CISSP Prep- Legal And Investigations

Reviewed by Editorial Team

The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.

Learn about Our Editorial Process

| By Cindymurray

Cindymurray

Community Contributor

Quizzes Created: 8 | Total Attempts: 15,150

| Attempts: 178

Quiz Flashcard

Questions

Feedback

During the Quiz End of Quiz

Difficulty

Easy First Hard First Sequential

Share on Facebook Share on Twitter Share on Whatsapp Share on Pinterest Share on Email Copy to Clipboard Embed on your website

1/15 Questions

What are the rights and obligations of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information related to?
- Privacy
- Secrecy
- Availability
- Reliability

About This Quiz

This CISSP Prep quiz focuses on Legal and Investigations, exploring insider cybercrime risks, international computer crime challenges, computer forensics, evidence rules, and incident response phases. It's designed to enhance understanding of legal aspects in cybersecurity.

2.

Integrity of a forensic bit stream image is often determined by
- Comparing hash totals to the original source
- Keeping good notes
- Taking pictures
- Can never be proven
Correct Answer

A. Comparing hash totals to the original source

Explanation

Ensuring the authenticity and integrity of evidence is critical.
If the courts feel the evidence or its copies are not accurate or lack integrity, it is
doubtful that the evidence or any information derived from the evidence will be
admissible. Th e current protocol for demonstrating authenticity and integrity relies
on hash functions that create unique numerical signatures that are sensitive to any

Rate this question:
3.

Where does the greatest risk of cybercrime come from?
- Outsiders
- Nation-states
- Insiders
- Script kiddies
Correct Answer

A. Insiders

Explanation

A word of caution is necessary: although the media has tended
to portray the threat of cybercrime as existing almost exclusively from the outside,
external to a company, reality paints a much diff erent picture. Th e greatest risk of
cybercrime comes from the inside, namely, criminal insiders. Page 520.

Rate this question:
4.

What is not mentioned as a phase of an incident response?
- Documentation
- Prosecution
- Containment
- Investigation
Correct Answer

A. Prosecution

Explanation

Th e incident response and handling phase can be broken down
further into triage, investigation, containment, and analysis and tracking. Page 523.

Rate this question:
5.

Which of the following is not one of the fi ve rules of evidence?
- Be authentic
- Be redundant
- Be complete
- Be admissible
Correct Answer

A. Be redundant

Explanation

At a more generic level, evidence should have some probative
value, be relevant to the case at hand, and meet the following criteria (often called
the fi ve rules of evidence): be authentic, be accurate, be complete, be convincing,
and be admissible. Page 531.

Rate this question:
6.

Computer forensics is really the marriage of computer science, information technology, and engineering with
- Law
- Information systems
- Analytical thought
- Th e scientifi c method
Correct Answer

A. Law

Explanation

As a forensic discipline, this area deals with evidence and the
legal system and is really the marriage of computer science, information technology,
and engineering with law. Page 529.

Rate this question:
7.

Triage encompasses which of the following incident response subphases?
- Collection, transport, testimony
- Traceback, feedback, loopback
- Detection, identification, notifi cation
- Confi dentiality, integrity, availability
Correct Answer

A. Detection, identification, notifi cation

Explanation

Triage is a process in incident response that involves quickly assessing and prioritizing the incidents. The correct answer, "Detection, identification, notification," accurately represents the subphases of triage. Detection refers to identifying the presence of an incident, identification involves determining the nature and scope of the incident, and notification involves informing the appropriate individuals or teams about the incident. These subphases are crucial in effectively responding to and managing incidents.

Rate this question:
8.

What is the biggest hindrance to dealing with computer crime?
- Computer criminals are generally smarter than computer investigators.
- Adequate funding to stay ahead of the computer criminals.
- Activity associated with computer crime is truly international.
- Th ere are so many more computer criminals than investigators that it is impossible to keep up.
Correct Answer

A. Activity associated with computer crime is truly international.

Explanation

Th e biggest hindrance to eff ectively dealing with computer
crime is the fact that this activity is truly international in scope, and thus requires
an international solution, as opposed to a domestic one based on archaic concepts
of borders and jurisdictions. Page 520.

Rate this question:
9.

