Add to collection(s) Add to saved
  1. Social Science
  2. Law
  3. Forensic Science

Questions

advertisement 
QUESTION DRILL LAW, INVESTIGATION & ETHICS 020504 - Questions
1. Which RFC contains the Internet Activity Board's "Ethics and the Internet"
documentation?
a. RFC 1918
b. RFC 1394
c. RFC 1024
d. RFC 1087
2 Which of the following is not defined as unethical and unacceptable activity by
Internet Activity Board's "Ethics and the Internet" documentation?
a. Soliciting for non-profit organization donations
b. Wasting resources (people, capacity, computer) through such actions
c. Destroying the integrity of computer-based information
d. Compromising the privacy of users
3 The theft of small amounts of information from many sources to compile or
infer data about something private or classified is known as?
a. Masquerading
b. The Salami technique
c. Data diddling
d. Espionage
4 Which of the following is not technically a crime according to the law?
a. espionage
b. fraud
c. piracy
d. resource waste
5 Which of the following defined the unauthorized possession of information
without the intent to profit from the information as a crime?
a. 1991 U.S. Federal Sentencing Guidelines
b. U.S. Computer Fraud and Abuse Act
c. U.S. Privacy Act 1974
d. U.S. National Information Infrastructure Protection Act 1996
6 Evidence should be all but which of the following in order to be used in court?
a. Reliable
b. Sufficient
c. Relevant
d. Permissible
Page 1
7 Which of the following is not an element or aspect of the ISC(2) code of
ethics?
a. CISSP certification holders are required by law to uphold the ISC(2) code
of ethics
b. CISSP certification holders should adhere to the highest ethical standards of
behavior
c. A condition of CISSP certification is adherence to the ISC(2) code of
ethics.
d. Protect society, the commonwealth, and the infrastructure
8 Violation of the ISC(2) code of ethics can result in?
a. Arrest
b. Revocation of certification
c. Financial penalties
d. Community service hours
9 Which of the following is not directly specified in the cannons of the ISC(2)
code of ethics?
a. Act honorably, honestly, justly, responsibly, and legally
b. Provide diligent and competent service to principals.
c. Don't write malicious code such as viruses
d. Advance and protect the profession
10 The crime of impersonation or spoofing is also known as?
a. Spamming
b. Data diddling
c. Masquerading
d. Social engineering
11 Unauthorized modification of data is known as?
a. The salami technique
b. Spoofing
c. Malicious code
d. Data diddling
12 TEMPEST is concerned with?
a. Emanation eavesdropping
b. Distributed Denial of Service attacks.
c. Password theft
d. Dumpster diving
13 The act of extracting information from discarded materials is known as?
a. Fraud
b. Dumpster diving
c. Information warfare
d. Superzapping
Page 2
14 Which of the following is not supported by the ISC2's CISSP code of ethics?
a. promote understanding of security
b. provide competent service
c. do not disclose confidential information from clients
d. report crimes to ISC2
15 Which of the following is not considered a violation of computer ethics?
a. working overtime on an IT project
b. browsing files on the file server
c. using proprietary software without compensation
d. employing another's intellectual property without acknowledgement
16 Which of the following is not defined as unacceptable and inappropriate but
the Internet Activities Board of Ethics and the Internet?
a. seeking to gain unauthorized access to resources
b. conducting commercial activities over the Internet
c. destroying the integrity of computer stored information
d. wasting resources
17 Which of the following is not a valid means to identify or label computer
evidence?
a. writing on printouts with permanent markers
b. recording serial numbers
c. writing a contents and ID tag file to a hard drive
d. photographing the contents displayed on the monitor
18 What type of evidence proves or disproves a specific act through oral
testimony based on information gathered through the witness's five senses?
a. Hearsay evidence
b. Circumstantial evidence
c. Secondary evidence
d. Direct evidence
19 Which of the following is not an element in the ISC2's code of ethics that all
CISSP candidates must adhere to?
