(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. Mike ChappleЧитать онлайн книгу.
take to notify employees of system monitoring?
Review Questions
1 Brianna is working with a U.S. software firm that uses encryption in its products and plans to export their product outside of the United States. What federal government agency has the authority to regulate the export of encryption software?NSANISTBISFTC
2 Wendy recently accepted a position as a senior cybersecurity administrator at a U.S. government agency and is concerned about the legal requirements affecting her new position. Which law governs information security operations at federal agencies?FISMAFERPACFAAECPA
3 What type of law does not require an act of Congress to implement at the federal level but rather is enacted by the executive branch in the form of regulations, policies, and procedures?Criminal lawCommon lawCivil lawAdministrative law
4 What U.S. state was the first to pass a comprehensive privacy law modeled after the requirements of the European Union's General Data Protection Regulation?CaliforniaNew YorkVermontTexas
5 Congress passed CALEA in 1994, requiring that what type of organizations cooperate with law enforcement investigations?Financial institutionsCommunications carriersHealthcare organizationsWebsites
6 What law protects the right of citizens to privacy by placing restrictions on the authority granted to government agencies to search private residences and facilities?Privacy ActFourth AmendmentSecond AmendmentGramm–Leach–Bliley Act
7 Matthew recently authored an innovative algorithm for solving a mathematical problem, and he wants to share it with the world. However, prior to publishing the software code in a technical journal, he wants to obtain some sort of intellectual property (IP) protection. Which type of protection is best suited to his needs?CopyrightTrademarkPatentTrade secret
8 Mary is the cofounder of Acme Widgets, a manufacturing firm. Together with her partner, Joe, she has developed a special oil that will dramatically improve the widget manufacturing process. To keep the formula secret, Mary and Joe plan to make large quantities of the oil by themselves in the plant after the other workers have left. They want to protect this formula for as long as possible. What type of intellectual property (IP) protection best suits their needs?CopyrightTrademarkPatentTrade secret
9 Richard recently developed a great name for a new product that he plans to begin using immediately. He spoke with his attorney and filed the appropriate application to protect his product name but has not yet received a response from the government regarding his application. He wants to begin using the name immediately. What symbol should he use next to the name to indicate its protected status?©®™†
10 Tom is an adviser to a federal government agency that collects personal information from constituents. He would like to facilitate a research relationship between that firm that involves the sharing of personal information with several universities. What law prevents government agencies from disclosing personal information that an individual supplies to the government under protected circumstances? Privacy ActElectronic Communications Privacy ActHealth Insurance Portability and Accountability ActGramm–Leach–Bliley Act
11 Renee's organization is establishing a partnership with a firm located in France that will involve the exchange of personal information. Her partners in France want to ensure that the transfer will be compliant with the GDPR. What mechanism would be most appropriate?Binding corporate rulesPrivacy ShieldPrivacy LockStandard contractual clauses
12 The Children's Online Privacy Protection Act (COPPA) was designed to protect the privacy of children using the internet. What is the minimum age a child must be before companies can collect personal identifying information from them without parental consent?13141516
13 Kevin is assessing his organization's obligations under state data breach notification laws. Which one of the following pieces of information would generally not be covered by a data breach notification law when it appears in conjunction with a person's name?Social Security numberDriver's license numberCredit card numberStudent identification number
14 Roger is the CISO at a healthcare organization covered under HIPAA. He would like to enter into a partnership with a vendor who will manage some of the organization's data. As part of the relationship, the vendor will have access to protected health information (PHI). Under what circumstances is this arrangement permissible under HIPAA?This is permissible if the service provider is certified by the Department of Health and Human Services.This is permissible if the service provider enters into a business associate agreement.This is permissible if the service provider is within the same state as Roger's organization.This is not permissible under any circumstances.
15 Frances learned that a user in her organization recently signed up for a cloud service without the knowledge of her supervisor and is storing corporate information in that service. Which one of the following statements is correct?If the user did not sign a written contract, the organization has no obligation to the service provider.The user most likely agreed to a click-through license agreement binding the organization.The user's actions likely violate federal law.The user's actions likely violate state law.
16 Greg recently accepted a position as the cybersecurity compliance officer with a privately held bank. What law most directly impacts the manner in which his organization handles personal information?HIPAAGLBASOXFISMA
17 Ruth recently obtained a utility patent covering a new invention that she created. How long will she retain legal protection for her invention?14 years from the application date14 years from the date the patent is granted20 years from the application date20 years from the date the patent is granted
18 Ryan is reviewing the terms of a proposed vendor agreement between the financial institution where he works and a cloud service provider. Which one of the following items should represents the least concern to Ryan?What security audits does the vendor perform?What provisions are in place to protect the confidentiality, integrity, and availability of data?Is the vendor compliant with HIPAA?What encryption algorithms and key lengths are used?
19 Justin is a cybersecurity consultant working with a retailer on the design of their new point-of-sale (POS) system. What compliance obligation relates to the processing of credit card information that might take place through this system?SOXHIPAAPCI DSSFERPA
20 Leonard and Sheldon recently coauthored a paper describing a new superfluid vacuum theory. How long will the copyright on their paper last?70 years after publication70 years after completion of the first draft70 years after the death of the first author70 years after the death of the last author
Конец ознакомительного фрагмента.
Текст предоставлен ООО «ЛитРес».
Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.
Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.