencies in connection with a credit transaction B loans a person money C collects payment in arrears D receives or uses consumer reports in connection with a credit transaction

What is the ISO/IEC 27002? A a reference guide for standardized computing practices for large organizations B a reference guide to help organizations identify threats C a reference guide of common vulnerabilities in large organizations by type D a reference guide to help organizations choose safeguards

Which of the follow is not a method that web site operators can use to distinguish children from adults? A requiring parental consent B requiring a name and address C requiring payment D using parental controls

Members of the risk assessment team should include: A representatives from business, IT, human resources, executive management, and information security managers B information security managers and financial planners C information security managers only D information security managers, financial planners, and representatives from business lines

Which of the following is not typically included in an incident response plan? A recovery B containment or mitigation C investigation D policy creation

What is the purpose of Executive Order 13526? A It grants the NSA the right to wiretap suspected terrorists. B It describes rules for using and a system of for classifying national security information. C It defines any sharing of national security information as treason. D It demands extradition for Edward Snowden.

A legal owner of property has the right to use that property in any way they want to, and the power to give those rights to another. This is called _____________. A property interest B intellectual property C copyright D trade secret

The role of the U.S. Cabinet is to: A advise the president B advise Congress C advise the Supreme Court D advise the Senate

FERPA applies to any education agencies or institutions that receive funding from the U.S. Department of Education (ED). Which of the following in not an educational agency or institution? A primary and secondary schools B vocational colleges C non-profit organizations that offer educational programs D community colleges

A criminal defendant's right to a trial by jury is guaranteed by Article _________ of the U.S. Constitution. A II B I C IV D III

Intentional torts most often occur when the defendant intended to commit the tort. Most torts involving ____________________ are intentional torts. A people in learned occupations like doctors and lawyers B a professional duty to provide competent service C computers and cyberspace D people keeping wild animals as pets

Which law requires each federal agency to develop an information security program? A HIPAA B GLBA C FISMA D FERPA

Which of the following is designed to help an organization continue to operate during and after a disruption? A risk mitigation plan B disaster recovery plan C business continuity plan D incident response plan

Which of the following must be protected per PCI DSS requirements? A an e-commerce Web server B a print server for internal company use only C a backup file server for a software testing department

FISMA requires federal agencies to secure national security systems using a risk-based approach, but this does not apply to ____________ information. A classified B personally identifiable C intellectual property D sensitive

Which of the following would not appear in an IT acceptable use policy (AUP)? A e-mail B file sharing C data retention D non-business Internet use

Stocks and bonds are called ____________. A securities B profits C assets D dividends

All of the following are true with respect to cryptography except: A were used by the military to protect confidential communications B only used today by health care providers to protect health care data C preserves confidentiality D hides information so unauthorized persons can't access it

The _________________ requires all federal agencies to create a breach notification plan. A Department of Homeland Security (DHS) B Office of Management and Budget (OMB) C Computer Security Act (CSA) D Federal Information and Security Management Act (FISMA)

After the ChoicePoint breach, 46 states, including the District of Columbia, have created breach notification laws. Although, most states used the California law as a model, there are some differences. Which of the following is not one of the differences? A maximum requirements for encryption B entities covered by the law C the time for notifying residents D requirements that a notification contains certain types of information

The doctrine of precedent is one of the most important traditions in the American legal system. Which of the following statements accurately summarizes how the Plessy v. Ferguson (1896) and Brown v. Board of Education (1954) cases dramatically illustrated how precedent can change and how changing precedent can have a significant impact on society? A The Brown case was a consolidation of five different cases from four different states that all addressed the same issue: racial segregation in public schools. In Brown, the plaintiffs argued that "separate but equal" practices were inherently unfair. B The Brown decision was remarkable because the Court departed from the precedent set in Plessy. In fact, the Court specifically rejected the reasoning that it had used to support its decision in Plessy. Brown established new legal precedent that separate but equal laws are unconstitutional. C In Plessy v. Ferguson, the U.S. Supreme Court legalized racial segregation practices. These practices also were known as "separate but equal" practices. Brown v. Board of Education upheld the precedent until the President issued an executive order to make racial segregation unconstitutional. D In Brown v. Board of Education the plaintiff argued that these separate but equal practices violated the Fourteenth Amendment of the U.S. Constitution. The Fourteenth Amendment requires that all citizens be provided equal protection under law.

_________________ are the processes and procedures that a company uses to provide reasonable assurance that its financial reports are reliable. A Risk assessment B Disclosure controls C Internal controls D External

Which of the following is a type of damage that is awarded when no financial loss is suffered as a result of the breach? A consequential B liquidated C nominal D compensatory

Which of the following is not a reason an examiner might reject a trademark? A The proposed trademark is descriptive of the applicant's goods or services, and there's no secondary meaning. B The proposed trademark is a generic name for goods or services. C The proposed trademark contains immoral, deceptive, or scandalous matter. D The proposed trademark may disparage or falsely suggest a connection with persons who have been dead less than 100 years.