a. conduct themselves with high standards of moral, ethical, and legal
behavior
b. do not commit any unlawful act
c. do not write malicious code
d. report all discovered unlawful activity
20 Which of the following is not a computer crime?
a. social engineering
b. surfing pornographic Web sites
c. password sniffing
d. spoofing IP addresses
Page 3
21 Which of the following is a crime against a computer?
a. intercepting wireless network communications
b. installing software that has not been properly purchased
c. causing a blackout of the local power grid by damaging a power station
d. testing an intrusion script against a competitor's Web site
22 Which of these computer crimes is not like the others?
a. spoofing
b. social engineering
c. masqurading
d. data diddling
23 Which of the following is not a true statement according to the Generally
Accepted Systems Security Principles (GASSP)?
a. computer security supports the mission of an organization
b. computer security should be cost effective
c. computer security is not restrained by society
d. computer security should be periodically reassessed
24 The U.S. Department of Health, Education, and Welfare Code of Fair
Information Practices requires which of the following?
a. people must be able to remove any information about themselves from
databases containing personal data
b. organizations maintaining personal data do not need to ensure that data isn't
misused
c. data stored about people must be timely
d. the existence of systems that maintain records of a personal nature cannot
remain secret
25 Which of the following is considered a crime committed using a computer?
a. illegally transferring money from one bank account to another over the
Internet
b. erasing a hard drive using a degaussing magnet
c. setting fire to a building
d. theft of a notebook from an airport security checkpoint
26 Which category of common law allows for punishments to include financial
penalties but not imprisonment for a conviction?
a. civil law
b. criminal law
c. administrative law
d. regulatory law
Page 4
27 Which form of law focuses on the violation of government laws focused on the
protection of the public?
a. civil law
b. criminal law
c. administrative law
d. regulatory law
28 What form of common law is also known as tort?
a. Administrative law
b. Criminal law
c. Civil law
d. Regulatory law
29 Which of the following is not a valid countermeasure against the interception
of radio frequency and other electromagnetic radiation signals by unauthorized
individuals?
a. sound dampening insulation
b. TEMPEST equipment
c. white noise generation
d. control zones
30 Which of the following is not considered a computer crime?
a. espionage
b. natural disasters
c. fraud
d. embezzlement
31 Which of the following is not one of the types of laws found in the United
States that can be used in a court of law?
a. statutory law
b. administrative law
c. Islamic law
d. common law
32 The code of federal regulations is also known as?
a. statutory law
b. common law
c. case digests
d. administrative law
33 Which of the following laws addresses confidentiality, integrity, and
availability for both data and systems and encourages other countries to adopt
the same framework?
a. U.S. Privacy Act of 1974
b. Paperwork Reduction Act of 1995
c. U.S. National Information Infrastructure Protection Act of 1996
d. Gramm Leach Bliley Act of 1999
Page 5
34 Which of the following requires Federal Agencies to assess the security of their
non-classified information systems, to provide a risk assessment, and to report
the security needs of its systems?
a. U.S. Privacy Act of 1974
b. U.S. Computer Fraud and Privacy Act of 1986
c. U.S. National Information Infrastructure Protection Act of 1996
d. Paperwork Reduction Act of 1995
35 Which of the following defines the trafficking in computer passwords as a
federal crime if that activity affects interstate or foreign commerce or permits
unauthorized access to government computers?
a. U.S. Computer Fraud and Abuse Act of 1986
b. Paperwork Reduction Act of 1995
c. U.S. National Information Infrastructure Protection Act of 1996
d. Gramm Leach Bliley Act of 1999
36 Which of the following is an amendment to the U.S. Computer Fraud and
Privacy Act of 1986?
a. U.S. Privacy Act of 1974
b. U.S. National Information Infrastructure Protection Act of 1996
c. Paperwork Reduction Act of 1995
d. Gramm Leach Bliley Act of 1999
37 Which of the following laws requires that banks give customers the option to
prohibit the distribution of personal information with non-affiliated third
parties?
a. U.S. Privacy Act of 1974
b. U.S. Computer Fraud and Privacy Act of 1986
c. U.S. National Information Infrastructure Protection Act of 1996
d. Gramm Leach Bliley Act of 1999
38 Which of the following laws requires that federal agencies protect information
about private individuals that is stored in government databases?
