CET2691 Final Exam Study Guide

Ace your homework & exams now with Quizwiz!

In a situation where phishing attackers attempt to steal personal information, which of the following federal acts can be used to prosecute such a crime?

**INCORRECT** Computer Fraud and Abuse Act

What is a forensic duplicate image?

A bit-by-bit copy of the original storage media

Which role identifies the person in an organization who has the senior most role in protecting information security?

CISO

When performing computer forensics, what is a potential source of digital evidence?

Cell phone

Which of the following is not a risk management technique?

Certification

The ____________________ protects the personal information of children online. Children's Internet Protection Act (CIPA) Children's Online Privacy Protection Act (COPPA) Family Educational Rights and Privacy Act (FERPA) Health Insurance Portability and Accountability Act (HIPAA)

Children's Online Privacy Protection Act (COPPA)

The American legal system is based in large part on ____________________ common law.

English

Which doctrine prevents the government from using illegally gathered evidence at a criminal trial? Locard's Exchange Daubert Fruit of the Poisonous Tree Doctrine of Precedent

Fruit of the Poisonous Tree

The ________________________ makes identify theft a federal crime.

Identity Theft and Assumption Deterrence Act

__________________ is the process of reviewing known vulnerabilities and threats. Risk analysis Risk mitigation Risk engineering Risk avoidance

Risk analysis

SOX ______________ requires CEOs and CFOs to certify a company's SEC reports. Section 404 Section 302 Section 708 Section 906

Section 302

A conflict of interest is any situation where a person's private interests and professional obligations collide. In the risk assessment context, a conflict of interest is a situation where a member's responsibilities as part of the risk assessment team might conflict with one's job responsibilities. In these situations, independent observers might question whether a person's private interests improperly influenced his or her professional decisions. True False

True

An incident is any event that involves an organization's equipment, data, or other resources. True False

True

FERPA has four main requirements: Annual notification, access to education records, amendment of education records, and disclosure of education records. True False

True

What is the name of data that is stored in memory? forensically sound persistent volatile static

volatile

Which law requires each federal agency to develop an information security program?

FISMA

The _____________ established the national banking system in the United States. National Bank Act of 1864 Bank Secrecy Act of 1970 Bank Holding Company Act of 1956 Gramm-Leach-Bliley Act

National Bank Act of 1864

Which of the following would not appear in an IT acceptable use policy (AUP)?

data retention

Which of the following is not a primary analysis area of computer forensics?

**INCORRECT** Media analysis

__________________ is the wrongful act that constitutes a crime.

Actus reus

A judge or jury can consider only __________ evidence when deciding cases.

Admissible

What situation would be an example of an exploit?

An art thief sneaks into a museum and steals a famous painting and then sneaks out of the museum without being caught by security because the thief identified and traveled through the museum via blind spots of the museum's security cameras. After the incident, the museum increases the number of security guards and cameras guarding the museum at all times.

In forming a contract, the parties must bargain for something of value. This is called ____________________.

Consideration

Compensatory, consequential, nominal, and liquidated are all types of ____________.

Damages

Individual consumers are the targets of hackers far more often that financial institutions. True False

False

The Enron scandal proved that self-regulation has only benefits and little to no drawbacks, as evidenced by the role of their accounting firm, Arthur Andersen. True False

False

The following scenario is an example of a situation in which a copyrighted work is protected under fair use for educational purposes: a professor prepares a newsletter for a Web site. The professor includes in the newsletter a copyrighted cartoon about teaching students to illustrate a humorous point. True False

False

The _________________ requires schools to protect students' records. Health Insurance Portability and Accountability Act (HIPAA) Family Educational Rights and Privacy Act (FERPA) Children's Internet Protection Act (CIPA) Children's Online Privacy Protection Act (COPPA)

Family Educational Rights and Privacy Act (FERPA)

At the federal level, what is the name of the main guidance regarding the submission of evidence at trial?

Federal Rules of Evidence

The mission of the __________________ is to protect consumers and to make sure that business is competitive by eliminating practices harmful to business. National Credit Union Administration (NCUA) Federal Trade Commission (FTC) Office of Thrift Supervision Federal Financial Institutions Examination Council (FFIEC)

Federal Trade Commission (FTC)

_________________ was created by Congress to make health insurance portable. CIPA HITECH Act HIPAA FERPA

HIPAA

_______________________ is part of the executive management team's responsibility for protecting an organization's information assets.

