CSCI 3200 Final
In a UNIX operating system, which run level reboots the machine? - 0 - 1 - 3 - 6
6
What is the Gramm-Leach-Bliley Act? - Implements the principle that a signature, contract, or other record may not be deleted - Denies legal effect, validity, or enforceability solely because it is electronic form - Addresses a myriad of legal privacy issues that were resulting from the increasing use of computers and other technology specific to telecommunications - Makes it a violation of federal law to knowingly use another's identity - A major piece of legislation affecting the financial industry and containing significant privacy provisions for individuals
A major piece of legislation affecting the financial industry and containing significant privacy provisions for individuals
The Electronic Communications Privacy Act (ECPA) of 1986 - Implements the principle that a signature, contract, or other record may not be - Denies legal effect, validity, or enforceability solely because it is electronic form - Addresses a myriad of legal privacy issues that were resulting from the increasing use of computers and other technology specific to telecommunications - Makes it a violation of federal law to knowingly use another's identity - A major piece of legislation affecting the financial industry and containing significant privacy provisions for individuals
Addresses a myriad of legal privacy issues that were resulting from the increasing use of computers and other technology specific to telecommunications
What are laws and regulations created by government-sponsored agencies such as the EPA, the FAA, and the FCC? - Statutory laws - Administrative laws - Common laws - Blue laws
Administrative laws
An initial baseline should be performed when? - After every update to a system - Before patches are installed on a system - After administrators have finished patching, securing, and preparing a system - Every 90-120 days, as determined by local policy
After administrators have finished patching, securing, and preparing a system
The Wassenaar Arrangement can be described as which of the following? - An international arrangement on export controls for conventional arms as well as dual-use goods and technologies - An international arrangement on import controls - A rule governing import of encryption in the United States - A rule governing export of encryption in the United States
An international arrangement on export controls for conventional arms as well as dual-use goods and technologies
What is a software bomb? - A firework that destroys all the disks and CDs in your library - Any commands executed on the computer that have an adverse effect on the data being investigated - Screensavers that show fireworks going off - Software trying to access a computer
Any commands executed on the computer that have an adverse effect on the data being investigated
What is the process of establishing a system's security state called? - Hardening - Baselining - Securing - Controlling
Baselining
The law that regulates unsolicited commercial e-mail is the - Computer Fraud and Abuse Act - Stored Communications Act - CAN-SPAM Act - Sarbanes-Oxley Act
CAN-SPAM Act
Which law prohibits the collection of information from children on web sites? - VPPA - FERPA - COPPA - CFAA
COPPA
Which of the following countries has a long reputation of poor privacy practices? - England - Japan - China - United States
China
What do you call a law based on previous events or precedents? - Statutory law - Administrative law - Common law - Blue law
Common law
Which law makes it a crime to knowingly access a computer that is either considered a government computer or used in interstate commerce, or to use a computer in a crime that is interstate in nature? - Computer Fraud and Abuse Act - Stored Communications Act - CAN-SPAM Act - Sarbanes-Oxley Act
Computer Fraud and Abuse Act
_____________ is the unauthorized entry into a computer system via any means. - Computer trespass - Computer entry - Computer hacking - Cyber crime
Computer trespass
The EU has developed a comprehensive concept of privacy, which is administered via a set of statutes known as what? - Privacy protection - Data protection - PII protection - ID theft protection
Data protection
What type of evidence is used to aid a jury and may be in the form of a model, experiment, chart, and so on, to indicate that an event occurred? - Direct evidence - Real evidence - Documentary evidence - Demonstrative evidence
Demonstrative evidence
Run levels are used to - Determine which users are allowed on a Windows machine - Describe the state of initialization and what system services are operating in a Linux system - Determine the level of user in Linux systems - Are a Windows construct to manage which services are allowed to autostart
Describe the state of initialization and what system services are operating in a Linux system
Which law makes it illegal to develop, produce, and trade any device or mechanism designed to circumvent technological controls used in copy protection? - Sarbanes-Oxley Act - Digital Millennium Copyright Act - US Digital Signatures Law - Computer Fraud and Abuse Act
Digital Millennium Copyright Act
Oral testimony that proves a specific fact with no inferences or presumptions is what type of evidence? - Hearsay - Real evidence - Direct evidence - Demonstrative evidence
Direct evidence
Business records, printouts, and manuals are what type of evidence? - Direct evidence - Real evidence - Documentary evidence - Demonstrative evidence
Documentary evidence
