keywords:
Bookmark and Share



Front Back
1. Which of the following does the IAB consider unethical? A. Creating a computer virus B. Entering information into a web page C. Performing a penetration test on a host on the Internet D. Disrupting Internet communications
1. D. The Internet Architecture Board (IAB) is a committee for Internet design, engineering, and management. It considers the use of the Internet to be a privilege that should be treated as such. The IAB considers the following acts unethical and unacceptable behavior: • Purposely seeking to gain unauthorized access to Internet resources • Disrupting the intended use of the Internet • Wasting resources (people, capacity, and computers) through purposeful actions • Destroying the integrity of computer-based information • Compromising the privacy of others • Negligence in the conduct of Internet-wide experiments
2. What is the study of computers and surrounding technologies and how they relate to crime? A. Computer forensics B. Computer vulnerability analysis C. Incident handling D. Computer information criteria
2. A. Computer forensics is a field that specializes in understanding and properly extracting evidence from computers and peripheral devices for the purpose of prosecution. Collecting this type of evidence requires a skill set and understanding of several relative laws.
3. Which of the following does the IAB consider unethical behavior? A. Internet users who conceal unauthorized accesses B. Internet users who waste computer resources C. Internet users who write viruses D. Internet users who monitor traffic
3. B. This question is similar to question 1. The IAB has declared wasting computer resources through purposeful activities unethical because it sees these resources as assets that are to be available for the computing society.
4. After a computer forensics investigator seizes a computer during a crime investigation, what is the next step? A. Label and put it into a container, and then label the container. B. Dust the evidence for fingerprints. C. Make an image copy of the disks. D. Lock the evidence in the safe.
4. C. Several steps need to be followed when gathering and extracting evidence from a scene. Once a computer has been confiscated, the first thing the computer forensics team should do is make an image of the hard drive. The team will work from this image instead of the original hard drive so it stays in a pristine state and the evidence on the drive is not accidentally corrupted or modified.
5. A CISSP candidate signs an ethics statement prior to taking the CISSP examination. Which of the following would be a violation of the (ISC)2 Code of Ethics that could cause the candidate to lose his or her certification? A. E-mailing information or comments about the exam to other CISSP candidates B. Submitting comments on the questions of the exam to (ISC)2 C. Submitting comments to the board of directors regarding the test and content of the class D. Conducting a presentation about the CISSP certification and what the certification means
5. A. A CISSP candidate and a CISSP holder should never discuss with others what was on the exam. This degrades the usefulness of the exam to be used as a tool to test someone’s true security knowledge. If this type of activity is uncovered, the person could be stripped of their CISSP certification.
6. If your company gives you a new PC and you find residual information about confidential company issues, what should you do based on the (ISC)2 Code of Ethics? A. Contact the owner of the file and inform him about it. Copy it to a disk, give it to him, and delete your copy. B. Delete the document because it was not meant for you. C. Inform management of your findings so it can make sure this type of thing does not happen again. D. E-mail it to both the author and management so everyone is aware of what is going on.
6. C. When dealing with the possible compromise of confidential company information or intellectual property, management should be informed and be involved as soon as possible. Management members are the ones who are ultimately responsible for this data and who understand the damage its leakage can cause. An employee should not attempt to address and deal with these issues on his own.
7. Why is it difficult to investigate computer crime and track down the criminal? A. Privacy laws are written to protect people from being investigated for these types of crimes. B. Special equipment and tools are necessary to detect these types of criminals. C. Criminals can hide their identity and hop from one network to the next. D. The police have no jurisdiction over the Internet.
7. C. Spoofing one’s identity and being able to traverse anonymously through different networks and the Internet increase the complexity and difficulty of tracking down criminals who carry out computer crimes. It is very easy to commit many damaging crimes from across the country or world, and this type of activity can be difficult for law enforcement to track down.
