CISSP - Questions with Answers
Advertisement Area

1. According to the Internet Activities Board (IAB), an activity that causes which of the following is considered a violation of ethical behavior on the Internet?

  1. Wasting resources
  2. Appropriating other people's intellectual output
  3. Using a computer to steal
  4. Using a computer to bear false witness

Answer: A

Hint: The correct answer is A. Answers B, C, and D are ethical considerations of other organizations.

2. Which of the following best defines social engineering ?

  1. Illegal copying of software
  2. Gathering information from discarded manuals and printouts
  3. Using people skills to obtain proprietary information
  4. Destruction or alteration of data

Answer: C

Hint: The correct answer is C, using people skills to obtain proprietary information. Answer A is software piracy, answer B is dumpster diving, and answer D is a violation of integrity

3. Because the development of new technology usually outpaces the law, law enforcement uses which traditional laws to prosecute computer criminals?

  1. Malicious mischief
  2. Embezzlement, fraud and wiretapping
  3. Immigration
  4. Conspiracy and elimination of competition

Answer: B

Hint: The correct answer is B. Answer A is not a law, answer C is not applicable because it applies to obtaining visas and so on, and answer D is not correct because the laws in answer B are more commonly used to prosecute computer crimes.

4. Which of the following is NOT a category of law under the Common Law System ?

  1. Criminal law
  2. Civil law
  3. Administrative/Regulatory law
  4. Derived law

Answer: D

Hint: The correct answer is D. It is a distracter, and all of the other answers are categories under common law.

5. A trade secret:

  1. Provides the owner with a legally enforceable right to exclude others from practicing the art covered for a specified time period
  2. Protects original works of authorship
  3. Secures and maintains the confidentiality of proprietary technical or business-related information that is adequately protected from disclosure by the owner
  4. Is a word, name, symbol, color, sound, product shape, or device used to identify goods and to distinguish them from those made or sold by others

Answer: C

Hint: The correct answer is C. It defines a trade secret. Answer A refers to a patent. Answer B refers to a copyright. Answer D refers to a trademark.

6. Which of the following is NOT a European Union (EU) principle ?

  1. Data should be collected in accordance with the law.
  2. Transmission of personal information to locations where equivalent personal data protection cannot be assured is permissible.
  3. Data should be used only for the purposes for which it was collected and should be used only for a reasonable period of time.
  4. Information collected about an individual cannot be disclosed to other organization or individuals unless authorized by law or by consent of the individual.

Answer: B

Hint: The correct answer is B. The transmission of data to locations where equivalent personal data protection cannot be assured is NOT permissible. The other answers are EU principles.

7. The Federal Sentencing Guidelines :

  1. Hold senior, corporate officers personally liable if their organizations do not comply with the law
  2. Prohibit altering, damaging, or destroying information in a federal interest computer
  3. Prohibit eavesdropping or the interception of message contents
  4. Established a category of sensitive information called Sensitive But Unclassified (SBU)

Answer: A

Hint: Tne correct answer is A. Answer B is part of the U.S. Computer Fraud and Abuse Act. Answer C is part of the U.S. Electronic Communications Privacy Act. Answer D is part of the U.S. Computer Security Act.

8. What does the prudent man rule require ?

  1. Senior officals to post performance bonds for their actions
  2. Senior officials to perform their duties with the care that ordinary, prudent people would exercise under similar circumstances
  3. Senior officials to guarantee that all precautions have been taken and that no breaches of security can occur
  4. Senior officials to follow specified government standards

Answer: B

Hint: The correct answer is B. Answer A is a distracter and is not part of the prudent man rule. Answer C is incorrect because it is not possible to guarantee that breaches of security can never occur. Answer D is incorrect because the prudent man rule does not refer to a specific goverment standard but relates to what other prudent persons would do.

9. Information Warfare is:

  1. Attacking the information infrastructure of a nation to gain military and/or economic advantages
  2. Developing weapons systems based on artificial intelligence technology
  3. Generating and disseminating propaganda material
  4. Signal intelligence

Answer: A

Hint: The correct answer is A . Answer B is a distracter and has to do with weapon systems development. Answer C is not applicable. Answer D is the conventional acquisition of information from radio signals.

10. The chain of evidence relates to:

  1. Securing laptops to desks during an investigation
  2. DNA testing
  3. Handling and controlling evidence
  4. Making a disk image

Answer: C

Hint: The correct answer is C. Answer A relates to physical securiy, answer B is a type of biological testing, and answer D is part of the act of gathering evidence.

11. The Kennedy-Kassebaum Act is also known as:

  1. RICO
  2. OECD
  3. HIPAA
  4. EU Directive

Answer: C

Hint: The correct answer is C. The others refer to other laws or guidelines.

12. Which of the following refers to a U.S. government program that reduces or eliminates emanations from electronic equipment?

  1. CLIPPER
  2. ECHELON
  3. ECHO
  4. TEMPEST

Answer: D

Hint: The correct answer is D. Answer A refers to the U.S. government Escrowed Encryption Standard. Answer B is refers to the large-scale monitoring of RF transmissions. Answer C is a distracter.

