CYBER LAW, ALL QUIZZES 1-5 +Q1 AND 2
What situation would be an example of an exploit?
An art thief sneaks into a museum and steals a famous painting and then sneaks out of the museum without being caught by security because the thief identified and traveled through the museum via blind spots of the museum's security cameras. After the incident, the museum increases the number of security guards and cameras guarding the museum at all times.
Which of the following correctly summarizes an employer's right to monitor telephone conversations?
An employer has right to monitor telephone conversations in the ordinary course of business without a court order.
The term ______________ refers to large and complex data collections
Big Data
The ________________________ ensures minors can't accidentally view obscene or objectionable material from school or library computers.
Children's Internet Protection Act (CIPA)
Collection and use of a child's personal information, such as name, e-mail address, or social security number, by a Web site operate is governed by:
Children's Online Privacy Protection Act (COPPA)
The ________________________ protects the personal information of children online.
Children's Online Privacy Protection Act (COPPA)
means that only people with the right permission can access and use information.
Confidentiality
A customer is any individual who obtains a financial product or service from a financial institution, whereas a consumer is an individual who has a continuing relationship with a financial institution.
False
A security breach is the term used to describe when a person's personally identifiable information is used without permission to commit other crimes.
False
Citizens and members of the legal profession are all bound by the terms of the common law.
False
In order for a privacy policy to be COPPA-compliant, it needs to provide notice of how the information will be used in some cases and must offer a general description of possible methods used to collect information.
False
In the U.S. federal system, the U.S. Court of Appeals is the court of last resort.
False
It is not possible that a student record will contain additional information outside the scope of FERPA. FERPA requires schools to reveal this data when access to an educational record is requested. For example, a school will be expected to reveal parental financial records, confidential letters of recommendation, or statements of recommendation.
False
Local users have more privileges than power users but fewer privileges than administrators do. Local users may use and access many functions of the computer system.
False
Phishing is a form of Internet fraud in which attackers sift through trash to discover personal information. It's an issue because individuals and organizations dispose of personal information in unsecure ways.
False
RFID technology poses privacy concerns in that it can track a person's movements and daily habits. However, you can only be tracked by RFID technology if an RFID tag had been inserted under your skin.
False
Statutes or codes depend on principles developed from years of legal tradition and court decisions.
False
Supreme Court nominees are required to be highly respected state or federal judges or highly respected attorneys.
False
The COPPA is the same as the Child Online Protection Act (COPA), the purpose of which is to protect minors from access to harmful material on the Internet.
False
The Constitution specifies the basic lawmaking process. A bill is the initial draft of a potential law. Only one chamber of Congress needs to approve the bill, and the president must sign it before it becomes a law.
False
The DSS offers a single approach to safeguarding sensitive cardholder data for all credit card issuers. It recommends 12 basic categories of security requirements that should be followed in order to protect credit card data.
False
The Federal Reserve System and the FTC enforces the Red Flags Rule for all financial institutions, which makes sense because financial institutions are highly regulated.
False
The Supreme Court has exclusive original jurisdiction to decide cases about disputes between state governments and exercises this original jurisdiction with frequency.
False
There is no risk in clicking an e-mail link, as long as the link doesn't force you to enter personal information.
False
When a Red Flag is detected, it is necessary to conduct a thorough investigation no matter the circumstances of the situation.
False
The Family Policy Compliance Office (FPCO) provides oversight for the ____________________.
Family Educational Rights and Privacy Act (FERPA)
The _________________ requires schools to protect students' records.
Family Educational Rights and Privacy Act (FERPA)
The purpose of the ______________________ is to address financial uncertainty and provide the nation with a more stable economy.
Federal Reserve System
The mission of the _____________________ is to protect consumers and to make sure that business is competitive by eliminating practices harmful to business
Federal Trade Commission (FTC)
Some people believe that COPPA requirements violate freedom of speech without censorship guaranteed by the ______________ Amendment.
First
Which of the following U.S. Constitution amendments contribute to the right of privacy?
First, Third, and Fourth Amendments
Which Act established the public's right to request information from federal agencies?
Freedom of Information Act
What makes a distributed denial of service attack "distributed"?
