Legal Regulation ComplianceInvestigation1.docx

1、Legal Regulation Compliance Investigation1Legal, Regulation, Compliance, and InvestigationTop of Form1. Question: 246 | Difficulty: 3/5 | Relevancy: 3/3 Which of the following proves or disproves a specific act through oral testimony based on information gathered through the witnesss five senses?o d

2、irect evidence o best evidence o conclusive evidence o hearsay evidence A. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 310.Also check out: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002,

3、chapter 10: Law, Investigation, and Ethics (page 678).Contributors: Eric Yandell, don murdochStudy area: CISSP CBK domain #9 - Legal, Regulations, Compliance and InvestigationsCovered topic: Evidence types and admissibility This question Copyright 20032006 Eric Yandell, cccure.org. 2. Question: 1210

4、 | Difficulty: 3/5 | Relevancy: 3/3 What is called an exception to the search warrant requirement that allows an officer to conduct a search without having the warrant in-hand if probable cause is present and destruction of the evidence is deemed imminent?o Evidence Circumstance Doctrine o Exigent C

5、ircumstance Doctrine o Evidence of Admissibility Doctrine o Exigent Probable Doctrine B. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 313.Contributors: Nick Mackovski, Christian VezinaStudy area: CISS

6、P CBK domain #9 - Legal, Regulations, Compliance and InvestigationsCovered topic: Evidence collection and preservation This question Copyright 20032006 Nick Mackovski, cccure.org. 3. Question: 1225 | Difficulty: 2/5 | Relevancy: 3/3 Law enforcement agencies must get a warrant to search and seize an

7、individuals property, as stated in the _ Amendment. Private citizens are not subject to protecting these amendment rules of others unless they are acting as police agents.o First. o Second. o Third. o Fourth. D. The correct answer is: Fourth.American citizens are protected by the Fourth Amendment ag

8、ainst unlawful search and seizure, so law enforcement agencies must have cause and request a search warrant from a judge or court before conducting such a search.Last modified 8/27/2007 - J. HajecThanks to Bo Weeks for providing an update to the resource.Comment: Resource: HARRIS, Shon, All-In-One C

9、ISSP Certification Exam Guide, Third Edition, McGraw-Hill/Osborne, 2005 (Page 786).Contributor: Nick MackovskiStudy area: CISSP CBK domain #9 - Legal, Regulations, Compliance and InvestigationsCovered topic: Evidence collection and preservation This question Copyright 20032006 Nick Mackovski, cccure

10、.org. 4. Question: 230 | Difficulty: 5/5 | Relevancy: 3/3 Which of the following provides for data collection limitations, the quality of data, specifications of the purpose for data collection, limitations of data use, participation by the individual on whom the data is being collected, and account

11、ability of the data controller?o 1980 Organization for Economic Cooperation and Development (OECD) Guidelines o 1974 U.S. Privacy Act o 1970 U.S. Fair Credit Reporting Act o 1973 U.S. Code of Fair Information Practices A. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering t

12、he Ten Domains of Computer Security, pages 305-307.Contributor: Eric YandellStudy area: CISSP CBK domain #9 - Legal, Regulations, Compliance and InvestigationsCovered topics (2): Computer laws, Evidence collection and preservation This question Copyright 20032006 Eric Yandell, cccure.org. 5. Questio

13、n: 1209 | Difficulty: 4/5 | Relevancy: 3/3 The criteria for evaluating the legal requirements for implementing safeguards is to evaluate the cost (C) of instituting the protection versus the estimated loss (L) resulting from the exploitation of the corresponding vulnerability. Therefore, a legal lia

14、bility exists when:o C L o C L o C L - (residual risk) Residual Risk seems cant be valued at monetary terms. Check the book.A. If the cost is lower than the estimated loss (C L), then a legal liability exists.Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domain

15、s of Computer Security, 2001, John Wiley & Sons, Page 315.Contributor: Nick MackovskiStudy area: CISSP CBK domain #9 - Legal, Regulations, Compliance and InvestigationsCovered topic: Legal liability This question Copyright 20032006 Nick Mackovski, cccure.org. 6. Question: 228 | Difficulty: 3/5 | Rel