Information security governance

A trademark has two criteria: 1) it must be used in interstate commerce and 2) _____________________.

It must be distinctive

Which of the following is not one of the responsibilities of information security managers?

Make sure that security is used to support business goals

________________ means that the parties to the contract must show that they intended to enter into a specific transaction with specific terms.

Mutual assent

___________ includes reviewing transaction logs and uses real-time monitoring to find evidence. Media analysis Code analysis Network analysis Log analysis

Network analysis

Which of the following is true regarding Locard's exchange principle? Computer forensic specialists need to have the same skills as a traditional information security professional. People leave trace evidence in the physical world but not the digital world. People leave trace evidence whenever they interact with other people and with their surroundings. Computer forensic specialists do not need to understand the laws of evidence and legal procedure, only good evidence collection processes.

People leave trace evidence whenever they interact with other people and with their surroundings.

Any organization's risk management plan includes:

Risk assessment, risk response, training employees, and continuous monitoring

______________________ created a comprehensive standard to help any organization create an information security governance program.

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)

The purpose of the ___________________ is to remove barriers to electronic commerce by validating electronic contracts.

Uniform Electronic Transactions Act (UETA)

Which of the following is not one of the events that that triggers a Form 8-K disclosure requirement? selling off significant assets acquiring an inheritance filing for bankruptcy getting a loan

acquiring an inheritance

The main goal of information security is to protect: non-public personally identifiable information financial data of public entities confidentiality, integrity, and availability personal health data and biometrics

confidentiality, integrity, and availability

All of the following are examples of protected health information (PHI) except: past, present, or future health information information regarding physical or mental health publicly available information regarding insurance companies information regarding different health insurance premium cost options

information regarding different health insurance premium cost options

Which of the following lack(s) contractual capacity to enter into a contract:

people who are mentally incompetent

PHI refers to: protected health information public health information private health insurance public health insurance

protected health information

A ____________________ is owned by many investors in the form of stock. public company closed corporation privately held company sole proprietorship

public company

Online Privacy Alliance (OPA) is an organization of companies dedicated to protecting online privacy. Members of OPA agree to create a privacy policy for a customer that is easy to read and understand. Which of the following provisions is not included in the policy? the option of choosing who sees the data how collected data is secured types of data collected how data is used

the option of choosing who sees the data

The U.S. Securities and Exchange Commission reviews a public company's Form 10-K at least once every ____________ years. four five three two

three

Which of the following statements best captures the function of the Federal Trade Commission (FTC)? to make frequent reports to the president on its actions to promote consumer protection and eliminate practices that are harmful to competitive business to be one of the most important regulatory authorities for consumer and some business practice issues to make frequent reports to the president on its actions

to promote consumer protection and eliminate practices that are harmful to competitive business

Courts are struggling with the privacy implications of GPS tracking. In 2009, New York's highest court held that police officers must have a ______________ in order to place a GPS tracking device on a suspect's car. tort RFID tag warrant injunction

warrant

Which of the following was enacted by Congress in response to growth in identity theft crime? Federal Trade Commission (FTC) Fair and Accurate Credit Transaction Act (FACTA) of 2003 Federal Reserve System Gramm-Leach-Bliley Act (GLBA)

Fair and Accurate Credit Transaction Act (FACTA) of 2003

A company that created virtual online gaming worlds agreed to pay $3 million in 2011 to settle charges with the FTC. The FTC alleged that the company improperly collected and disclosed the personal information of thousands of children without parental consent. This is the largest civil penalty so far in a Children's Internet Protection Act (CIPA) action. True False

False

Covered entities must keep records of how they disclose a person's PHI. Under the Privacy Rule, a person has the right to receive an accounting of how the covered entity has used or disclosed the person's PHI. True False

True

As defined by HIPAA, the term "covered entities" means: health care providers, health care clearinghouses, and health plans True False

True

Congress hoped that the Sarbanes-Oxley Act of 2002 (SOX) reforms would prevent another Enron scandal. The main goal of SOX is to protect shareholders and investors from financial fraud. SOX increased corporate disclosure requirements. True False

True

Copyright owners allow others to use their copyrighted material by using a special kind of contract called a license. True False

True

The primary goal of computer forensics is to:

Find evidence that helps investigators analyze an event or incident

One of the main goals of _______________ is to protect an organization's bottom line.