Which of the following rules applies to evidence obtained in violation of the Fourth Amendment of the Constitution? - Best evidence rule - Exclusionary rule - Hearsay rule - Evidentiary rule
Exclusionary rule
A principal reference for rules governing the export of encryption can be found in the - Bureau of Industry and Security - U.S. Department of Commerce - Export Administration Regulations - State Department
Export Administration Regulations
Which of the following is a characteristic of the Patriot Act? - Extends the tap-and-trace provisions of existing wiretap statutes to the Internet, and mandates certain technological modifications at ISPs to facilitate electronic wiretaps on the Internet - A major piece of legislation affecting the financial industry, and also one with significant privacy provisions for individuals - Makes it a violation of federal law to knowingly use another's identity - Implements the principle that a signature, contract, or other record may not be deleted - Denies legal effect, validity, or enforceability solely because it is electronic form
Extends the tap-and-trace provisions of existing wiretap statutes to the Internet, and mandates certain technological modifications at ISPs to facilitate electronic wiretaps on the Internet
Which law mandates that information that is no longer needed must be properly disposed of, either by burning, pulverizing, or shredding? - FCRA - PCI DSS - FACTA - GBLA
FACTA
Which act requires credit agencies to perform timely investigations on inaccuracies reported by consumers? - FCRA - PCI DSS - FACTA - GBLA
FCRA
A school principle allows for student information to be accessed by a marketing company in exchange for goods and services for the school. The principle may have violated which law? - Privacy Act of 1974 - FOIA - FERPA - FACTA
FERPA
Which law was designed to enable public access to US government records? - Privacy Act of 1974 - FOIA - FERPA - FACTA
FOIA
Adding more services and applications to a system helps to harden it. True or False
False
FCRA is designed to protect educational records of students at the K-12 level. True or False
False
FERPA was designed to enable public access to US government records. True or False
False
Falsifying header information is not covered by the CAN-SPAM Act. True or False
False
In 2002, Microsoft increased the number of services that were installed and running due to public demand. True or False
False
In order to identify a specific individual, the entire set of PII must be disclosed. True or False
False
Mac OS X FileVault encrypts files with 3DES encryption. True or False
False
Only one person is needed to collect and document evidence obtained in performing forensics on a computer system. True or False
False
Privacy laws as they relate to education are very recent phenomena. True or False
False
Privacy laws in Europe are built around the concept that privacy is not a fundamental human right. True or False
False
Securing access to files and directories in Solaris is vastly different from most UNIX variants. True or False
False
Service pack is the term given to a small software update designed to address a specific problem, such as a buffer overflow in an application that exposes the system to attacks. True or False
False
The governments in Europe and the United States have taken the same approach to controlling privacy through legislation. True or False
False
The low risk of being caught is one of the reasons that criminals are turning to computer crime. True or False
False
The recycle bin contains all the deleted files on a computer. True or False
False
When analyzing computer storage components, the original system should be analyzed. True or False
False
When performing forensics on a computer system you should use the utilities provided by that system. True or False
False
Windows Defender is new, personal firewall software included in Vista. True or False
False
Clusters that are marked by the operating system as usable is referred to as which of the following? - Free space - Slack space - Open space - Unused space
Free space
A patient's medical records are shared with a third party who is not a medical professional and without the patient's approval. Which law may have been violated? - FERPA - FOIA - HIPAA - The Medical Records Security and Safety Act
HIPAA
Which of the following has the least volatile data? - CPU storage - RAM - Hard drive - Kernel tables
Hard drive
Evidence offered by a witness that is not based on the personal knowledge of the witness, but is being offered to prove the truth of the matter asserted, fall under which rule of evidence? - Best evidence rule - Exclusionary rule - Hearsay rule - Relevant evidence rule
Hearsay rule
The electronic signatures in the Global and National Commerce Act - Implement the principle that a signature, contract, or other record may not be denied legal effect, validity, or enforceability solely because it is electronic form - Address a myriad of legal privacy issues resulting from the increased use of computers and other technology specific to telecommunications - Make it a violation of federal law to knowingly use another's identity - Are a major piece of legislation affecting the financial industry, and contains significant privacy provisions for individuals
Implement the principle that a signature, contract, or other record may not be denied legal effect, validity, or enforceability solely because it is electronic form
Which of the following is true of BitLocker, in Windows Vista? - It's where malicious code is stored when it's discovered. - It's a form of data storage for network traffic. - It allows encryption of all data on a server. - It monitors Internet Explorer traffic.
