CISSP Prep- Legal And Investigations

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Cindymurray
C
Cindymurray
Community Contributor
Quizzes Created: 8 | Total Attempts: 15,173
| Attempts: 178
Quiz Flashcard
SettingsSettings
Please wait...
  • 1/15 Questions

    What are the rights and obligations of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information related to?

    • Privacy
    • Secrecy
    • Availability
    • Reliability
Please wait...
About This Quiz

This CISSP Prep quiz focuses on Legal and Investigations, exploring insider cybercrime risks, international computer crime challenges, computer forensics, evidence rules, and incident response phases. It's designed to enhance understanding of legal aspects in cybersecurity.

CISSP Quizzes & Trivia

Quiz Preview

  • 2. 

    Integrity of a forensic bit stream image is often determined by

    • Comparing hash totals to the original source

    • Keeping good notes

    • Taking pictures

    • Can never be proven

    Correct Answer
    A. Comparing hash totals to the original source
    Explanation
    Ensuring the authenticity and integrity of evidence is critical.
    If the courts feel the evidence or its copies are not accurate or lack integrity, it is
    doubtful that the evidence or any information derived from the evidence will be
    admissible. Th e current protocol for demonstrating authenticity and integrity relies
    on hash functions that create unique numerical signatures that are sensitive to any

    Rate this question:

  • 3. 

    Where does the greatest risk of cybercrime come from?

    • Outsiders

    • Nation-states

    • Insiders

    • Script kiddies

    Correct Answer
    A. Insiders
    Explanation
    A word of caution is necessary: although the media has tended
    to portray the threat of cybercrime as existing almost exclusively from the outside,
    external to a company, reality paints a much diff erent picture. Th e greatest risk of
    cybercrime comes from the inside, namely, criminal insiders. Page 520.

    Rate this question:

  • 4. 

    What is not mentioned as a phase of an incident response?

    • Documentation

    • Prosecution

    • Containment

    • Investigation

    Correct Answer
    A. Prosecution
    Explanation
    Th e incident response and handling phase can be broken down
    further into triage, investigation, containment, and analysis and tracking. Page 523.

    Rate this question:

  • 5. 

    Which of the following is not one of the fi ve rules of evidence?

    • Be authentic

    • Be redundant

    • Be complete

    • Be admissible

    Correct Answer
    A. Be redundant
    Explanation
    At a more generic level, evidence should have some probative
    value, be relevant to the case at hand, and meet the following criteria (often called
    the fi ve rules of evidence): be authentic, be accurate, be complete, be convincing,
    and be admissible. Page 531.

    Rate this question:

  • 6. 

    Computer forensics is really the marriage of computer science, information technology, and engineering with

    • Law

    • Information systems

    • Analytical thought

    • Th e scientifi c method

    Correct Answer
    A. Law
    Explanation
    As a forensic discipline, this area deals with evidence and the
    legal system and is really the marriage of computer science, information technology,
    and engineering with law. Page 529.

    Rate this question:

  • 7. 

    Triage encompasses which of the following incident response subphases?

    • Collection, transport, testimony

    • Traceback, feedback, loopback

    • Detection, identification, notifi cation

    • Confi dentiality, integrity, availability

    Correct Answer
    A. Detection, identification, notifi cation
    Explanation
    Triage is a process in incident response that involves quickly assessing and prioritizing the incidents. The correct answer, "Detection, identification, notification," accurately represents the subphases of triage. Detection refers to identifying the presence of an incident, identification involves determining the nature and scope of the incident, and notification involves informing the appropriate individuals or teams about the incident. These subphases are crucial in effectively responding to and managing incidents.

    Rate this question:

  • 8. 

    What is the biggest hindrance to dealing with computer crime?

    • Computer criminals are generally smarter than computer investigators.

    • Adequate funding to stay ahead of the computer criminals.

    • Activity associated with computer crime is truly international.

    • Th ere are so many more computer criminals than investigators that it is impossible to keep up.