__________ means that an inventor can hold an infringer liable for violating a patent even if the infringer acted unwittingly. A Strict liability B Patent infringement C Patent prosecution D Property interest

When performing computer forensics, what is a potential source of digital evidence? A headphones B door handle C cell phone D faxed documents

Which of the following is not one of the guidelines in the DoD's policy on social media? A The DoD is permitted to advertise the services that it provides to the country. B DoD components are permitted to maintain official DoD communications on social media sites. C DoD employees are permitted to use its non-classified Internet system to access social media sites such as Facebook and Twitter. D DoD employees are not permitted to use social media from their personal devices for personal purposes.

You are analyzing a risk and have determined that the SLE is $1,200 and the ARO is 3. What is the ALE? A $400 B $3,000 C $12,000 D $3,600

Which statement about privacy is NOT true? A Privacy means that a person can specify the collection, use, and sharing of their data. B Most traditional views on privacy include the belief that the government's power to interfere in the privacy of its citizens is limited. C Privacy is a simple term that describes a number of different but related concepts. D Privacy means that a person has control over their personal data.

The power of a court to decide certain types of cases is ______________________ jurisdiction. A federal B supreme C subject matter D personal

___________________ allows employees and their families to continue health coverage when they lose or change a job. A HIPAA B COBRA C Department of Health and Human Services (HHS) D HITECH

Which of the follow does not count as personal information, as designated by California's Database Security Breach Notification Act? A student ID B medical information C driver's license number or California Identification Card number D Social Security number

______________ planning is short- to medium-term planning that allows an organization to be responsive to market conditions. A Tactical B Strategic C Security D Operational

What is a forensic duplicate image? A a backup copy of the original data B a system image C a bit-by-bit copy of the original storage media D a backup copy of digital evidence made in a forensic lab

Which of the following correctly summarizes an employer's right to monitor telephone conversations? A Telephone conversation monitoring in the ordinary course of business is only allowed with a court order. B An employer has right to monitor telephone conversations, but only on equipment that is not provided by a communications service provider. C An employer has right to monitor telephone conversations, but only on equipment that is not provided by a communications service provider. D An employer has right to monitor telephone conversations in the ordinary course of business without a court order.

In which of the following types of communication is phishing least likely to occur? A instant messages B chat rooms C phone calls D e-mail

All of the following are types of information included on a Form 10-K except: A financial statements B explanation of how the company is organized and operates C auditor's report D lists of employees and subcontractors

Which of the following is not included the Electronic Communications Privacy Act? A Driver's Privacy Protection Act B The Pen Register Act C The Stored Communications Act D The Wiretap Act

A trademark has two criteria: 1) it must be used in interstate commerce and 2) _____________________. A it must be novel B it must be distinctive C it must be useful D it must be innovative

Which of the following questions does not apply to an audit? A What are the rules? B Are the rules being followed? C How are the rules being followed? D Are employees meeting their responsibilities?

Which of the following is true regarding Locard's exchange principle? A Computer forensic specialists need to have the same skills as a traditional information security professional. B People leave trace evidence in the physical world but not the digital world. C People leave trace evidence whenever they interact with other people and with their surroundings. D Computer forensic specialists do not need to understand the laws of evidence and legal procedure, only good evidence collection processes.

_______________ patents protect the visual appearance of a product. A Utility B Plant C Design D Artistic

Which of the following parties is not among those who would share an individual's health information? A government agencies like Medicaid or Medicare B insurance companies C potential employers D treatment providers

Which of the following is a true statement about the Court of Appeals? 1 It's a court of appellate jurisdiction. 2 It does not review the facts of a case or additional evidence. 3 None of these A 1,2 B 2,3

All of the following are characteristics of HIPAA except: A protects the privacy and security of personally identifiable health information B requires that employers offer health coverage C used to fight health insurance fraud and eliminate waste D simplifies how health insurance is administered

