CIS 438 Final Exam

Strayer CIS 438 Information Security Legal Issues, Final Exam. 13 page pdf with 50 Correct Questions and Answers.
Example:
CIS438 Final Exam
Question 1
The bad faith registration of a domain name that’s a registered trademark or trade name of another entity is referred to as:
Answer
Patent infringement
Strict liability in tort
Copyright infringement
Cybersquatting
Question 2
What is required for an invention or discovery to be patentable?
Answer
Must be novel
Must be useful
Must be non-obvious
All of the above

Download Now
(sent via email)

Question 3
__________ means that an inventor can hold an infringer liable for violating a patent even if the infringer acted unwittingly.
Answer
Patent infringement
Strict liability
Property interest
Patent prosecution
Question 4
_____________ are used to protect words, logos, and symbols that identify a product or services.
Answer
Trademarks
Patents
Strict liability
Trade secrets
Question 5
A legal owner of property has the right to use it in any way they want to, and the power to give those rights to another. This is called _____________.
Answer
copyright
trade secret
property interest
intellectual property
Question 6
Patents, trademarks, and copyrights are all types of _________________.
Answer
Real property
Personal property
Intellectual property
Property interest
Question 7
Utility, plan, and design are all types of _________________.
Answer
Patents
Copyrights
Trademarks
None of the above
Question 8
Data destruction policies do not include which of the following?
Answer
Identification of data ready for destruction
Proper destruction methods for different kinds of data or storage media
Consequences for improper destruction
How long the data should be retained
Question 9
A board of directors uses ______________________ to set forth its information security plans.
Answer
policies
financial statements
standards
goals
Question 10
Which of the following steps occurs before any of the others in a formal policy development process?
Answer
Management approval
Documentation of compliance or exceptions
Stakeholder review
Maintenance and review
Question 11
Data __________________ policies state how data is controlled throughout its life cycle.
Answer
retention
privacy
detention
use
Question 12
What kind of policy would contain a No Retaliation element?
Answer
Acceptable use
Anti-harassment
Intellectual property
Authentication
Question 13
Which of the following would not appear in an IT acceptable use policy (AUP)?
Answer
Data retention
File sharing
E-mail
Non-business Internet use
Question 14
What is a legal concept that protects an entity from legal liability and is written into the law? Entities that encrypt the personal information that they own or maintain do not have to follow the notification requirements of this concept if they have a data breach.
Answer
Safety net
Caveat emptor
Safe harbor
Malpractice Act of 1998
Question 15
The __________________ was created after a security breach at a state-operated data facility.
Answer
California Database Security Breach Notification Act
Utah Database Security Breach Notification Act
Texas Database Security Breach Notification Act
New York Database Security Breach Notification Act
Question 16
The California Database Security Breach Notification Act applies to:
Answer
State agencies
Non-profit organizations
Private organizations and businesses
All of the above
Question 17
Which of the following may be exempt from state breach notification laws because they are already subject to other laws with specific data security requirements?
Answer
GLBA financial institutions
Entities covered by HIPAA
A and B
Neither A nor B
Question 18
Which of the following is a type of damage that is awarded when no financial loss is suffered as a result of the breach?
Answer
Compensatory
Consequential
Liquidated
Nominal
Question 19
__________________means that a party performs all material contract promises.
Answer
Complete performance
Substantial performance
Incomplete performance
None of the above
Question 20
Which of the following lack contractual capacity to enter into a contract:
Answer
Children under the age of 18
People who are mentally incompetent
A and B
Neither A nor B
Question 21
A(n) ______________________ is an invitation to enter into a relationship or transaction of some kind.
Answer
acceptance
offer
negotiation
capacity
Question 22
A ________________ is usually presented to a user when they are purchasing software or services via the Internet.
Answer
shrink-wrap contract
click-wrap contract
browsewrap contract
None of the above
Question 23
The term _________________ almost exclusively refers to software license agreements that are included within a box of physical-media software.
Answer
shrink-wrap contract
click-wrap contract
browsewrap contract
None of the above
Question 24
A party that doesn’t perform his or her contract promises is referred to as ______________________.
Answer
complete performance
substantial performance
incomplete performance
None of the above
Question 25
The American legal system is based in large part on ____________________ common law.
Answer
English
French
state
colonial
Question 26
Which statement is true about the burden of proof in a criminal case?
Answer
The victim must prove that he or she suffered loss and was damaged as a result of the crime.
The defendant must prove that he or she did not violate the law.
The government bears the burden of proving that the defendant violated the law.
None of the above
Question 27
_________________ means guilty mind.
Answer
Mens rea
Actus reus
Mala in se
Mala prohibita
Question 28
Article ___________ of the U.S. Constitution includes provisions for how the government should handle crimes.
Answer
I
II
III
IV
Question 29
Which amendment to the U.S. Constitution guarantees defendants a speedy trial?
Answer
Second
Fourth
Sixth
Eighth
Question 30
Most torts involving computers are _________________ torts.
Answer
intentional
strict liability
negligent
None of the above
Question 31
All phishing crimes are prosecuted under which federal act?
Answer
CAN-SPAM
Anti-Cybersquatting Consumer Protection Act
Identity Theft and Assumption Deterrence Act
None of the above
Question 32
_____________________ is a legal concept that means people can be held responsible for their actions even when they didn’t intend to cause harm to another person.
Answer
Intentional liability
Strict liability
Negligent liability
Consequential liability
Question 33
The ______________________ was created by Congress to protect data collected by the government.
Answer
Computer Security Act (CSA)
Privacy Act of 1974
E-Government Act of 2002
Federal Information and Security Management Act (FISMA)
Question 34
What was the first federal law to address federal computer security?
Answer
Federal Information Security Management Act (FISMA)
Computer Security Act (CSA)
Sarbanes-Oxley Act (SOX)
The E-Privacy Act
Question 35
Which of the following are types of export control regulations?
Answer
International Traffic in Arms Regulations (ITAR)
Export Administration Regulations (EAR)
A and B
Neither A nor B
Question 36
Under the ____________________, federal agencies must 1) review their IT systems for privacy risks, 2) post privacy policies on their Web sites, 3) post machine-readable privacy policies on their Web sites, and 4) report privacy activities to the OMB.
Answer
Computer Security Act (CSA)
Privacy Act of 1974
E-Government Act of 2002
None of the above
Question 37
______________________ includes identification of the threats and vulnerabilities to the organization’s IT resources and determining the impact of those threats and vulnerabilities.
Answer
Risk assessment
Risk response
Operational planning
Security planning
Question 38
Following a disaster, what is the best kind of site if you need to resume operations in the shortest possible time?
Answer
Hot
Cold
Warm
Nearby
Question 39
Which of the following is designed to help an organization continue to operate during and after a disruption?
Answer
Incident response plan
Business continuity plan
Disaster recovery plan
Risk mitigation plan
Question 40
What do you compare in a risk-level matrix when evaluating the elements of a risk?
Answer
Threat and available controls
Threat likelihood and impact
Impact and severity
Cost and impact
Question 41
All of the following are true statements about qualitative risk assessment except:
Answer
Easy to administer
Doesn’t require formal knowledge to administer
Calculations are simple
Very objective, can be used to make cost-benefit decisions
Question 42
A risk assessment ___________.
Answer
should be as broad as possible in scope
should be narrowly scoped
does not need to consider conflicts of interest in selecting team members
should only have the approval of information security managers or other subject matter experts
Question 43
Which of the following is not a common contingency plan?
Answer
Information assurance
Incident response
Disaster recovery
Business continuity
Question 44
___________ includes reviewing transaction logs and uses real-time monitoring to find evidence.
Answer
Media analysis
Code analysis
Network analysis
None of the above
Question 45
All of the following are true regarding the plain view doctrine except:
Answer
A warrant is always required to use plain view evidence in court.
A warrant is not required to search and seize evidence if it’s in plain view.
Officers must be able to see the evidence from a place where the officer has a right to be.
The doctrine is often used to seize drugs that an officer can plainly see through a car window from the street.
Question 46
The _________________ creates international guiding principles for computer forensic examiners.
Answer
International Organization on Computer Evidence (IOCE)
U.S. Federal Bureau of Investigations (FBI)
International Association of Computer Investigative Specialists (IACIS)
American Bar Association Forensic Division
Question 47
A _____________ occurs when the government interferes with a person’s property.
Answer
search
seizure
collection
None of the above
Question 48
CCE, CCFE, CFCE, and GCFA are all examples of:
Answer
State agencies that regulate how digital evidence is collected
Federal agencies empowered to license forensic examiners
Federal computer forensic oversight boards
Computer forensic examiner certifications
Question 49
A _____________ occurs when a person’s reasonable expectation of privacy in a place or thing is compromised.
Answer
search
seizure
collection
None of the above
Question 50
Computer forensic examiners secure the crime scene and any electronic devices and ensure no one tampers with or modifies evidence during the ________________________ phase of an investigative process.
Answer
identification
preservation
collection
examination

