Appendix: Answers to Review Questions ◾ 427
© 2011 by Taylor & Francis Group, LLC
c. Pandemics, theft, industrial action
d. Pandemics, call forwarding, theft
e correct answer is c. People-based threats include pandemics, theft, and
industrial action.
11. Risk acceptance is usually most appropriate when
a. Impact is high and probability is low.
b. Probability is high and impact is low.
c. Impact is high and probability is high.
d. Impact is low and probability is low.
e correct answer is d. Where the probability of a threat occurring is low
and the impact to the security of the information system is low, then gener-
ally, the cost to implement security features will outweigh the value of the
assets to be protected and the risk will be acceptable.
12. Heat maps reect the level of risk an activity poses and include all of the
below except
a. A suggested risk appetite boundary
b. Proposed risk countermeasures
c. Risk zones
d. Color coding
e correct answer is b. Countermeasures are not included in the heat map.
13. A System Information Form contains all of the following information except
a. Recovery priority
b. Maximum outage time
c. Dependencies on other systems
d. Recovery point objective
e correct answer is d. e recovery point objective is not included in the
System Information Form.
14. e Notication Activation Phase of the BCP/DRP includes
a. A sequence of recovery goals
b. Activities to notify recovery personnel
c. e basis for declaring an emergency
d. e assessment of system damage
e correct answer is a. e sequence of recovery goals is included in the
Recovery Phase.
428 ◾ Appendix: Answers to Review Questions
© 2011 by Taylor & Francis Group, LLC
15. Documenting recovery procedures is for
a. Implementing recovery strategy
b. Highlighting points requiring coordination between teams
c. Outsourcing disaster recovery system development
d. Providing instructions for the least knowledgeable recovery personnel
e correct answer is c. Outsourcing the preparation of procedure documen-
tation to a professional services organization specializing in disaster recovery
system development is an option.
16. e primary purposes of testing are to
a. Satisfy audit requirements.
b. Check that sources of data are adequate.
c. Raise sta awareness of recovery plans.
d. Prove the ability to recover from disruption.
e correct answer is a. Answers b, c, and d are all purposes of testing.
17. Plan maintenance should be scheduled
a. After testing to account for hardware or personnel changes
b. In anticipation of audit activity
c. When changes are made to protected systems
d. When changes are made to supported business processes
e correct answer is b. If a, c, and d are accomplished there is no need to
prepare for auditors.
18. Communications is a critical activity during the response and recovery phases
of an incident. e communications plan must provide
a. Alternative types of communications media
b. A list of contacts reachable through a communications tree
c. Alternative communications service providers
d. Immediate access to mobile devices for key communicators
e correct answer is c. Answers a, b, and d are specically listed as require-
ments to be included in the Communications Plan.
19. An Emergency Operations Center must be provided to centrally manage the
incident. It should include
a. A provision for secure and condential discussions
b. Oce space for recovery team leaders
c. Access to all BC and DR plans
d. Forms of refreshment for EOC personnel
Appendix: Answers to Review Questions ◾ 429
© 2011 by Taylor & Francis Group, LLC
e correct answer is b. Recovery teams would be located at the recovery site,
not the EOC.
20. orough training in plan activities helps ensure
a. All team members understand their responsibilities.
b. All team members understand the roles of others.
c. Team cooperation.
d. Plans are current.
e correct answer is d. orough team training helps ensure that all mem-
bers understand their responsibilities, the roles of others, and team coopera-
tion when it is needed most.
Chapter 5: Law Investigation, Forensics, and Ethics
1. Under the Electronic Communications Privacy Act, the expression “elec-
tronic communications” does NOT incorporate which of the following?
I. Tone-only paging devices
II. Electronic funds transfer information
III. Tracking devices
IV. Wire or oral communications
a. I, II, III, and IV
b. I
c. I and II
d. I and III
e correct answer is a. e U.S. Wiretap Act denes “electronic commu-
nication” as any transfer of signs, signals, writing, images, sounds, data, or
intelligence of any nature transmitted in whole or in part by a wire, radio,
electromagnetic, photo-electronic, or photo-optical system that aects inter-
state or foreign commerce, but does not include the following:
A. Any wire or oral communication (dened as aural communications in the
statute);
B. Any communication made through a tone-only paging device;
C. Any communication from a tracking device (as dened); or
D. Electronic funds transfer information stored by a nancial institution in
a communications system used for the electronic storage and transfer of
funds. 18 U.S.C. §2510 (12).