It involves multiple systems to launch the attack.
Which of the following best defines a technology protection measure (TPM)?
It is any technology that can block or filter the objectionable content.
Which of the following statements summarizes why the window of vulnerability is shrinking?
More people are interested in information security, and have developed the skills to find new vulnerabilities.
The _____________________ established the national banking system in the United States.
National Bank Act of 1864
Based on the descriptions given, what film does NOT exemplify the concept of social engineering?
Office Space: Three friends and disgruntled coworkers at a tech company discover that the company's accounting system has a computer glitch that calculates certain financial information to six decimal points, but only records the first two decimal points in the accounting files and then regularly discards the remaining fractions of pennies. When the trio learns their jobs are in jeopardy, they create a computer program that diverts the discarded fractions of pennies into a bank account they share. They believe that the company will continue to pay them in installments small enough that the company will never notice but that will lead to a very large amount of money over time.
A merchant of an e-commerce Web site wants to accept credit cards as a form of payment. Which of the following must the merchant follow to ensure the safety of those payments?
PCI DSS
Which of the follow is not one of the rights that parents are guaranteed under COPPA?
Parents will be notified by a Web site if is collecting an e-mail address to respond to a one-time request from a child.
Which statement about privacy is NOT true?
Privacy means that a person can specify the collection, use, and sharing of their data.
Required by the Fair and Accurate Credit Transaction Act of 2003 (FACTA), which of the following is an anti-identity theft rule created by federal bank regulatory agencies (the Fed, FDIC, OTS, OCC, and NCUA) and the FTC?
Red Flags Rule
is the process of reviewing known vulnerabilities and threats.
Risk analysis
involves tricking other people into breaking security procedures and sharing sensitive information.
Social engineering
This domain refers to the equipment and data an organization uses to support its IT infrastructure. It includes hardware, operating system software, database software, and client-server applications.
System/Application Domain
The doctrine of precedent is one of the most important traditions in the American legal system. Which of the following statements accurately summarizes how the Plessy v. Ferguson (1896) and Brown v. Board of Education (1954) cases dramatically illustrated how precedent can change and how changing precedent can have a significant impact on society?
The Brown decision was remarkable because the Court departed from the precedent set in Plessy. In fact, the Court specifically rejected the reasoning that it had used to support its decision in Plessy. Brown established new legal precedent that separate but equal laws are unconstitutional.
What is the source of legal authority for the U.S. government?
The U.S. Constitution
To be COPPA-compliant, a privacy policy must provide "assurance that participation is not conditioned on data collection." Which of the following statements offer the best explanation of this criterion?
The Web site must state whether collected information is shared with a third party.
Which of the following is true about U.S. Supreme Court justices?
They are nominated by the president.
A major privacy concern of social networking includes information sharing.
True
Administrative safeguards usually take the form of organizational policies, which state the rules of the workplace.
True
An educational record includes any personal and education data on a student maintained by an educational agency or institution.
True
An employer can monitor computer or Internet use in a number of ways, including the following: by employing keystroke loggers to monitor keystrokes made in a certain period or the number of Web sites visited and by tracking how much time employees spend in software applications provided for work purposes to measure productivity.
True
Biometric data is considered personally identifiable information.
True
CIPA has two main requirements. The first is that schools and libraries that accept E-Rate funding must implement technologies that filter offensive visual content so that minors don't access it. The second requirement is that schools implement an Internet safety policy.
True
COPPA has several rules for getting parental consent. One of them is that the parent's consent is required to collect, use, or disclose the child's information. The notice must state that the operator will not collect, use, or disclose the child's information without parental consent
True
FERPA has four main requirements: Annual notification, access to education records, amendment of education records, and disclosure of education records.
True
Federal courts can hear only the following kinds of cases: 1) Disputes regarding federal laws or constitutional issues and 2) Disputes between residents of different states where the amount of money in controversy is greater than $75,000.
True
Identity Theft Prevention Programs are required to detect, prevent, and mitigate identity theft in covered accounts. The written program must address both new and existing covered accounts.
True
Integrity means that information systems and their data are accurate.