Based on the descriptions given, what film does NOT exemplify the concept of social engineering? A Office Space: Three friends and disgruntled coworkers at a tech company discover that the company's accounting system has a computer glitch that calculates certain financial information to six decimal points, but only records the first two decimal points in the accounting files and then regularly discards the remaining fractions of pennies. When the trio learns their jobs are in jeopardy, they create a computer program that diverts the discarded fractions of pennies into a bank account they share. They believe that the company will continue to pay them in installments small enough that the company will never notice but that will lead to a very large amount of money over time. B The Sting: Two grifters create an elaborate plan to rob a mob boss of a substantial amount of money. The grifters' plan relies on understanding the personalities and gaining the trust of the mob boss and the people who surround him. C Paper Moon: A con man meets a recently orphaned nine-year-old girl and he agrees to take her to live with her aunt, who lives very far away. On their way to her aunt's house, the girl sees that the con man routinely visits recently widowed women pretending to be a bible salesman coming to collect money that the deceased husband owes for the fancy, personalized bibles they allegedly purchased before dying. The widows are usually grief stricken, and they agree to pay him after he earns their trust. On their journey, the girl joins the con and pretends to be his daughter, and they become a formidable duo. D Ocean's Eleven: A team of 11 men of with various areas of expertise work together to rob $150,000,000 from a Casino. In order for the plan to work, the men must gain access to sensitive security information about vaults, security cameras, and safeguards by gaining the trust of various people who work in the casino.

To prove a crime has been committed, a government must prove which of the following? A mens rea, actus reus, causation B mens rea, actus reus, mala prohibita C mens rea, actus reus, mala in se D mens rea, mala in se, mala prohibita

The U.S. Securities and Exchange Commission reviews a public company's Form 10-K at least once every ____________ years. A two B four C three D five

What is a small string of text that a Web site stores on a user's computer? A malware B spyware C adware D cookie

Which of the following is not an exception to the Fourth Amendment's search warrant requirement? A plain view doctrine B interference C exigent circumstances D consent

With respect to protected health information, HIPAA: A forbids the creation of any state laws protecting health information B prohibits state laws that are contrary to HIPAA C is automatically the controlling law in the event of a conflict with a state law D requires state laws to mirror HIPAA rules

Which of the following is not a condition of "obscenity" as defined by the U.S. Supreme Court? A depicts or describes sexual conduct in a patently offensive way B lacks serious literary, artistic, political, or scientific value C depicts any type of sexual conduct D appeals predominantly to prurient interests

______________________ law deals with crimes but ______________ law governs disputes between individuals. A Criminal, contract B Criminal, tort C Tort, criminal D Criminal, common

_____________________ are tools that filter offensive content. A Proxy servers B Spam blockers C Network databases D Technology protection measures (TPM)

Which of the following is included in a law's legislative history? A any materials generated in the course of creating legislation; this includes committee reports, hearings, and transcripts of debate and reports issued by legislatures B any materials generated in the course of creating legislation that were specifically written in the final draft of law C selected committee reports, hearings, and transcripts of debate and reports issued by legislatures D any materials generated in the course of creating legislation excluding committee reports, hearings, and transcripts of debate and reports issued by legislatures

The District of Columbia and 45 states have enacted breach notification laws, which require an organization to notify state residents if it experiences a security breach that involves the personal information of the residents. Which group of four states does not have a breach notification law? A Alabama, Kentucky, New Mexico, and South Dakota B Alabama, Kentucky, New Mexico, and Wisconsin C Alabama, Arizona, New Mexico, and South Dakota D Alabama, Kentucky, West Virginia, and South Dakota

___________________ are money awards that compensate the non-breaching party for the foreseeable damages that arise from circumstances outside of the contract and can't be mitigated. A Nominal damages B Compensatory damages C Consequential damages D Liquidated damages

The U.S. Cabinet consists of: A the vice president and the nine Supreme Court justices B the Speaker of the House, the vice president, and the president C the vice president and the heads of the 15 executive departments D the nine Supreme Court justices and the heads of the 15 executive departments

The main goal of ______________ is to protect shareholders and investors from financial fraud. A Public Company Accounting Oversight Board B Sarbanes-Oxley Act (SOX) C Gramm-Leach-Bliley Act D Securities and Exchange Commission

Which doctrine prevents the government from using illegally gathered evidence at a criminal trial? A Locard's Exchange B Fruit of the Poisonous Tree C Doctrine of Precedent D Daubert

In January 2007, TJX disclosed that hackers had breached its credit card systems. The company reported that the attackers might have accessed credit card data going back to 2002. It reported that 45.7 million credit and debit card numbers might have been disclosed. At the time, the breach was believed to be the largest ever. Banks and customers sued TJX in connection with the breach. State governments also sued the company for failing to protect the credit card information of state residents. Given the nature of this breach, which federal agency opened an investigation? A the Federal Deposit Insurance Corporation B the Consumer Financial Protection Bureau C the Federal Trade Commission D the Federal Reserve System

______________________ includes identification of the threats and vulnerabilities to the organization's IT resources and determining the impact of those threats and vulnerabilities. A Risk assessment B Risk response C Operational planning D Security planning

Under SEC rules, internal controls over financial reporting (ICFR) are processes that provide reasonable assurance that financial reports are reliable. Which of the following is not assured by ICFR? A Unauthorized acquisition or use of data or assets that could affect financial statements will be prevented or detected in a timely manner. B IT controls that contain financial data are maintained. C Financial reports, records, and data are accurately maintained. D Transactions are prepared according to GAAP rules and are properly recorded.