None of the other answers is correct. As listed above, the act specically
excludes all of the above. As such, any of the other selections would be only
partially correct.
430 ◾ Appendix: Answers to Review Questions
© 2011 by Taylor & Francis Group, LLC
2. e Digital Millennium Copyright Act (DMCA) has specic provisions
designed to legislate against and thus aid in preventing what type of action?
a. Circumvention of technologies used to protect copyrighted work
b. Creation of malicious code
c. Digital manipulation or alteration of copyrighted computer code
d. Digital reproduction of copyrighted documents and artwork
e correct answer is a. e Digital Millennium Copyright Act imposes lia-
bility on those who circumvent technological measures that are designed to
control access to copyright-protected works.
Answer b, the creation of malicious code, is not covered in the DMCA.
Malicious code would be covered under the Computer Misuse Act. Although
copyright provisions cover the situations mentioned in answers c and d, the
specic provisions detailed within the Digital Millennium Copyright Act
cover the circumvention of protective technologies and not the manipulation
or reproduction of copyrighted works.
3. What questions are asked when deciding the outcome of a U.S. federal trade-
mark dilution case?
a. When was the mark created?
b. How distinctive is the mark?
c. Who owns the mark?
d. How unique and recognized is the mark?
e correct answers are c and d. Under the Trademark Act of 1946 (“Lanham
Act”), as amended, the three questions used to determine the “fame” of a
mark in federal trademark cases include asking who owns the mark, how
unique a mark is, and how recognized a mark is. Answer a is not correct as
the date that a mark was created is not relevant when deciding on a trademark
dilution case. Trademarks do not expire as long as they are maintained. As a
result, the date that they were initially registered is irrelevant. Answer b is not
correct. Although a distinctive mark may aid in recognition, there are many
marks that are easily recognized and not signicantly dierent from other
registered trademarks.
4. To sue for copyright infringement in the United States, what is the rst step
that a copyright holder must take?
a. No action is necessary, as copyright attaches as a right of the author as
soon as the work is created.
b. Register a copyright application with the Copyright Oce of the Library
of Congress.
c. Formally publish the work.
d. Put the alleged infringer on notice that you intend to bring an action.
Appendix: Answers to Review Questions ◾ 431
© 2011 by Taylor & Francis Group, LLC
e correct answer is b. Although copyright is attached to all works as soon as
it is created, it needs to rst be registered before a party can sue for copyright
infringement. Registration is with the Library of Congress, and the U.S. fed-
eral courts have exclusive jurisdiction over copyright infringement cases.
Answers a, c, and d are incorrect. Although copyright attaches to all works
when they are created, in order to take action within the courts the copyright
needs to be registered. In the United States, copyright registration needs to be
led at the Copyright Oce of the Library of Congress.
5. e judge in a civil court case can issue an order allowing for a civil search of
another party’s goods and to seize specic evidence. is order is known as a(n)
a. Subpoena
b. Doctrine of Exigent Circumstances
c. Anton Piller Order
d. Search warrant
e correct answer is c. Anton Piller Order. A subpoena requires the party
served to deliver the items listed in the order to the court. e doctrine of exi-
gent circumstances presents exclusion to the search and seizure rules for law
enforcement when they are involved in an emergency or otherwise dangerous
situation. Search warrants are only issued in criminal cases. An Anton Piller
Order is a civil order that is used in many countries to allow the court to
obtain information that may otherwise be lost in a civil case.
6. Your company has a policy prohibiting pornography on company equipment,
and an employee has become aware of a network user who has an image of
a nude child on his computer. When you investigate the matter, you nd
that the person has several photos of children on a nude beach, but none of
them involves sex or focuses on the child’s genitalia. Which of the following
is true?
a. It is child pornography, and the computer user can be charged with pos-
session of child pornography.
b. It is child pornography, and the computer user can be charged or
disciplined.
c. It is not child pornography, and the computer user can be disciplined.
d. It is not child pornography, and the computer user cannot be charged or
disciplined.
e correct answer is c. It is not child pornography, and the computer user
can be disciplined. e images do depict naked minors, but none of the
images focus on the child’s genitalia. In the 1996 case United States v. Dost,
a federal judge suggested a six-step method of evaluating images to deter-
mine whether the nude image of a child could be considered legal or illegal.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.