16、evancy: 3/3 Which of the following addresses industrial and corporate espionage?o 1996 U.S Economic and Protection of Proprietary Information Act o Generally Accepted Systems Security Principles (GASSP) o 1980 Organization for Economic Cooperation and Development (OECD) o 1970 U.S. Racketeer Influen

17、ced and Corrupt Organization Act (RICO) A. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, pages 305-307.Contributor: Eric YandellStudy area: CISSP CBK domain #9 - Legal, Regulations, Compliance and InvestigationsCovered topic: Compu

18、ter laws This question Copyright 20032006 Eric Yandell, cccure.org. 7. Question: 1360 | Difficulty: 3/5 | Relevancy: 3/3 Why would a memory dump be admissible as evidence in court?o Because it is used to demonstrate the truth of the contents. o Because it is used to identify the state of the system.

19、 o Because the state of the memory cannot be used as evidence. o Because of the exclusionary rule. B. A memory dump can be admitted as evidence if it acts merely as a statement of fact. A system dump is not considered hearsay because it is used to identify the state of the system, not the truth of t

20、he contents. The exclusionary rule mentions that evidence must be gathered legally or it cant be used. This choice is a distracter.Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 10: Law, Investigation, and Ethics (page 187).Last modified 07/02/2007, Ron HehemannComment: Remember th

21、is is a real live snapshot of the systemContributor: Christian VezinaStudy area: CISSP CBK domain #9 - Legal, Regulations, Compliance and InvestigationsCovered topic: Evidence types and admissibility This question Copyright 20032006 Christian Vezina, cccure.org. 8. Question: 1520 | Difficulty: 4/5 |

22、 Relevancy: 3/3 Which of the following European Union (EU) principles pertaining to the protection of information on private individuals is incorrect?o Individuals have the right to correct errors contained in their personal data. o Data should be used only for the purposes for which it was collecte

23、d, and only for a reasonable period of time. o Transmission of personal information to other organizations or individuals is prohibited. o Individuals are entitled to receive a report on the information that is held about them. C. Information collected about an individual cannot be disclosed to othe

24、r organizations or individuals unless authorized by law or by consent of the individual. Also, transmission of personal information to locations where equivalent personal data protection cannot be assured is prohibited.Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the

25、Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 9: Law, Investigation, and Ethics (page 302).Contributor: Christian VezinaStudy area: CISSP CBK domain #9 - Legal, Regulations, Compliance and InvestigationsCovered topic: Protection of personal information This question Copyright 20

26、032006 Christian Vezina, cccure.org. 9. Question: 716 | Difficulty: 5/5 | Relevancy: 2/3 Which of the following made theft NO longer restricted to physical constraints?o The Electronic Espionage Act of 1996. o The Gramm Leach Bliley Act of 1999. o The Computer Security Act of 1987. o The Federal Pri

27、vacy Act of 1974. A. The correct answer is The Electronic Espionage Act of 1996 made theft no longer restricted to physical constraints.The other answers are incorrect because:The Gramm Leach Bliley Act of 1999 is incorrect as it deals with financial institutions.The Computer Security Act of 1987 is

28、 incorrect because it deals with federal agencies.The Federal Privacy Act of 1974 is incorrect because it also deals with federal agencies.Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, Chapter 10: Law, Investigation, and Ethics (page 691).Last Modified -

29、 18/09/07 - S G KrishnanComment: The Electronic Espionage Act of 1996 made theft no longer restricted to physical constraints. Assets could also be viewed as intangible objects that can also be stolen or disclosed or disclosed via technology means. The Gramm Leach Bliley Act deals with financial ins

30、titutions and the Computer Security Act and Federal Privacy Act deal with federal agencies.Contributor: Christian VezinaStudy area: CISSP CBK domain #9 - Legal, Regulations, Compliance and InvestigationsCovered topic: Computer laws This question Copyright 20032006 Christian Vezina, cccure.org. 10. Q

31、uestion: 715 | Difficulty: 4/5 | Relevancy: 3/3 Which of the following outlined how senior management are responsible for the computer and information security decisions that they make and what actually took place within their organizations?o The Computer Security Act of 1987. o The Federal Sentencing Guidelines of 1991. o The Economic Espionage Act of 1996. o The Computer Fraud and Abuse Act of 1986. B. In 1991, U.S. Federal Sentencing Guidelines were developed to provide judges with courses of action in dealing with white collar c