True
Nonpublic personal information (NPI) is personally identifiable financial information that a consumer gives to a financial institution. NPI also includes private information that an institution gets from other sources. It includes lists or descriptions of consumers that are prepared by using this kind of information.
True
Phishing, social engineering, shoulder surfing, and dumpster diving are all examples of people-based privacy concerns.
True
Physical safeguards are actions that an organization takes to protect its actual, tangible resources. They keep unauthorized individuals out of controlled areas.
True
Pretexting, which is also known as social engineering, is the act of trying to gain access to customer information without proper authority to do so.
True
Subject matter areas of law are areas in which an attorney might specialize, and procedural law deals with the processes that courts use to decide cases.
True
The Gramm-Leach-Bliley Act requires financial institutions to protect consumer financial information by complying with the Privacy Rule, the Safeguards Rule, and the Pretexting Rule
True
The PCI Council was formed in 2006 to create safeguards designed to protect credit card data. Any merchant or service provider who accepts credit cards must follow the safeguards.
True
The Red Flags Rule doesn't permit a private right of action, which means that individuals can't sue financial institutions or creditors if they violate the Red Flags Rule.
True
The Tenth Amendment says, "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people."
True
The primary purpose of CIPA is to protect minors from accessing offensive content on the Internet. Offensive content includes any visual depictions that are any of the following: obscene, child pornography, or harmful to minors.
True
Types of information that most people consider private include financial information, health information, and criminal history data.
True
Under the Fair Credit Reporting Act of 1970 (FCRA), consumers can stop financial institutions from sharing their credit report or credit applications with affiliates.
True
Which of the following questions does not apply to an audit?
What are the rules?
How might the average person use cookies in a beneficial way?
You save an image of a relaxing, cloud-filled sky that appears every time you log-on to your Twitter account.
What is the ISO/IEC 27002?
a reference guide to help organizations choose safeguards
The role of the U.S. Cabinet is to:
advise the president
In the legal system, compliance is the action of following applicable laws and rules and regulations. Which of the following processes would not be used to demonstrate compliance:
allowing employees in an organization to create policies for self-governance documents to comply with legal or regulatory requirements at the employees' discretion
Which of the following must be protected per PCI DSS requirements?
an e-commerce Web server
A(n) _____________ is a formal request for a higher authority to review the decision of a lower court.
appeal
All of the following are examples of consumer financial information except:
biometric data
All of the following are eligibility requirements for the president of the United States except:
both A and B
The main goal of information security is to protect:
confidentiality, integrity, and availability
What is a small string of text that a Web site stores on a user's computer?
cookie
Which of following is not one of the steps in the data life cycle?
data accounting
Schools may make the following type of disclosure without obtaining parental or student consent:
disclosure of any information to any school official with a need to know
All of the following are true statements about the American legal system except:
each branch has a separate sphere of authority (checks)
In which of the following areas of the workplace is an employee most likely to have a reasonable expectation of privacy?
employee lounge
The three branches of the federal government are:
executive, legislative, and judicial
Because their employer is the government, public employees receive ___________ protections.
extra
In which of the following places would a person have "a reasonable expectation of privacy"?
in one's home
FERPA applies to any education agencies or institutions that receive funding from the U.S. Department of Education (ED). Which of the following in not an educational agency or institution?
non-profit organizations that offer educational programs
COPPA requires Web site operators collecting information from children to:
obtain parental consent
All of the following are true with respect to cryptography except
only used today by health care providers to protect health care data
In which of the following types of communication is phishing least likely to occur?
phone calls
Which of the following has the power to declare war, establish a post office, maintain an army, make money, and regulate commerce?
president
According to the federal Administrative Procedure Act, an agency is any governmental authority besides Congress and the courts. Which function does not fall under the category of what an agency does?
sets precedents
All of the following are examples of consumer financial institutions except:
the Federal Reserve System
The Federal Reserve reports directly to:
the U.S. Congress
A single point of failure is a piece of hardware or application that is key to
the functioning of the entire system
What is the window of vulnerability?
the time between exploit discovery and an installed security patch
A ______________ is some kind of wrongful act that harms or hurts a person.
tort