Risk management

Which of the following statements best fits the highest burden of proof? "clear and convincing evidence" "preponderance of the evidence" "preponderance of the evidence" "beyond a reasonable doubt"

"beyond a reasonable doubt"

You are analyzing a risk and have determined that the SLE is $1,200 and the ARO is 3. What is the ALE?

$3,600

HIPAA's _____________________ provisions are designed to encourage "the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information." Genetic Information Non-Discrimination Act Privacy Rule Security Rule Administrative Simplification

Administrative Simplification

All of the following statements are true except: All evidence is admissible regardless of collection method as long as it is reproducible in a tangible form. Forensic examiners must use established practices and procedures when collecting evidence. Admissible evidence is good evidence. Inadmissible evidence is bad evidence. To be admissible, evidence must be collected in a lawful manner.

All evidence is admissible regardless of collection method as long as it is reproducible in a tangible form.

Which of the following is a true statement regarding COPPA and CIPA rules? COPPA defines a minor as anyone under the age of 17 years, while CIPA defines a minor as someone under the age of 13 years. COPPA defines a minor as anyone under the age of 13 years, while CIPA defines a minor as someone under the age of 17 years. Both define a minor as anyone under the age of 17 years. Both define a minor as anyone under the age of 13 years.

COPPA defines a minor as anyone under the age of 13 years, while CIPA defines a minor as someone under the age of 17 years.

In 2013, a social media company paid $800,000 to settle charges with the Federal Trade Commission (FTC). The company had an application that allowed children to create journals and share those journals online. Children could also post photos and share location information. The company collected the birth dates of 3,000 children before getting parental permission. The FTC alleged that the company violated which of the following? Family Educational Rights and Privacy Act (FERPA) Health Insurance Portability and Accountability Act (HIPAA) Children's Online Privacy Protection Act (COPPA) Children's Internet Protection Act (CIPA)

Children's Online Privacy Protection Act (COPPA)

___________________ are money awards that compensate the non-breaching party for the foreseeable damages that arise from circumstances outside of the contract and can't be mitigated.

Consequential damages

Which of the following is not a legal remedy in contract law?

Contract identification

_______________________ covers unsolicited commercial e-mail messages and requires commercial e-mail senders to meet certain requirements.

Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM)

______________________ law deals with crimes but ______________ law governs disputes between individuals.

Criminal, tort

The bad faith registration of a domain name that's a registered trademark or trade name of another entity is referred to as:

Cybersquatting

What is a test for measuring the reliability of a scientific methodology?

Daubert

In 1998, Congress passed the _________________________.This law helps protect copyrights in the multimedia world. It also contains provisions that help insulate Internet service providers from the actions of their customers.

Digital Millennium Copyright Act

Which of the following terms would not be incorporated into an AUP statement about mobile device usage?

Employees must store the organization's AUP on their devices and review the AUP on a weekly basis.

Computer forensic examiners secure the crime scene and any electronic devices and ensure no one tampers with or modifies evidence during the collection phase of an investigative process. True False

False

Medical identity thieves exclusively consist of computer hackers or members of organized crime rings. True False

False

Statutes or codes depend on principles developed from years of legal tradition and court decisions. True False

False

The C-I-A triad refers to the way that the Central Intelligence Agencies classifies sensitive information. True False

False

The FDIC insures deposit accounts in the event of bank failure. If a bank fails, the FDIC returns the money that a customer put in the bank, no matter how great or small the amount. True False

False

Which of the following U.S. Constitution amendments contribute to the right of privacy? First, Third, and Fourth Amendments First, Second, and Fourth Amendments First and Sixth Amendments First, Second, and Third Amendments

First, Third, and Fourth Amendments

Which Act established the public's right to request information from federal agencies? Privacy Act of 1974 Electronic Communications Privacy Act Freedom of Information Act Mail Privacy Statute

Freedom of Information Act

Following a disaster, what is the best kind of site if you need to resume operations in the shortest possible time?

Hot

Data destruction policies do not include which of the following?

How long the data should be retained

Which of the following is generally the first step in a computer crime investigative process?

Identification

Patents, trademarks, and copyrights are all types of _________________.