It allows encryption of all data on a server.
In Mac OS X, what does library randomization do? - It defeats buffer overflows. - It is used for encryption. - It restricts network access. - It increases the ease of code writing.
It defeats buffer overflows.
What is a message digest? - It is a hash function that can be used to compare two files to see if they are identical. - A condensed version of the messages that the computer receives. - Messages that the computer sends to other computers - Availability protocol that establishes links to other computers.
It is a hash function that can be used to compare two files to see if they are identical.
Which of the following is the command to stop a service in UNIX? - Stop - Kill - End - Finish
Kill
Which of the following is NOT a general step in securing a networking device? - Choosing good passwords - Password-protecting the console - Maintaining SNMP community strings - Turning off unnecessary services
Maintaining SNMP community strings
Which of the following is NOT a UNIX file permission? - Read - Write - Modify - Execute
Modify
On a UNIX system, if a file has the permission r-x rw- ---, what permission does the world have? - Read and execute - Read and write - Read, write, execute - No permissions
No permissions
Which of the following is a standard that provides guidance on the elements of a credit card transaction that needs protection and the level of expected protection? - FCRA - PCI DSS - FACTA - GBLA
PCI DSS
Which of the following is one of those critical activities that is often neglected as part of a good security baseline? - Password selection - Hardening the OS - Securing the firewall - Hardening applications
Password selection
A _________ is a more formal, large software update that may address several or many software problems. - Script - Log - Hotfix - Patch
Patch
When taking photographs for use as evidence, what type should be taken? - Digital camera pictures - Film with a high speed shutter - Film with a low speed shutter - Polaroid
Polaroid
A privacy-enhancing technology called cookie cutter does which of the following? - Makes copies of your information for safe keeping - Makes sure when you connect to sites you use the same appropriate information - Prevents the transfer of cookies between browsers and web servers. - Is used by server to prevent the use of unnecessary cookies
Prevents the transfer of cookies between browsers and web servers.
A structured approach to determining the gap between desired privacy performance and actual privacy performance is called - Personal impact assessment - Privacy information assessment - Personal privacy assessment - Privacy impact assessment
Privacy impact assessment
Which of the following is true about the Family Education Records and Privacy Act of 1974? - Extends the tap-and-trace provisions of existing wiretap statutes to the Internet, and mandated certain technological modifications at ISPs to facilitate electronic wiretaps on the Internet - Protects student records from being accessed by anyone other than the student or student's family - Makes it a violation of federal law to knowingly use another's identity - Implements the principle that a signature, contract, or other record may not be - Denies legal effect, validity, or enforceability solely because it is electronic form
Protects student records from being accessed by anyone other than the student or student's family
On a UNIX system, if a file has the permission rwx r-- ---, what permission does the group have? - Execute, read, write - Read - Read, write, execute - No permissions
Read
Tangible objects that prove or disprove fact are what type of evidence? - Direct evidence - Real evidence - Documentary evidence - Demonstrative evidence
Real evidence
Evidence that is material to the case or has bearing on the matter at hand is what standard of evidence? - Sufficient evidence - Competent evidence - Relevant evidence - Real evidence
Relevant evidence
What is the mechanism for self-regulation that can be enforced through trade practice law via the FTC called? - PII protection - Safe sailing - Safe Harbor - Harbor protection
Safe Harbor
What is the law that overhauled the financial accounting standards for publicly traded firms in the United States? - Computer Fraud and Abuse Act - Stored Communications Act - CAN-SPAM Act - Sarbanes-Oxley Act
Sarbanes-Oxley Act
Selecting a good password for each user account is critical to protecting information systems. How should you select a good password? - Use letters in your first name and letters in your last name. - Select a password that is still relatively easy to remember, but still difficult to "guess." - Unfortunately, there is way to keep a password safe, so it really doesn't matter what you use. - Create a password that would be hard to remember, and then write it down so you won't forget it.