8. Protecting evidence and providing accountability for who handled it at different steps during the investigation is referred to as what? A. The rule of best evidence B. Hearsay C. Evidence safety D. Chain of custody
8. D. Properly following the chain of custody for evidence is crucial for it to be admissible in court. A chain of custody is a history that shows how evidence was collected, analyzed, transported, and preserved in order to establish that it is sufficiently trustworthy to be presented as evidence in court. Because electronic evidence can be easily modified, a clearly defined chain of custody demonstrates that the evidence is trustworthy.
9. If an investigator needs to communicate with another investigator but does not want the criminal to be able to eavesdrop on this conversation, what type of communication should be used? A. Digitally signed messages B. Out-of-band messages C. Forensics frequency D. Authentication and access control
9. B. Out-of-band communication means to communicate through some other type of communication channel. For example, if law enforcement agents are investigating a crime on a network, they should not share information through e-mail that passes along this network. The criminal may still have sniffers installed and thus be able to access this data.
10. Why is it challenging to collect and identify computer evidence to be used in a court of law? A. The evidence is mostly intangible. B. The evidence is mostly corrupted. C. The evidence is mostly encrypted. D. The evidence is mostly tangible.
10. A. The evidence in computer crimes usually comes straight from computers themselves. This means the data are held as electronic voltages, which are represented as binary bits. Some data can be held on hard drives and peripheral devices, and some data may be held in the memory of the system itself. This type of evidence is intangible in that it is not made up of objects one can hold, see, and easily understand. Other types of crimes usually have evidence that is more tangible in nature, and which is easier to handle and control.
11. The chain of custody of evidence describes who obtained the evidence and __________. A. Who secured it and stole it B. Who controlled it and broke it C. Who secured it and validated it D. Who controlled it and duplicated it
11. C. The chain of custody outlines a process to ensure that under no circumstance was there a possibility for the evidence to be tampered with. If the chain of custody is broken, there is a high probability that the evidence will not be admissible in court. If it is admitted, it will not carry as much weight.
12. Before shutting down a system suspected of an attack, the investigator should do what? A. Remove and back up the hard drive B. Dump memory contents to disk C. Remove it from the network D. Save data in the spooler queue and temporary files
12. B. If the computer was actually attacked or involved in a computer crime, there is a good possibility that useful information could still reside in memory. Specific tools can be used to actually dump this information and save it for analysis before the power is removed.
13. Why is computer-generated documentation usually considered unreliable evidence? A. It is primary evidence. B. It is too difficult to detect prior modifications. C. It is corroborative evidence. D. It is not covered under criminal law, but it is covered under civil law.
13. B. It can be very difficult to determine if computer-generated material has been modified before it is presented in court. Since this type of evidence can be altered without being detected, the court cannot put a lot of weight on this evidence. Many times, computer-generated evidence is considered hearsay in that there is no firsthand proof backing it up.
14. Which of the following is a necessary characteristic of evidence for it to be admissible? A. It must be real. B. It must be noteworthy. C. It must be reliable. D. It must be important.
14. C. For evidence to be admissible, it must be sufficient, reliable, and relevant to the case. For evidence to be reliable, it must be consistent with fact and must not be based on opinion or be circumstantial.
15. In the United States, what agency usually works with the FBI when investigating computer crimes? A. (ISC)2 B. The Secret Service C. The CIA D. The state police
15. B. The FBI and Secret Service are both responsible for investigating computer crimes. They have their own jurisdictions and rules outlining who investigates which types of crimes.
16. If a company deliberately planted a flaw in one of its systems in the hope of detecting an attempted penetration and exploitation of this flaw, what would this be called? A. Incident recovery response B. Entrapment C. Illegal D. Enticement
16. D. Companies need to be very careful about the items they use to entice intruders and attackers, because this may be seen as entrapment by the court. It is best to get the legal department involved before implementing these items. Putting a honeypot in place is usually seen as the use of enticement tools.