The HIPAA ______________________ states how covered entities must protect the confidentiality, integrity, and availability of electronic personal health information. A Security Rule B Red Flag Rule C Administrative Simplification Rule D Privacy Rule

_____________________ refers to the purchase of application services over the Internet. A Cloud computing B Software as a Service (SaaS) C Social media D Specific performance

What is PIA? A Personal Impact Amendment B Personal Information Act C Private Information Act D Privacy Impact Assessment

The __________________ was created after a security breach at a state-operated data facility. A New York Database Security Breach Notification Act B Texas Database Security Breach Notification Act C Utah Database Security Breach Notification Act D California Database Security Breach Notification Act

A _____________ is a method of controlled entry into a facility and provides access to secure areas such as a research lab or data center. A key-card B mantrap C video surveillance system D technical safeguard

COBRA benefits generally last a maximum of: A 6 months B 1 year C 2 years D 18 months

Any organization's risk management plan includes: A risk assessment, ISO compliance, tactical planning, and continuous monitoring B risk assessment, risk response, ISO compliance, FISMA compliance C risk assessment, risk response, tactical planning, FISMA compliance D risk assessment, risk response, training employees, and continuous monitoring

A board of directors uses _____________ to set forth its information security plans. A policies B financial statements C standards D goals

The mission of the _____________________ is to protect consumers and to make sure that business is competitive by eliminating practices harmful to business. A National Credit Union Administration (NCUA) B Federal Financial Institutions Examination Council (FFIEC) C Federal Trade Commission (FTC) D Office of Thrift Supervision

All of the following are examples of consumer financial information except: A address and telephone numbers B employment history C biometric data D social security numbers

Which of the following conditions is not taken under consideration by Congress when determining if an area is ripe for federal legislation? A how many states have created laws addressing the specific topic B what the greatest economic advantage will be to the national market as it relates to the area under consideration C whether there's state confusion or complexity that might affect relationships between the states D whether differing state laws affect activities that it traditionally regulates

Which of following is not one of the steps in the data life cycle? A data storage B data use C data collection D data accounting

Data __________________ policies state how data is controlled throughout its life cycle. A use B detention C privacy D retention

The purpose of the ___________________ is to remove barriers to electronic commerce by validating electronic contracts. A Electronic Signatures Act (ESA) B Uniform Electronic Transactions Act (UETA) C Electronic Communications Act (ECA) D Uniform Commercial Code (UCC)

COPPA requires Web site operators collecting information from children to: A review all parental permissions annually B obtain parental consent C obtain a signed acceptable use policy from children D obtain a signed acceptable use policy from at least one parent

Courts are struggling with the privacy implications of GPS tracking. In 2009, New York's highest court held that police officers must have a ______________ in order to place a GPS tracking device on a suspect's car. A RFID tag B tort C warrant D injunction

In 2002, Washington State created a data disposal law that requires an entity to take reasonable steps to destroy records that contain health and financial data when it determines that it no longer needs those records. Which of the following entities is specifically excluded from following this law? A businesses B select persons in the state who petition for exclusion C the federal government D non-profit organizations

______________ patents are used for inventions and discoveries related to machines, manufactured products, processes, and compositions of matter. A Utility B Design C Plant D Composition

The three branches of the federal government are: A congressional, senatorial, and executive B executive, legislative, and judicial C executive, legislative, and oversight D executive, legislative, and congressional

The ______________________ was created by Congress to protect data collected by the government. A Computer Security Act (CSA) B Privacy Act of 1974 C E-Government Act of 2002 D Federal Information and Security Management Act (FISMA)

Which of the following is not a primary analysis area of computer forensics? A media analysis B code analysis C network analysis D log analysis

Which of the following is a type of tort? A rescission B loose liability C tortfeasor D strict liability

Item, price, quantity, and when the item is available for delivery are all examples of _____________ terms. A remedial B material C foundation D consequential

___________________________ must be in place for securing networks, facilities, and systems or groups of IT systems. They are intended for technologies or system components that are a part of the larger information security program. A Testing and evaluation B Policies and procedures C Subordinate plans D Security awareness training

What was the first federal law to address federal computer security? A Sarbanes-Oxley Act (SOX) B Computer Security Act (CSA) C Federal Information Security Management Act (FISMA) D The E-Privacy Act

Which of the following are characteristics of procedures? A support high-level policies, set minimum standards of behavior B broad scope, address whole organization, very rarely change C very rarely change, set forth general expectations D step-by-step checklists, explain how to meet security goals, flexible and change as technology changes