a. U.S. Privacy Act of 1974
b. U.S. Computer Fraud and Privacy Act of 1986
c. Paperwork Reduction Act of 1995
d. Gramm Leach Bliley Act of 1999
39 Which of the following laws defines the use of a federal interest computer in a
crime as a federal offense and reduces the minimum damage required to
declare a crime a federal offence?
a. U.S. Privacy Act of 1974
b. U.S. Computer Fraud and Privacy Act of 1986
c. U.S. National Information Infrastructure Protection Act of 1996
d. Gramm Leach Bliley Act of 1999
Page 6
40 Which of the following statements is true?
a. European privacy laws are less restrictive than those of the United States.
b. European privacy laws are just as restrictive than those of the United States.
c. European privacy laws are more restrictive than those of the United States.
d. European privacy laws are completely different than those of the United
States.
41 Which of the following is not a tenant of the European privacy laws?
a. Data must be collected in accordance with the law
b. Collected information cannot be disclosed to others without the consent of
the individual
c. Records kept about an individual must be accurate and timely
d. Data can only be collected with the consent of the individual
42 Which of the following is not true in regards to the European privacy laws?
a. Data can be retained indefinitely
b. Individuals can correct errors in the data collected about them
c. Data can only be used for the original purpose for which it was collected
d. Individuals are entitled to a report detailing the information retained about
them
43 Which of the following is not a common problem with the storage of personal
health and medical data?
a. Access granted to a wide range of users, such as outside partners, members,
and vendors
b. A high level of granular access control on most systems
c. Internet connectivity increases vulnerabilities to integrity and privacy of
data
d. misuse of personal medical data can have a significant negative impact on
the public perception of an organization
44 Which form of intellectual property law protects original works of authorship
for 50+ years?
a. trademark
b. patent
c. copyright
d. trade secret
45 Which form of intellectual property law defines data that is confidential and
proprietary to a specific organization?
a. trademark
b. patent
c. copyright
d. trade secret
Page 7
46 Which form of intellectual property law protects or establishes a word, name,
symbol, etc. as an identifying mark for an organization or a product?
a. trademark
b. patent
c. copyright
d. trade secret
47 Which form of intellectual property law provides the owner with 17 years of
exclusive use rights?
a. trademark
b. patent
c. copyright
d. trade secret
48 Which of the following statements is true in regards to a well-organized and
legitimate monitoring solution that records all e-mail on a business network?
a. does not provide a means to track down violations of security policy
b. does not provide a guarantee of personal privacy
c. does not clearly inform all users of the monitoring activity
d. does not make employees aware of the acceptable use of e-mail
49 Which of the following treats the unauthorized possession of information
without the intent to profit from it as a crime?
a. U.S. Computer Fraud and Privacy Act of 1986
b. Paperwork Reduction Act of 1995
c. 1991 U.S. Federal Sentencing Guidelines
d. Gramm Leach Bliley Act of 1999
50 All of the following are true regarding the 1991 U.S. Federal Sentencing
Guidelines except for?
a. Treats the unauthorized possession of information without the intent to
profit from it as a crime
b. Applies to both individuals and organizations
c. Makes the degree of punishment a function of the extent to which the
organization has demonstrated due diligence in establishing security
d. Makes the use of information that causes $1,000 or more in damages or
which impairs medical treatment as a federal crime
51 Which of the following is not a information privacy principles that health care
organizations should adhere to?
a. grant individuals the means to monitor and correct the data collected about
them
b. restrict the uses of data to those outlined when the data was originally
collected
c. maintain the secrecy of their personal information database
d. organizations that gather data should provide adequate protection for that
data
Page 8
52 Which of the following is not true about the Health Insurance Portability and
Accountability Act (HIPAA)?