Select a password that is still relatively easy to remember, but still difficult to "guess."
What is the space in a cluster that is not occupied by a file called? - Free space - Slack space - Open space - Unused space
Slack space
What is a law passed by a legislative branch of government called? - Statutory law - Administrative law - Common law - Blue law
Statutory law
Evidence that is convincing or measures up without question is what standard of evidence? - Sufficient evidence - Competent evidence - Relevant evidence - Real evidence
Sufficient evidence
What is the Convention on Cybercrime? - A convention of black hats who trade hacking secrets Correct Answer - The first international treaty on crimes committed via the Internet and other computer networks - A convention of white hats who trade hacker prevention knowledge - A treaty regulating international conventions
The first international treaty on crimes committed via the Internet and other computer networks
What is the first step in addressing issues with passwords? - The first step in addressing password issues is to create an effective and manageable password policy that both system administrators and users can work with. - The first step in addressing password issues is to find a systematic, alpha-numeric combination and then assign passwords, so that both system administrators and users can tell which department is using what system. - The first step in addressing password issues is to see how many passwords are required. - The first step in addressing password issues is to see how many accounts can use the same password.
The first step in addressing password issues is to create an effective and manageable password policy that both system administrators and users can work with.
Which of the following is true of the registry permissions area settings in security templates? - They control who should be allowed to join or be part of certain groups. - They are for services that run on the system. - They control who can access the registry and how it can be accessed. - They are settings that apply to files and folders, such as permission inheritance.
They control who can access the registry and how it can be accessed.
In the United States the primary path to privacy is _______. In Europe the primary path to privacy is _________. - opt-in; opt-in - opt-in; opt-out - opt-out; opt-out - opt-out; opt-in
opt-out; opt-in
Which UNIX command can be used to show the patches that are installed for a specific software package? - pkglist - pkgparam - pkgqury - pkgdump
pkgparam
The term forensics relates to the application of ____________ knowledge to ___________ problems. - legal; computer - complete; software - scientific; legal - familiar; unfamilia
scientific; legal
Most modern UNIX versions store the passwords associated with a user account in a - BitLocker - shadow file - passwd file - Registry
shadow file
Linux and other operating systems use the _______ command to change the read-write-execute properties of a file or directory. - tracert - ifconfig - chmod - chkconfig
chmod
Which UNIX command would you use to change permissions associated with a file or directory? - chmod - chown - chgrp - chng
chmod
A video rental store shares its customer database with a private investigator. The rental store may have violated which law? - COPPA - VPPA - FERPA - CFAA
VPPA
Carnivore is an eavesdropping program for the Internet. True or False
True
Computer trespass is treated as a crime in many countries. True or False
True
FACTA mandates that information that is no longer needed must be properly disposed of. True or False
True
Generally speaking, you should back up the computer using DOS instead of Windows. True or False
True
Hardening applications is similar to hardening operating systems, in that you remove functions that are not needed, restrict access where you can, and make sure the application is up to date with patches. True or False
True
Hotfixes are usually smaller than patches, and patches are usually smaller than service packs. True or False
True
In the United States, the primary path to privacy is via opt-out, whereas in Europe and other countries, it is via opt-in. True or False
True
Permissions under Linux are the same as for other UNIX-based operating systems. True or False
True
The CAN-SPAM Act allows unsolicited e-mail as long as there is an unsubscribe link; the content must not be deceptive and not harvest emails. True or False
True
The DMCA protects the rights of recording artists and the music industry. True or False
True
The Patriot Act permits the Justice Department to proceed with its rollout of the Carnivore program, an eavesdropping program for the Internet. True or False
True
The development of a privacy policy is an essential foundational element of a company's privacy stance. True or False
True
The sale of some types of encryption overseas is illegal. True or False
True
The three things that should govern how good citizenry collects PII are notice, choice, and consent. True or False
True
Two laws that provide wide-sweeping tools for law enforcement to convict people who hack into computers—or use them to steal information—are the ECPA and the CFAA. True or False
True
VPAA is considered to be the strongest US privacy law by many privacy advocates. True or False
True
When hardening Mac OS X, the same guidelines for all UNIX systems apply. True or False
True