13. Imprisonment is a possible sentence under:

  1. Civil (tort) law
  2. Criminal law
  3. Both civil and criminal law
  4. Neither civil nor criminal law

Answer: B

Hint: The correct answer is B. It is the only one of the choices where imprisonment is possible.

14. Which one of the following conditions must be met if legal electronic monitoring of employees is conducted by an organization?

  1. Employees must be unaware of the monitoring activity.
  2. All employees must agree with the monitoring policy.
  3. Results of the monitoring cannot be used against the employee.
  4. The organization must have a policy stating that all employees are regularly notified that monitoring is being conducted.

Answer: D

Hint: The correct answer is D. Answer A is incorrect because employees must be made aware of the monitoring if it is to be legal; answer B is incorrect because employees do not have to agree with the policy; and answer C is incorrect because the results of monitoring might be used against the employee if the corporate policy is violated.

15. Which of the following is a key principle in the evolution of computer crime laws in many countries?

  1. All members of the United Nations have agreed to uniformly define and prosecute computer crime.
  2. Existing laws against embezzlement, fraud, and wiretapping cannot be applied to computer crime.
  3. The definition of property was extended to include electronic information .
  4. Unauthorized acquisition of computer-based information without the intent to resell is not a crime.

Answer: C

Hint: The correct answer is C. Answer A is incorrect because all nations do not agree on the definition of computer crime and corresponding punishments. Answer B is incorrect because the existing laws can be applied against computer crime. Answer D is incorrect because in some countries, possession without intent to sell is considered a crime.

16. The concept of due care states that senior organizational management must ensure that:

  1. All risks to an information system are eliminated.
  2. Certain requirements must be fulfilled in carrying out their responsibilities to the organization.
  3. Other management personnel are delegated the responsibility for information system security.
  4. The cost of implementing safeguards is greater than the potential resultant losses resulting from information security breaches.

Answer: B

Hint: The correct answer is B. Answer A is incorrect because all risks to information systems cannot be eliminated; answer C is in correct because senior management cannot delegate its responsibility for information system security under due care; and answer D is incorrect because the cost of implementing safeguards should be less than or equal to the potential resulting losses relative to the exercise of due care.

17. Liability of senior organizational officials relative to the protection of the organization's information systems is prosecutable under:

  1. Criminal law
  2. Civil law
  3. International law
  4. Financial law

Answer: B

18. Responsibility for handling computer crimes in the United States is assigned to;

  1. The Federal Bureau of Investigation (FBI) and the Secret Service
  2. The FBI only
  3. The National Security Agency (NSA)
  4. The Central Intelligence Agency (CIA)

Answer: A

Hint: The correct answer is A, making the other answers incorrect.

19. In general, computer-based evidence is considered:

  1. Conclusive
  2. Circumstantial
  3. Secondary
  4. Hearsay

Answer: D

Hint: The correct answer is D. Answer A refers to incontrovertible evidence; answer B refers to inference from other, intermediate facts; and answer C refers to a copy of evidence or oral description of its content.

20. Investigating and prosecuting computer crimes is made more difficult because:

  1. Backups may be difficult to find
  2. Evidence is mostly intangible
  3. Evidence cannot be preserved
  4. Evidence is hearsay and can never be introduced into a court of law.

Answer: B

Hint: The correct answer is B. Answer A is incorrect because if backups are done, they usually can be located. Answer C is incorrect because evidence can be preserved using the proper procedures. Answer D is incorrect because there are exceptions to the hearsay rule.

21. Which of the following criteria are used to evaluate suspects in the commissions of a crime?

  1. Motive, Intent, and Ability
  2. Means, Object, and Motive
  3. Means, Intent, and Motive
  4. Motive, Means, and Opportunity

Answer: D

22. Which one of the following U.S. government entities was assigned the responsibility for improving government efficiency through the application of new technologies and for developing guidance on information security for government agencies by the Paperwork Reduction Act of 1980, 1995 ?

  1. The National Institute for Standards and Technology (NIST)
  2. The General services Administration (GSA)
  3. The Office of Management and Budget ( OMB)
  4. The National Security Agency (NSA)

Answer: C

23. What is enticement ?

  1. Encouraging the commission of a crime when there was initially no intent to commit a crime
  2. Assisting in the commission of a crime
  3. Luring the perpetrator to an attractive area or presenting the perpetrator with a lucrative target after the crime has already been initiated
  4. Encouraging the commission of the one crime over another

Answer: C

Hint: The correct answer is C, the definition of enticement. Answer A is the definition of entrapment. Answers B, and D are distracters.

24. Which of the following is NOT a computer investigation issue ?

  1. Evidence is easy to obtain.
  2. The time frame for investigation is compressed.
  3. An expert may be required to assist.
  4. The information is intangible.

Answer: A

Hint: The correct answer is A. In many instances, evidence is difficult to obtain in computer crime investigation issues.