a. Establishes the rights for individuals who are subjects of individually
identifiable health information
b. Defines uses and disclosures of individually identifiable health information
that should be authorized or required
c. Requires a information security officer
d. Defines specific products, standards, guidelines, and procedures for
protecting individually identifiable health information
53 Which of the following is not a recommended practice for the monitoring of email on a company network?
a. establish different levels of monitoring for each organizational staff level
b. Inform all users that monitoring is occurring via clearly visible and frequent
banner or similar warning system
c. Monitoring should be performed in a lawful and consistent manner
d. Detail who will be accessing and viewing the archived data and for how
long the data will be retained
54 Which of the following is not visible proof that due care is being practiced by
an organization in regards to security?
a. physical access controls
b. hardware backups
c. security awareness training
d. use of plenum cabling
55 Which of the following is not visible proof that due care is being practiced by
an organization in regards to security?
a. Deploying high-speed networking devices
b. Telecommunications encryption
c. Disaster recovery plans
d. Development of formalized security infrastructure documentation
56 Which of the following is not a responsibility of the Computer Incident
Response Team?
a. Managing public relations
b. Design security policies
c. Investigate intrusions
d. Report incidents
57 The 1991 U.S. Federal Sentencing Guidelines invokes the ______________
that requires that senior management of an organization perform their duties
with the same care that any normal person would exercise in the same
circumstances.
a. Prudent man rule
b. Principle of least privilege
c. Tenant of due care
d. Separation of duties requirement
Page 9
58 The U.S. Federal Sentencing Guidelines provides for a punishment for
convicted senior management that can include?
a. imprisonment
b. fines up to $290 million
c. confiscation of assets
d. seizure of public stock offerings
59 For negligence to be proven in court, what must be demonstrated or proved?
a. lack of due diligence
b. failure to comply with recognized standards
c. legally recognized obligation
d. proximate causation
60 Which of the following actions or decisions should be made after an incident
occurs?
a. determine how much damage was caused
b. determine what backup solutions should be deployed
c. determine whether additional safeguards are required
d. determine if recovery procedures should be triggered to recover from an
incident
61 When an investigation of a computer crime incident occurs, which of the
following is not true?
a. there is a compressed time frame within which to conduct the investigation
b. the investigation may interfere with the normal operations of business
c. evidence is usually tangible
d. evidence may be co-mingled with data needed for normal business
activities
62 When an investigation of a computer crime incident occurs, which of the
following is not true?
a. Evidence can be difficult to gather
b. Evidence may be damaged or altered by the normal operations of business
c. Jurisdictional responsibility may be cloudy
d. An expert or specialist is usually not required
63 Which of the following is not a responsibility of the Computer Incident
Response Team?
a. Managing network logs
b. Resolve vulnerabilities
c. Risk assessment
d. Minimize costs of incidents
64 Emergency response should be planned out before an incident occurs. Which
of the following is not an aspect of this type of planning?
a. how an incident should be reported
b. when should management be informed of an incident
c. what action should be taken when an incident is detected
d. where should the facility be located for the greatest security
Page 10
65 Emergency response should be planned out before an incident occurs. Which
of the following is not an aspect of this type of planning?
a. What constitutes a federal crime
b. What is considered an incident
c. To whom should incidents be reported
d. Who should handle the response to an incident
66 If a computer crime is suspected, which of the following is the most important
activity to perform?
a. generate post incident reports
b. trigger the emergency response team
c. restore non-critical business processes
d. do not alert the suspect
67 The standard discriminator to determine whether a subject may be the person
who committed a crime is to evaluate whether that person had all but which of
the following?
a. intention
b. means
c. motive
d. opportunity
68 The goal of an ______________ is to find the answers to who, what, when,
where, why, and how.
a. interrogation
b. interview
c. investigation
d. interpretation
69 The act of an investigation can often have numerous negative consequences for
an organization. Which of the following is not an example of one of these?
a. Maintaining individual privacy
b. The subject committing retaliatory acts
c. Negative publicity
d. Interruption of business processes
70 A committee to help with the investigation of computer crime incidents should
be established. This committee should perform all but which of the following?
a. Establish a liaison with law enforcement
b. Creating post-incident reports for use as evidence in court
c. Design a procedure for reporting IT crimes
d. Inform senior management and affect parties of the progress of an
investigation
71 Who has jurisdiction over computer crimes committed in the U.S.?
a. Local law enforcement and FBI
b. Secret Service and NIST
c. FBI and Secret Service
d. NSA and CIA
Page 11
72 Which of the following is not a valid means to collect evidence according to
the rules of evidence or the evidence life cycle?
a. gather all relevant storage media
b. use degaussing equipment
c. image the hard drive
d. print out the screen
73 Which of the following represents the proper order of the chain of evidence or
the evidence life cycle?
