CISSP认证考试（法律、法规、调查与合规）模拟试卷1 - 众享搜题网

登录　| 注册　| 充值

首页 > 计算机 > CISSP认证 > CISSP认证考试（法律、法规、调查与合规）模拟试卷1

Cyberlaw categorizes computer-related crime into three categories. Which of the following is an example of a crime in which the use of a computer would be categorized as incidental? Carrying out a buffer overflow to take control of a system The electronic distribution of child pornography Attacking financial systems to steal funds Capturing passwords as they are sent to the authentication server

Which organization has been developed to deal with economic, social, and governance issues, and with how sensitive data is transported over borders? European Union Council of Europe Safe Harbor Organisation for Economic Co-operation and Development

Different countries have different legal systems. Which of the following correctly describes customary law? Not many countries work under this law purely; most instead use a mixed system where this law, which deals mainly with personal conduct and patterns of behavior, is an integrated component. It covers all aspects of human life, but is commonly divided into responsibilities and obligations to others, and religious duties. It is a rule-based law focused on codified law. Based on previous interpretations of laws, this system reflects the community’s morals and expectations.

Widgets Inc. wishes to protect its logo from unauthorized use. Which of the following will protect the logo and ensure that others cannot copy and use it? Patent Copyright Trademark Trade secret law

There are four categories of software licensing. Which of the following refers to software sold at a reduced cost? Shareware Academic software Freeware Commercial software

There are different types of approaches to regulations. Which of the following is an example of self-regulation? The Health Insurance Portability and Accountability Act The Sarbanes-Oxley Act The Computer Fraud and Abuse Act PCI Data Security Standard

Which of the following means that a company did all it could have reasonably done to prevent a security breach? Downstream liability Responsibility Due diligence Due care

There are three different types of incident response teams. Which of the following correctly describes a virtual team? It consists of experts who have other duties within the organization. It can be cost prohibitive to smaller organizations. It is a hybrid model. Core members are permanently assigned to the team.

A suspected crime has been reported within your organization. Which of the following steps should the incident response team take first? Establish a procedure for responding to the incident. Call in forensics experts. Determine that a crime has been committed. Notify senior management.

During an incident response, what stage involves mitigating the damage caused by an incident? Investigation Containment Triage Analysis

Which of the following is a correct statement regarding computer forensics? It is the study of computer technology. It is a set of hardware-specific processes that must be followed in order for evidence to be admissible in a court of law. It encompasses network and code analysis, and may be referred to as electronic data discovery. Computer forensics responsibilities should be assigned to a network administrator before an incident occurs.

Which of the following dictates that all evidence be labeled with information indicating who secured and validated it? Chain of custody Due care Investigation Motive, Opportunity, and Means

There are several categories of evidence. How is a witness’s oral testimony categorized? Best evidence Secondary evidence Circumstantial evidence Conclusive evidence

For evidence to be legally admissible, it must be authentic, complete, sufficient, and reliable. Which characteristic refers to the evidence having a reasonable and sensible relationship to the findings? Complete Reliable Authentic Sufficient

Which of the following best describes exigent circumstances? The methods used to capture a suspect’s actions are neither legal nor ethical. Enticement is used to capture a suspect’s actions. Hacking does not actually hurt anyone. The seizure of evidence by law enforcement because there is concern that a suspect will attempt to destroy it.

What role does the Internet Architecture Board play regarding technology and ethics? It creates criminal sentencing guidelines. It issues ethics-related statements concerning the use of the Internet. It edits Request for Comments. It maintains ten commandments for ethical behavior.

Which of the following statements is not true of dumpster diving? It is legal. It is unethical. It is illegal. It is a nontechnical attack.

Which of the following is a legal form of eavesdropping when performed with prior consent or a warrant? Denial of Service Dumpster diving Wiretapping Data diddling

What type of common law deals with violations committed by individuals against government laws, which are created to protect the public? Criminal law Civil law Tort law Regulatory law

During what stage of incident response is it determined if the source of the incident was internal or external, and how the offender penetrated and gained access to the asset? Analysis Containment Tracking Follow-up

相关试卷

CISSP认证考试模拟试卷4
CISSP认证考试模拟试卷3
CISSP认证考试模拟试卷2
CISSP认证考试模拟试卷1
CISSP认证考试（软件开发安全）模拟试卷1
CISSP认证考试（访问控制）模拟试卷1
CISSP认证考试（信息安全治理与风险管理）模拟试卷1
CISSP认证考试（通信安全与网络安全）模拟试卷1
CISSP认证考试（安全体系结构和设计）模拟试卷1
CISSP认证考试（密码学）模拟试卷1
CISSP认证考试（物理安全与环境安全）模拟试卷1
CISSP认证考试（法律、法规、调查与合规）模拟试卷1
CISSP认证考试（业务连续性和灾难恢复）模拟试卷1
CISSP认证考试（安全运营）模拟试卷1