Intellectual property

_____________________ is the area of law that protects a person's creative ideas, inventions, and innovations.

Intellectual property law

________________ is the oldest computer forensic professional group. U.S. Federal Bureau of Investigations (FBI) American Bar Association Forensic Division International Organization on Computer Evidence (IOCE) International Association of Computer Investigative Specialists (IACIS)

International Association of Computer Investigative Specialists (IACIS)

Why is continuous monitoring an important activity in risk management?

It enables an organization to update policies and controls that aren't effective.

A(n) ___________ is an invitation to enter into a relationship or transaction of some kind.

Offer

A merchant of an e-commerce website wants to accept credit cards as a form of payment. Which of the following must the merchant follow to ensure safety of those payments? PCI DSS GLBA SOX FISMA

PCI DSS

Unlike ______________, trade secrets aren't registered. A person or business doesn't have to meet any registration or procedural formalities for protection.

Patents

The purpose of the Gramm-Leach-Bliley Act ___________________ is to fight identity theft. Safeguards Rule Privacy Rule Red Flags Rule Pretexting Rule

Pretexting Rule

_____________ is an individual's right to control the use and disclosure of his or her own personal data. Access Integrity Privacy Preference

Privacy

Data __________________ policies state how data is controlled throughout its life cycle.

Retention

The Enron scandal and similar corporate scandals led to the creation of which of the following? Sarbanes-Oxley Act Gramm-Leach-Bliley Act Securities and Exchange Commission Public Company Accounting Oversight Board

Sarbanes-Oxley Act

The main goal of ______________ is to protect shareholders and investors from financial fraud. Public Company Accounting Oversight Board Sarbanes-Oxley Act (SOX) Gramm-Leach-Bliley Act Securities and Exchange Commission

Sarbanes-Oxley Act (SOX)

The HIPAA ______________________ states how covered entities must protect the confidentiality, integrity, and availability of electronic personal health information. Security Rule Administrative Simplification Rule Red Flag Rule Privacy Rule

Security Rule

_____________________ refers to the purchase of application services over the Internet.

Software as a Service (SaaS)

Which of the following steps occurs before any of the others in a formal policy development process?

Stakeholder review

_____________________ is a legal concept that means people can be held responsible for their actions even when they didn't intend to cause harm to another person.

Strict liability

The power of a court to decide certain types of cases is ______________________ jurisdiction.

Subject matter

_______________________ criminal law defines the conduct that constitutes a crime and establishes penalties.

Substantive

What is the first piece of federal legislation that identified computer crimes as distinct offenses?

The Computer Fraud and Abuse Act of 1984

How does the U.S. Constitution refer to itself? The Federal Government blueprint The just Laws of the United States The supreme Law of the Land The first Law of the States

The supreme Law of the Land

What do you compare in a risk-level matrix when evaluating the elements of a risk?

Threat likelihood and impact

_____________ are used to protect words, logos, and symbols that identify a product or services.

Trademarks

Federal courts can hear only the following kinds of cases: 1) Disputes regarding federal laws or constitutional issues and 2) Disputes between residents of different states where the amount of money in controversy is greater than $75,000. True False

True

In the common law, courts decide cases by referring to established legal principles and the customs and values of society. They also look at decisions made in earlier cases to see if the cases are similar. If the cases are similar, a new case should reach a similar result. True False

True

Incident triage, investigation, containment or mitigation, recovery, and review are basic parts of an incident response plan. True False

True

Law enforcement may conduct inventory searches without a warrant when they arrest a suspect. These searches are allowed when they're made for a non-investigative purposes. True False

True

Public companies are required to file a number of financial disclosure statements with the SEC. These forms help investors understand the financial stability of a company. The most commonly filed forms are: 1) Form 10-K—Annual report, 2) Form 10-Q—Quarterly report, and 3) Form 8-K—Current report. True False

True

The Federal Financial Institutions Examination Council (FFIEC) promotes uniform practices among the federal financial institutions. Its purpose is to: 1) establish principles and standards for the examination of federal financial institutions; 2) develop a uniform reporting system for federal financial institutions; 3) conduct training for federal bank examiners; 4) make recommendations regarding bank supervision matters, and 5) encourage the adoption of uniform principles and standards by federal and state banks. True False