1. Collection
2. Discovery
3. Identification
4. Presentation
5. Preservation
6. Protection
7. Recording
8. Return
9. Transportation
a. 1,2,3,4,5,6,7,8,9
b. 8,4,2,9,5,1,3,7,6
c. 2,6,7,1,3,5,9,4,8
d. 6,5,8,3,4,1,9,7,2
74 The goal of an ______________ is to establish enough evidence to consider a
subject a witness.
a. investigation
b. interview
c. interrogation
d. interpretation
75 Which of the following is not true?
a. In an interview, an individual becomes a witness
b. In an interview, a subject becomes a witness
c. In an interrogation, a witness becomes a suspect
d. In an interrogation, a subject comes a witness
76 Which of the following is not an element of the chain of custody?
a. Whether the evidence is relevant
b. Time and location the evidence was gathered
c. Who discovered the evidence
d. Who maintained possession of the evidence
77 Which of the following is not a valid action to take when preserving evidence
for admissibility in court?
a. avoid smoke and dust
b. write protect media
c. storing electronic media in plastic bags
d. avoid magnetic fields
Page 12
78 When attempting to preserve evidence for admissibility in court, which of the
following is a valid action to take?
a. Run tripwire on the system
b. Use AES to encrypt the entire storage device
c. Defragment the storage device
d. Create a message digest using SHA
79 The original or primary evidence is also known as?
a. best evidence
b. direct evidence
c. secondary evidence
d. conclusive evidence
80 To present evidence in court, it must be all but which of the following?
a. relevant
b. permissible
c. reliable
d. sufficient
81 Aspects of the relevance of evidence include all but which of the following?
a. has not been altered
b. must show that a crime has been committed
c. shows some aspect of the perpetrator's motives
d. verifies or demonstrates what has occurred
82 Which of the following is not a valid means of identification that will allow
evidence to be admissible in court?
a. Writing on paper printouts with a permanent marker
b. Writing a identification file to a storage media
c. A recording of serial numbers from devices
d. Placing evidence in sealed and marked containers
83 What is superzap?
a. A short-duration high-voltage surge of electricity
b. A tool used to discover the source of an Internet attack even when spoofed
packets are used
c. A tool used to bypass system security in order to modify or disclose data
d. A firewall scanning tool used to detect open and active ports
84 Which of the following is not a crime committed using a computer?
a. Password theft
b. Illegal material content
c. Embezzlement
d. Physical destruction
85 Which of the following is not malicious code?
a. e-mail spam
b. A virus
c. A Trojan horse
d. A worm
Page 13
86 The oral testimony of a witness is known as?
a. best evidence
b. direct evidence
c. hearsay evidence
d. circumstantial evidence
87 What type of evidence is generally inadmissible in court?
a. best evidence
b. direct evidence
c. hearsay evidence
d. expert opinion
88 Which of the following is not an exception to the hearsay rule?
a. Evidence made during the normal process of business activity
b. Evidence in the custody of the witness on a regular basis
c. Evidence made at or near the time of the incident being investigated
d. Evidence produced as a result of the incident and exclusively for court
presentation
89 When data needed as evidence is stored with data necessary for business
operations and which is not associated with the crime, this is known as?
