Note: Pardon the messiness of the questions. These questions come from my podcast and will be cleaning the questions up over the coming weeks.
Abstract episodes of interaction between a system and its environment:
CORRECT ANSWER - Use cases
A list of the most widespread and critical errors that can lead to serious vulnerabilities in software:
CORRECT ANSWER - Information security continuous monitoring (ISCM)
This criteria requires sufficient test cases for each program statement to be executed at least once; however, its achievement is insufficient to provide confidence in a software product's behavior:
CORRECT ANSWER - Statement coverage
An edict stating that all evidence be labeled with information about who secured it and who validated it is called _______________.
CORRECT ANSWER -
A thorough and accurate chain of custody record is critical in an investigation process. The process includes labeling physical evidence and compiling a complete history of how evidence was collected, analyzed, transported and preserved.
The golden arches of McDonald's are protected under what intellectual property law?
CORRECT ANSWER - A. Trademark
Trademarks can exist in a variety of forms -- a word, shape, graphic or phrase. The determining factor is whether or not it alone represents the larger organization in the eyes of the outside world. McDonald's, for example, is known worldwide for its golden arches. This symbol is an identifier of the restaurant and thus falls under trademark law.
Which is not true of the Federal Sentencing Guidelines, which were enacted in 1991?
CORRECT ANSWER - C. Established a maximum fine of $100 million
Because laws and sentencing guidelines were not addressing white-collar crimes related to technology, the Federal Sentencing Guidelines were developed. These guidelines targeted the assumed responsibilities of senior executives and imposed maximum fines of $290 million per instance. However, these fines could be avoided if companies could prove proper due diligence and due care, and the existence of company-wide security policies and programs.
There are different categories for evidence depending upon what form it is in and possibly how it was collected. Which of the following is considered supporting evidence?
CORRECT ANSWER - B. Corroborative evidence
Corroborative evidence cannot stand alone, but instead is used as supporting information in a trial. It is often testimony indirectly related to the case but offers enough correlation to supplement the lawyer's argument. The other choices are all types of evidence that can stand alone.
Computer-generated or electronic information is most often categorized as what type of evidence?
CORRECT ANSWER - B. Hearsay
Because computer files and systems can be modified after the fact without others being aware of it, they are considered hearsay evidence. Hearsay evidence is not considered reliable or trustworthy because it is not firsthand evidence.
Which type of law punishes the individuals with financial restitution instead of jail penalties?
CORRECT ANSWER - A. Tort
Tort, a type of civil law, deals only with financial restitution or community service as punishments. Typically, civil lawsuits do not require the degree of burden of proof that criminal cases require. Administrative law deals with government-imposed regulations on large organizations and companies in order to protect the safety and best interest of their employees and customers.
If a waiter tells his friends how the restaurant's famous secret sauce is made, what law has he violated?
CORRECT ANSWER - C. Trade secret
A trade secret can be many things, but the cardinal rule is that it must provide the company with a competitive advantage. A restaurant's secret sauce would qualify as a trade secret, which means it could prosecute the waiter for violating the law.
What is the first step in forensic analysis at a cybercrime scene?
CORRECT ANSWER -
The first step in a forensic investigation is to make a copy of the hard drive. This method ensures that the original system is not altered in any way during the investigation process.
Which organization posts four primary Code of Ethics canons involving societal protection, individual honorability, diligent service and professional development?
CORRECT ANSWER - B. (ISC)2
The (ISC)2 demands that its members follow four main canons of ethics. The canons listed on their Web site (www.isc2.org) are:
Witness testimony would be classified as what type of evidence?
CORRECT ANSWER - B. Secondary
Secondary evidence is not as reliable as best evidence and may need supporting evidence. Typically, oral evidence like testimonies is placed in this category. Also, copies of documents are considered secondary in nature. The other choices are all types of evidence that can stand alone.
Which of the following would protect a senior executive in a liability lawsuit brought on by an employee?
CORRECT ANSWER - A. He is able to demonstrate that due diligence and due care were established and followed.
The Federal Sentencing Guidelines were developed to establish more detail in what is expected of executives within companies. It promotes consistent due diligence and due care by the management team. If the executive can prove that proper due diligence and due care were practiced, then it is conceivable that he would not be liable in the suit.