True

The law states that fair use of a copyrighted work isn't copyright infringement, and that fair use is permitted in the following situations in order to promote free speech: criticism, news reporting, and teaching (including multiple copies for classroom use). True False

True

The first state to enact anti-spyware legislation was: Texas California Michigan Utah

Utah

A _____________________ does not require the user to make an affirmative action to accept the terms of the contract. Agreement is assumed when the user visits the Web page or downloads a product.

browsewrap contract

Which of the following is not a condition of "obscenity" as defined by the U.S. Supreme Court? depicts or describes sexual conduct in a patently offensive way appeals predominantly to prurient interests depicts any type of sexual conduct lacks serious literary, artistic, political, or scientific value

depicts any type of sexual conduct

Schools may make the following type of disclosure without obtaining parental or student consent: disclosure of any information to any school official with a need to know disclosure of school disciplinary records disclosure of grades or test scores disclosure to press for purposes of article promotion

disclosure of any information to any school official with a need to know

A covered entity doesn't have to account for every PHI disclosure that it makes. The Privacy Rule states that some kinds of disclosures don't have to be included in an accounting. Any disclosure not specifically excluded must be included and tracked. Which of the following disclosures does not need to be tracked? disclosures made to carry out treatment, payment, and health care activities disclosures required by law disclosures required for public health activities disclosures to HHS for its compliance functions

disclosures made to carry out treatment, payment, and health care activities

Which of the following is not a valid court-recognized exception to search warrant requirements? exigent circumstances forensic examination of seized media plain view doctrine consent

forensic examination of seized media

SOX requires the SEC to review a public company's Form 10-K and Form 10-Q reports at least once every three years. It must do this to try to detect fraud and inaccurate financial statements that could harm the investing public. SOX states the factors that the SEC should consider when deciding to conduct a review. Which of the following is not one of the factors that SEC must consider? whether a company has amended its financial reports the difference between a company's stock price and its earnings how much stock the company has issued how long the company has been in existence

how long the company has been in existence

The Florida A&M case illustrates which of the following about safeguards? that routine security audits are not sufficient to detect unauthorized or harmful software on a system how safeguards can be used in an accidental integrity compromise how safeguards protect the integrity of computer systems that safeguards cannot be used to discover hackers' identities

how safeguards protect the integrity of computer systems

What are the four privacy torts that still exist today? ECPA, Privacy Act, E-Government Act, and Patriot Act intrusion into seclusion, portrayal in a false light, appropriation of likeness or identity, and public disclosure of private facts in the U.S. Constitution, the First Amendment, Third Amendment, Fourth Amendment, and Fifth Amendment

intrusion into seclusion, portrayal in a false light, appropriation of likeness or identity, and public disclosure of private facts

Under FERPA, which of the following may be disclosed in a school directory without consent? name, address, and telephone number grades earned social security number student ID number

name, address, and telephone number

All of the following are true with respect to cryptography except: were used by the military to protect confidential communications only used today by health care providers to protect health care data hides information so unauthorized persons can't access it preserves confidentiality

only used today by health care providers to protect health care data

All of the following are characteristics of HIPAA except: used to fight health insurance fraud and eliminate waste simplifies how health insurance is administered protects the privacy and security of personally identifiable health information requires that employers offer health coverage

requires that employers offer health coverage

Which of the follow is not a method that web site operators can use to distinguish children from adults? using parental controls requiring payment requiring a name and address requiring parental consent

requiring a name and address

All of the following are examples of consumer financial institutions except: the Federal Reserve System savings and loans associations credit unions insurance companies

the Federal Reserve System

In January 2007, TJX disclosed that hackers had breached its credit card systems. The company reported that the attackers might have accessed credit card data going back to 2002. It reported that 45.7 million credit and debit card numbers might have been disclosed. At the time, the breach was believed to be the largest ever. Banks and customers sued TJX in connection with the breach. State governments also sued the company for failing to protect the credit card information of state residents. Given the nature of this breach, which federal agency opened an investigation? the Federal Deposit Insurance Corporation the Consumer Financial Protection Bureau the Federal Trade Commission the Federal Reserve System

the Federal Trade Commission


Related study sets

Project Risk Management Study Questions

View Set

Diet therapy for clinical nutrition, modules 1-6 ( Understanding normal and clinical nutrition, tenth edition)

View Set