a. Data diddling
b. Co-mingling of data
c. Superzapping
d. Embezzlement
90 The 1991 U.S. Federal Sentencing Guidelines establish what?
a. Maximum sentences for the punishment of computer crimes
b. Multi-jurisdiction accumulation of sentencing
c. Punishment guidelines for breaking federal laws
d. Rules for a jury to follow when debating the guilt or innocence of a suspect
91 The 1991 U.S. Federal Sentencing Guidelines does what?
a. Treats the authorized possession of information with the intent to profit
from the information as a crime
b. Treats the unauthorized possession of information with the intent to profit
from the information as a crime
c. Treats the authorized possession of information without the intent to profit
from the information as a crime
d. Treats the unauthorized possession of information without the intent to
profit from the information as a crime
92 What is a script kiddy?
a. A programmer who writes malicious code
b. An attacker that employs pre-written attack tools from the Internet who is
usually unable to program and new to cyber crime
c. An administrator who automates common management tasks
d. A specialized Web based programming tool for animating menus
Page 14
93 The computer crime that attempts to alter the financial status of a nation,
disrupt their power grid, or mis-represent the capabilities of an enemy is
known as?
a. Employing the Salami technique
b. Data diddling
c. Information warfare
d. Espionage
94 Which of the following is a benefit of investigating computer crime?
a. The investigation must often take place in a compressed time frame
b. The evidence is often intangible
c. An investigation may interfere with the normal operation of business
d. Many jurisdictions have expanded the definition of property to include
electronic information
95 Which of the following is not true?
a. The investigation of a computer crime can usually be accomplished by the
same forensic specialists used for any other type of crime scene.
b. Evidence may be difficult to gather.
c. Locations of the crimes may be separated by large geographic distance even
through they were perpetrated through a computer at a single location.
d. Electronic evidence can be destroyed easily, such as booting a system,
running a program, or reading a file.
96 How is the legal requirement for applying safeguards calculated?
a. If the cost of implementing a physical access control is less than the
estimated cost of a logical access control, then a legal liability exists
b. If the loss of an exploited vulnerability is less than the estimated cost of a
safeguard, then a legal liability exists
c. If the cost of an asset is less than the cost of a safeguard, then a legal
liability exists
d. If the cost of implementing the safeguard is less than the estimated loss of
an exploited vulnerability, then a legal liability exists
97 The requirement that senior management must perform their duties with the
same care than any normal, sensible person would under similar circumstances
is known as?
a. The prudent man rule
b. The risk avoidance axiom
c. The liability avoidance method
d. Common sense
98 When identifying evidence collected at the scene of a computer crime, all but
which of the following are valid methods for identifying evidence?
a. Writing a file containing identification information to the storage media
b. Marking printouts with a permanent marker
c. Placing components in labeled bags
d. Making a list of serial numbers, makes, and models of components
Page 15
99 Which of the following is not one of the three main types of laws?
a. Criminal
b. Intellectual Property
c. Civil
d. Administrative
100The 1991 U.S. Federal Sentencing Guidelines establishes a link between the
degree/ severity of punishment and what?
a. The extent of due care
b. Size of asset loss
c. Financial cost to investors
d. Amount of liability insurance
101Which of the following is not an example of how is due care shown?
a. The presence of physical and logical access controls
b. Press releases stating such
c. Disaster recovery and business continuity plans
d. A complete set of formalized security infrastructure documentation
102Which of the following is not a means by which a company shows that due
care is properly implemented and practiced?
a. Performing security awareness training
b. Performing penetration testing against the organization
c. Deploying a homogenous network
d. Running updated anti-virus software
103Which of the following statements are true?
a. European privacy laws are more restrictive than those of the US.
b. US privacy laws are more restrictive than those of Europe.
c. European and US privacy laws are about the same.
d. Europe has far fewer privacy laws that the US.
104Evidence must be all but which of the following to be presented in court?
a. Relevant
b. Obtained in a lawful manner
c. Reliable
d. Sufficient
105Which of the following is not required in order to prove negligence in court?
a. Legally recognized obligation
b. Failure to confirm to a required standard
c. Proximate causation resulting in damage or injury
d. Violation of the prudent man rule
106The legislative branch is responsible for creating what type of law?
a. Statutory law is created by the legislative branch.
b. Common law
c. Civil law
d. Criminal law
Page 16
107Who is ultimately responsible and held liable for the lack of due care within an
organization?
a. IT staff
b. Security management team
c. Senior management
d. Department supervisors
108A copy of evidence or an oral description of its contents is known as?
