Examen

Examen:

CISSP - (ISC)2 Certified Information Systems Security Professional - Chapter 19

Devin is revising the policies and procedures used by his organization to conduct investigations and would like to include a definition of computer crime.

1.-Which one of the following definitions would best meet his needs?
A. Any attack specifically listed in your security policy
B. Any illegal attack that compromises a protected computer
C. Any violation of a law or regulation that involves a computer
D. Failure to practice due diligence in computer security

2.-What is the main purpose of a military and intelligence attack?
A. To attack the availability of military systems
B. To obtain secret and restricted information from military or law enforcement sources
C. To utilize military or intelligence agency systems to attack other, nonmilitary sites
D. To compromise military systems for use in attacks against other systems

3.-Which of the following is not a canon of the (ISC)2 Code of Ethics?
A. Protect your colleagues.
B. Provide diligent and competent service to principals.
C. Advance and protect the profession.
D. Protect society.

(Choose all that apply.)
4.-Which of the following are examples of financially motivated attacks?
A. Accessing services that you have not purchased
B. Disclosing confidential personal employee information
C. Transferring funds from an unapproved source into your account
D. Selling a botnet for use in a DDoS attack

5.-Which one of the following attacker actions is most indicative of a terrorist attack?
A. Altering sensitive trade secret documents
B. Damaging the ability to communicate and respond to a physical attack
C. Stealing unclassified information
D. Transferring funds to other countries

6.-Which of the following would not be a primary goal of a grudge attack?
A. Disclosing embarrassing personal information
B. Launching a virus on an organizations system
C. Sending inappropriate email with a spoofed origination address of the victim organization
D. Using automated tools to scan the organizations systems for vulnerable ports

(Choose all that apply.)
7.-What are the primary reasons attackers engage in thrill attacks?
A. Bragging rights
B. Money from the sale of stolen documents
C. Pride of conquering a secure system
D. Retaliation against a person or organization

8.-What is the most important rule to follow when collecting evidence?
A. Do not turn off a computer until you photograph the screen.
B. List all people present while collecting evidence.
C. Avoid the modification of evidence during the collection process.
D. Transfer all equipment to a secure storage location.

9.-What would be a valid argument for not immediately removing power from a machine when an incident is discovered?
A. All of the damage has been done. Turning the machine off would not stop additional damage.
B. There is no other system that can replace this one if it is turned off.
C. Too many users are logged in and using the system.
D. Valuable evidence in memory will be lost.

10.-What type of evidence refers to written documents that are brought into court to prove a fact?
A. Best evidence
B. Parol evidence
C. Documentary evidence
D. Testimonial evidence

11.-Which one of the following investigation types has the highest standard of evidence?
A. Administrative
B. Civil
C. Criminal
D. Regulatory

12.-During an operational investigation, what type of analysis might an organization undertake to prevent similar incidents in the future?
A. Forensic analysis
B. Root cause analysis
C. Network traffic analysis
D. Fagan analysis

13.-What step of the Electronic Discovery Reference Model ensures that information that may be subject to discovery is not altered?
A. Preservation
B. Production
C. Processing
D. Presentation

Gary is a system administrator and is testifying in court about a cybercrime incident. He brings server logs to support his testimony.

14.-What type of evidence are the server logs?
A. Real evidence
B. Documentary evidence
C. Parol evidence
D. Testimonial evidence

You are a law enforcement officer and you need to confiscate a PC from a suspected attacker who does not work for your organization. You are concerned that if you approach the individual, they may destroy evidence.

15.-What legal avenue is most appropriate?
A. Consent agreement signed by employees
B. Search warrant
C. No legal avenue necessary
D. Voluntary consent

Gavin is considering altering his organizations log retention policy to delete logs at the end of each day.

16.-What is the most important reason that he should avoid this approach?
A. An incident may not be discovered for several days and valuable evidence could be lost.
B. Disk space is cheap, and log files are used frequently.
C. Log files are protected and cannot be altered.
D. Any information in a log file is useless after it is several hours old.

17.-What phase of the Electronic Discovery Reference Model examines information to remove information subject to attorney- client privilege?
A. Identification
B. Collection
C. Processing
D. Review

18.-What are ethics?
A. Mandatory actions required to fulfill job requirements
B. Laws of professional conduct
C. Regulations set forth by a professional organization
D. Rules of personal behavior

19.-According to the (ISC)2 Code of Ethics, how are CISSPs expected to act?
A. Honestly, diligently, responsibly, and legally
B. Honorably, honestly, justly, responsibly, and legally
C. Upholding the security policy and protecting the organization
D. Trustworthy, loyally, friendly, courteously

20.-Which of the following actions are considered unacceptable and unethical according to RFC 1087, Ethics and the Internet?
A. Actions that compromise the privacy of classified information
B. Actions that compromise the privacy of users
C. Actions that disrupt organizational activities
D. Actions in which a computer is used in a manner inconsistent with a stated security policy