What principal allows us to identify aspects of the person responsible for a crime when, whenever committing a crime, the perpetrator takes something with him and leaves something behind?
- Meyer’s principal of legal impunity
- Criminalistic principals
- IOCE/Group of 8 Nations principals for computer forensics
- Locard’s principal of exchange
Correct Answer

A. Locard’s principal of exchange

Explanation

Locard’s principle of exchange states that when a crime is committed,
the perpetrators leave something behind and take something with them,
hence the exchange. Th is principle allows us to identify aspects of the persons
responsible, even with a purely digital crime scene. Page 530.

Rate this question:
10.

Which type of intellectual property covers the expression of ideas rather than the ideas themselves?
- Trademark
- Patent
- Copyright
- Trade secret
Correct Answer

A. Copyright

Explanation

A copyright covers the expression of ideas rather than the ideas
themselves; it usually protects artistic property such as writing, recordings, databases,
and computer programs. Page 512.

Rate this question:
11.

__________ emphasizes the abstract concepts of law and is infl uenced by the writings of legal scholars and academics.
- Criminal law
- Civil law
- Religious law
- Administrative law
Correct Answer

A. Civil law

Explanation

Civil law emphasizes the abstract concepts of law and is infl uenced
by the writings of legal scholars and academics, more so than common law
systems. Page 509

Rate this question:
12.

Which type of intellectual property protects the goodwill a merchant or vendor invests in its products?
- Trademark
- Patent
- Copyright
- Trade secret
Correct Answer

A. Trademark

Explanation

Trademark laws are designed to protect the goodwill a merchant
or vendor invests in its products. Page 511.

Rate this question:
13.

Which of the following is not a computer forensics model?
- IOCE
- SWGDE
- MOM
- ACPO
Correct Answer

A. MOM

Explanation

Like incident response, there are various computer forensics
guidelines (e.g., International Organization of Computer Evidence (IOCE),
Scientifi c Working Group on Digital Evidence (SWGDE), Association of Chief
Police Offi cers (ACPO)). Th ese guidelines formalize the computer forensic processes
by breaking them into numerous phases or steps. MOM stands for means,
opportunity, and motives. Page 529.

Rate this question:
14.

Which of the following is not a category of software licensing?
- Freeware
- Commercial
- Academic
- End-user licensing agreement
Correct Answer

A. End-user licensing agreement

Explanation

Th ere are four categories of software licensing: freeware, shareware,
commercial, and academic. Within these categories, there are specifi c types
of agreements. Master agreements and end-user licensing agreements (EULAs) are
the most prevalent. Page 513.

Rate this question:
15.

When dealing with digital evidence, the crime scene
- Must never be altered
- Must be completely reproducible in a court of law
- Must exist in only one country
- Must have the least amount of contamination that is possible
Correct Answer

A. Must have the least amount of contamination that is possible

Explanation

Given the importance of the evidence that is available at a
crime scene, the ability to deal with a scene in a manner that minimizes the amount
of disruption, contamination, or destruction of evidence. Once a scene has been contaminated,
there is no undo or redo button to push; the damage is done. Page 531.

Rate this question:

Quiz Review Timeline (Updated): Mar 20, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 20, 2023

Quiz Edited by
ProProfs Editorial Team
Dec 21, 2012

Quiz Created by
Cindymurray

CISSP Prep- Legal And Investigations

What are the rights and obligations of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information related to?

Quiz Preview

Integrity of a forensic bit stream image is often determined by

Where does the greatest risk of cybercrime come from?

What is not mentioned as a phase of an incident response?

Which of the following is not one of the fi ve rules of evidence?

Computer forensics is really the marriage of computer science, information technology, and engineering with

Triage encompasses which of the following incident response subphases?

What is the biggest hindrance to dealing with computer crime?

What principal allows us to identify aspects of the person responsible for a crime when, whenever committing a crime, the perpetrator takes something with him and leaves something behind?

Which type of intellectual property covers the expression of ideas rather than the ideas themselves?

__________ emphasizes the abstract concepts of law and is infl uenced by the writings of legal scholars and academics.

Which type of intellectual property protects the goodwill a merchant or vendor invests in its products?

Which of the following is not a computer forensics model?

Which of the following is not a category of software licensing?

When dealing with digital evidence, the crime scene