a. Best evidence
b. Secondary evidence
c. Direct evidence
d. Conclusive evidence
109When collecting evidence at a crime scene, which of the following should not
be performed?
a. Collect all storage devices
b. Degauss equipment
c. Print out the screen or make a photograph of it
d. Image the hard drive before removing power
110A computer incident response team is responsible for all but which of the
following?
a. Managing public relations during an incident
b. Minimizing risks to the organization during an incident
c. Investigating intrusions
d. Updating the security policy
111Which of the following is not a component in the chain of evidence?
a. The method used to collect, obtain, or gather the evidence
b. Location of evidence when it was collected
c. Identification of individuals who possessed the evidence from the time of
collection to the present
d. The time the evidence was collected
112The Paperwork Reduction Act of 1995 does what?
a. Makes the trafficking in passwords that affects foreign commerce a federal
crime
b. Defines standards by which medical information is stored, used, and
transmitted
c. Protects the information about individuals within government databases.
d. Requires federal agencies to produce reports on the state of security for
their non-classified systems.
113A software copyright is held by the original creator for how long?
a. 7 years
b. 10 years
c. 17 years
d. 50 years or more
Page 17
114To discriminate whether an individual is the perpetrator of a crime,
investigators evaluate whether the individual had _____, ______, and _____.
Select the one answer that does not fit in the blanks.
a. Means
b. Opportunity
c. Motive
d. Collusion.
115The goal of an interrogation is to?
a. Gather enough evidence to consider the subject a suspect
b. Gather enough evidence to consider the individual a witness
c. To discern the who, what, when, where, why, and how of a crime
d. Clear the suspect of all suspicion
116Health Insurance Portability and Accountability Act (HIPAA) is a framework
to provide guidance in providing all but which of the following for a health
organization?
a. Security
b. Availability
c. Integrity
d. Privacy
117Which element of Intellectual Property law grants the owner 17 years of
exclusive use?
a. Trademark
b. Trade secret
c. Copyright
d. Patent
118Which of the following is not an element of the evidence life cycle?
a. Identification
b. Transportation
c. Destruction
d. Return to owner
119Evidence obtained from a secondary source rather than first hand knowledge
or experience is known as?
a. Secondary evidence
b. Circumstantial evidence
c. Hearsay evidence
d. Conclusive evidence
120Tempting someone into committing a crime through coercion is known as?
a. Enticement
b. A sting operation
c. Entrapment
d. Penetration testing
Page 18
121Which of the following granted customers the ability to prohibit banks and
financial institutions from sharing their personal information with nonaffiliated
third parties?
a. U.S. computer Fraud and Abuse Act
b. U.S. Privacy Act 1974
c. Gramm Leach Bliley Act of 1999
d. U.S. National Information Infrastructure Protection Act 1996
122What type of law is concerned with protection of the public and is able to
assign imprisonment as a punishment?
a. Civil law
b. Intellectual Property law
c. Criminal law
d. Regulatory law
123What branch of the US government is responsible for creating common law?
a. Legislative branch
b. Administrative agencies
c. Judicial branch
d. Presidential branch
124American companies can export any encrypted product to?
a. Any member of the European Union
b. Only to England
c. To any non-communist country in the world
d. To all countries by Iraq, China, and Vietnam.
125Electronic monitoring of online access must be performed how?
a. Using logical and technical mechanisms
b. In a legal and consistent manner
c. Only under the consent of the monitored
d. Differently for each classification of user
Page 19
Related documents
Why does crime happen at certain places?
Why does crime happen at certain places?
Unit 9-10 Vocab List - Kenston Local Schools
Unit 9-10 Vocab List - Kenston Local Schools
CHAPTER 1 QUESTIONS
CHAPTER 1 QUESTIONS
AJ 53 – Police Field Operations - Sierra College Administration of
AJ 53 – Police Field Operations - Sierra College Administration of
Digital Crime Scene
Digital Crime Scene
“Contrasting the early 19th versus early 21st Centuries”
“Contrasting the early 19th versus early 21st Centuries”
Download
advertisement