    Correct Answer
    A. Activity associated with computer crime is truly international.
    Explanation
    Th e biggest hindrance to eff ectively dealing with computer
    crime is the fact that this activity is truly international in scope, and thus requires
    an international solution, as opposed to a domestic one based on archaic concepts
    of borders and jurisdictions. Page 520.

    Rate this question:

  • 9. 

    What principal allows us to identify aspects of the person responsible for a crime when, whenever committing a crime, the perpetrator takes something with him and leaves something behind?

    • Meyer’s principal of legal impunity

    • Criminalistic principals

    • IOCE/Group of 8 Nations principals for computer forensics

    • Locard’s principal of exchange

    Correct Answer
    A. Locard’s principal of exchange
    Explanation
    Locard’s principle of exchange states that when a crime is committed,
    the perpetrators leave something behind and take something with them,
    hence the exchange. Th is principle allows us to identify aspects of the persons
    responsible, even with a purely digital crime scene. Page 530.

    Rate this question:

  • 10. 

    Which type of intellectual property covers the expression of ideas rather than the ideas themselves?

    • Trademark

    • Patent

    • Copyright

    • Trade secret

    Correct Answer
    A. Copyright
    Explanation
    A copyright covers the expression of ideas rather than the ideas
    themselves; it usually protects artistic property such as writing, recordings, databases,
    and computer programs. Page 512.

    Rate this question:

  • 11. 

    __________ emphasizes the abstract concepts of law and is infl uenced by the writings of legal scholars and academics.

    • Criminal law

    • Civil law

    • Religious law

    • Administrative law

    Correct Answer
    A. Civil law
    Explanation
    Civil law emphasizes the abstract concepts of law and is infl uenced
    by the writings of legal scholars and academics, more so than common law
    systems. Page 509

    Rate this question:

  • 12. 

    Which type of intellectual property protects the goodwill a merchant or vendor invests in its products?

    • Trademark

    • Patent

    • Copyright

    • Trade secret

    Correct Answer
    A. Trademark
    Explanation
    Trademark laws are designed to protect the goodwill a merchant
    or vendor invests in its products. Page 511.

    Rate this question:

  • 13. 

    Which of the following is not a computer forensics model?

    • IOCE

    • SWGDE

    • MOM

    • ACPO

    Correct Answer
    A. MOM
    Explanation
    Like incident response, there are various computer forensics
    guidelines (e.g., International Organization of Computer Evidence (IOCE),
    Scientifi c Working Group on Digital Evidence (SWGDE), Association of Chief
    Police Offi cers (ACPO)). Th ese guidelines formalize the computer forensic processes
    by breaking them into numerous phases or steps. MOM stands for means,
    opportunity, and motives. Page 529.

    Rate this question:

  • 14. 

    Which of the following is not a category of software licensing?

    • Freeware

    • Commercial

    • Academic

    • End-user licensing agreement

    Correct Answer
    A. End-user licensing agreement
    Explanation
    Th ere are four categories of software licensing: freeware, shareware,
    commercial, and academic. Within these categories, there are specifi c types
    of agreements. Master agreements and end-user licensing agreements (EULAs) are
    the most prevalent. Page 513.

    Rate this question:

  • 15. 

    When dealing with digital evidence, the crime scene

    • Must never be altered

    • Must be completely reproducible in a court of law

    • Must exist in only one country

    • Must have the least amount of contamination that is possible

    Correct Answer
    A. Must have the least amount of contamination that is possible
    Explanation
    Given the importance of the evidence that is available at a
    crime scene, the ability to deal with a scene in a manner that minimizes the amount
    of disruption, contamination, or destruction of evidence. Once a scene has been contaminated,
    there is no undo or redo button to push; the damage is done. Page 531.

    Rate this question:

Quiz Review Timeline (Updated): Mar 20, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 20, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Dec 21, 2012
    Quiz Created by
    Cindymurray
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.