Discussion one:

Create a hierarchy of five (no more or no less) of the most important topics that
you feel need to be addressed in this one-day course that best fits the course
title of “Information Security Legal Issues: The Essentials Presented in One
Day.” Give a detailed rationale for each of the five topics.

1. Privacy
Privacy is an area of growing concern for individuals as well as organizations.
Personal information is stored in many locations, within many companies and
identity theft is a real issue. Understanding what data needs to be protected,
how it needs to be protected, from whom it needs to be protected is a
requirement of governments, businesses and individuals.
2. American Legal System
Individuals and organizations must follow laws, rules and regulations.
Regulatory compliance is influencing security and privacy practices.
Organizations must take a more structured approach to addressing information
security and privacy issues in order to meet their compliance requirements.
The American legal system included Federal and State governments, laws and
different court systems. The US Constitution is the basis for the American legal
system.
3. Intellectual Property Law
A person’s creative ideas, inventions and innovations are protected by the IP
Law once they are put into physical form. Protection of IP can be in the form of
patents, trademarks and copyrights. IP laws give give the owner of the
intellectual property a means to take action against people who violate their IP
rights.
4ยท Information Security Governance
ISG makes sure that information goals are used to meet business goals. This
means the organization uses the security goals of CIA in a way that makes sense
for the business. ISG also makes sure there is proper accountability and
oversight for meeting these goals. Standards, guidelines, and procedures are
used to support policies. They explain how employees meet policy goals. A
training and awareness program is a key part of an information security
program. It helps make sure employees are aware of their duties.
s. Laws Influencing Information Security
This section is broad and covers many areas such as security of financial
information, children and education records and health records. Identity theft
is a growing crime, theft of credit card data (Target), theft of health records (S.C
Dept of Health and Human Resources), financial information (Bank of America)
show us our personal data is not safe. Laws and standards working together can
protect consumers from identity theft.

Discussion two:

Using 140 characters or less (the length of a Tweet), summarize the importance
of this class to someone unfamiliar with the concepts.

Protecting the confidentiality, integrity and availability of corporate data is a
critical process. Laws have been enacted to protect different types of
information. This course covers concepts of information security, privacy and
the law. It also covers the federal and state laws and legal concepts that affect
how governments and organizations perceive information security. The use of
case studies and research papers to help explain the different concepts
discussed during the course.