25. Conducting a search without the delay of obtaining a warrant if destruction of evidence seems imminent is possible under:

  1. Federal Sentencing Guidelines
  2. Proximate Causation
  3. Exigent Cirumstances
  4. Prudent Man Rule

Answer: C

Hint: The correct answer is C. The other answers refer to other principles, guidelines, or rules.

26. Which one of the following items is NOT TRUE concerning the Platform for Privacy Preferences (P3P) developed by the World Wide Web Consortium (W3C)?

  1. It allows Web sites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents.
  2. It allows users to be informed of site practices in human-readable format.
  3. It does not provide the site privacy practices to users in machine-readable format.
  4. It automates decision-making based on the site's privacy practices when appropriate.

Answer: C

Hint: The correct answer is C. In addition to the capabilities in answers A, B, and D, P3P does provide the site privacy practices to users in machine-readable format.

27. The 1996 information Technology Management Reform Act (ITMRA),or Clinger-Cohen Act, did which one of the following?

  1. Relieved the General Services Administration of responsibility for procurement of automated systems and contract appeals and charged the Office of Management and Budget with poviding guidance on information technology procurement
  2. Relieved the General Services Administration of responsibility for procurement of automated systems and contract appeals and charged the National Institute for Standards and Technology with providing guidance on information technology procurement
  3. Relieved the Office of Management and Budget of responsibility for procurement of automated systems and contract appeals and charged the General Services Administration with providing guidance on information technology procurement
  4. Relieved the General Services Administration of responsibility for procurement of automated systems and contract appeals and charged the National Security Agency with providing guidance on information technology procurement

Answer: A

Hint: The correct answer is A. The other answers are distracters.

28. Which one of the following U.S. Acts prohibits trading, manufacturing, or selling in any way that is intented to bypass copyright protection mechanisms?

  1. The 1999 Uniform Information Transactions Act (UCITA)
  2. The 1998 Digital Millennium Copyright Act (DMCA)
  3. The 1998 Sonny Bono Copyright Term Extension Act
  4. The 1987 U.S. Computer Security Act

Answer: B

Hint: Answers A and D are distracters, Answer C, the 1998 Sonny Bono Copyright Term Extension Act, amends the provisions concerning duration of copyright protection. The Act states that the terms of copyright are generally extended for an additional 20 years.

29. Which of the following actions by the U.S. government is NOT permitted or required by the U.S. Patriot Act, signed into law on October 26, 2001 ?

  1. Subpoena of electronic records
  2. Monitoring of Internet communications
  3. Search and seizure of information on live systems (including routers and servers), backups, and archives
  4. Reporting of cash and wire transfers of $5,000 or more

Answer: D

Hint: Wire and cash transfers of $10,000 o more in a single transaction must be reported to government officials. Actions in answers A, B and C are permitted under the Patriot Act. In answers A and B, the government has new powers to subpoena electronic records and to monitor Internet traffic. In monitoring information, the government can require the assistance of ISPs and network operators. This monitoring can extend even into individual organizations. In the Patriot Act, Congress permits investigators to gather information about electronic mail without having to show probable cause that the person to be monitored had committed a crime or was intending to commit a crime . In answer C, the items cited now fall under existing search and seizure laws. A new twist is delayed notification of a search warrant would cause a suspect to flee, a search can be conducted before notification of a search warrant is given. In a related matter, the U.S. and numerous other nations have signed the Council of Europe's Cybercrime Convention. In the U.S., participation in the Convention has to be ratified by the Senate. In essence, the Convention requires the signatory nations to spy on their own residents, even if the action being monitored is illegal in the country in which the monitoring is taking place.

30. Which Act required U.S. government agencies to do the following ?
- Manage information resources to protect privacy and security
- Designate a senior official, reporting directly to the Secretary of the Treasury, to ensure that the responsibilities assigned by the Act are accomplished
- Identify and afford security protections in conformance with the Computer Security Act of 1987 commensurate with the magnitude of harm and risk that might result from the misuse, loss, or unauthorized access relative to information collected by an agency or maintained on behalf of an agency
- Implement and enforce applicable policies, procedures, standards, and guidelines on privacy, confidentiality, security, disclosures, and sharing of information collected or maintained by or for the agency

  1. 1994 U.S. Computer Abuse Amendments Act
  2. 1996, Title I, Economic Espionage Act
  3. 1987 U.S. Computer Security Act
  4. Paperwork Reduction Act of 1980, 1995

Answer: D

Suggested Read Articles:
Contents/Index
  1. Chapter 1 (30 Questions)
  2. Chapter 2 (30 Questions)
  3. Chapter 3 (46 Questions)
  4. Chapter 4 (35 Questions)
  5. Chapter 5 (34 Questions)
  6. Chapter 6 (30 Questions)
  7. Chapter 7 (30 Questions)
  8. Chapter 8 (32 Questions)
  9. Chapter 9 (30 Questions)
  10. Chapter 10 (30 Questions)
  11. Chapter 11 (30 Questions)
  12. Chapter 12 (30 Questions)
  13. Chapter 13 (30 Questions)
  14. Chapter 14 (30 Questions)
Advertisement Area