17. If an employee is suspected of wrongdoing in a computer crime, what department must be involved? A. Human resources B. Legal C. Audit D. Payroll
17. A. It is imperative that the company gets human resources involved if an employee is considered a suspect in a computer crime. This department knows the laws and regulations pertaining to employee treatment and can work to protect the employee and the company at the same time.
18. When would an investigator’s notebook be admissible in court? A. When he uses it to refresh memory B. When he cannot be present for testimony C. When requested by the judge to learn the original issues of the investigations D. When no other physical evidence is available
18. A. Notes that are taken by an investigator will, in most cases, not be admissible in court as evidence. This is not seen as reliable information and can only be used by the investigator to help him remember activities during the investigation.
19. Disks and other media that are copies of the original evidence are considered what? A. Primary evidence B. Reliable and sufficient evidence C. Hearsay evidence D. Conclusive evidence
19. C. In most cases, computer-related evidence falls under the hearsay category, because it is seen as copies of the original data that are held in the computer itself and can be modified without any indication. Evidence is considered hearsay when there is no firsthand proof in place to validate it.
20. If a company does not inform employees that they may be monitored and does not have a policy stating how monitoring should take place, what should a company do? A. Don’t monitor employees in any fashion. B. Monitor during off-hours and slow times. C. Obtain a search warrant before monitoring an employee. D. Monitor anyway—they are covered by two laws allowing them to do this.
20. A. Before a company can monitor its employees, it is supposed to inform them that this type of activity can take place. If a company monitors an employee without telling him, this could be seen as an invasion of privacy. The employee had an expected level of privacy that was invaded. The company should implement monitoring capabilities into its security policy and employee security-awareness programs.
21. What is one reason why successfully prosecuting computer crimes is so challenging? A. There is no way to capture electrical data reliably. B. The evidence in computer cases does not follow best evidence directives. C. These crimes do not always fall into the traditional criminal activity categories. D. Wiretapping is hard to do legally.
21. C. We have an infrastructure set up to investigate and prosecute crimes: law enforcement, laws, lawyers, courts, juries, judges, and so on. This infrastructure has a long history of prosecuting “traditional” crimes. Only in the last five years have computer crimes been prosecuted more regularly; thus, these types of crimes are not fully rooted in the legal system with all of the necessary and useful precedents.
22. When can executives be charged with negligence? A. If they follow the transborder laws B. If they do not properly report and prosecute attackers C. If they properly inform users that they may be monitored D. If they do not practice due care when protecting resources
22. D. Executives are held to a certain standard and are expected to act responsibly when running and protecting a company. These standards and expectations equate to the due care concept under the law. Due care means to carry out activities that a reasonable person would be expected to carry out in the same situation. If an executive acts irresponsibly in any way, she can be seen as not practicing due care and be held negligent.
23. To better deal with computer crime, several legislative bodies have taken what steps in their strategy? A. Expanded several privacy laws B. Broadened the definition of property to include data C. Required corporations to have computer crime insurance D. Redefined transborder issues
23. B. Many times, what is corrupted, compromised, or taken from a computer is data, so current laws have been updated to include the protection of intangible assets, as in data. Over the years, data and information have become many companies’ most valuable asset, which must be protected by the laws.
24. Many privacy laws dictate which of the following rules? A. Individuals have a right to remove any data they do not want others to know. B. Agencies do not need to ensure that the data is accurate. C. Agencies need to allow all government agencies access to the data. D. Agencies cannot use collected data for a purpose different from what it was collected for.
24. D. The Federal Privacy Act of 1974 and the European Union Principles on Privacy were created to protect citizens from government agencies that collect personal data. These acts have many stipulations, including that the information can only be used for the reason for which it was collected.
25. Which of the following is not true about dumpster diving? A. It is legal. B. It is illegal. C. It is a breach of physical security. D. It is gathering data from places people would not expect to be raided.
25. B. Dumpster diving is the act of going through someone’s trash with the hope of uncovering useful information. Dumpster diving is legal if it does not involve trespassing, but it is unethical.
x of y cards