Review Questions

1. 

Which of the following groups are associated with the largest total amount of computer crimes?

1. Partners.

2. Hackers.

3. Employees.

4. Crackers.

5. Terrorists.

2. 

In order for computer crime related evidence to be admissible in court, it must be what?

1. Virus scanned.

2. Encrypted.

3. Neat and orderly.

4. Relevant.

5. None of the above.

3. 

What is the first thing you should do if an intrusion has been detected within your organization?

1. Ensure that a proper chain of evidence custody is in place.

2. Determine the extent of damage to compromised data, systems, and networks.

3. Isolate the intruded data, system, or network.

4. Call the security guard and have all exits locked.

5. None of the above.

4. 

Following the proper custody chain of evidence helps to ensure what?

1. That other data, systems, and networks will not be compromised.

2. Admissible evidence and successful prosecution.

3. Integrity, accessibility, and confidentiality.

4. That you will not be prosecuted for being negligent.

5. None of the above.

5. 

Which of the following involves manipulating information before or when it is entered into a system?

1. Data diddling.

2. Data transversal.

3. Data doodling.

4. Undo care.

5. None of the above.

6. 

A software company has developed new code that will change the world. It is essential that the software's company competitor does not gain access to or use this code. What is the new code considered?

1. Patented code.

2. Copyrighted data .

3. A trade secret.

4. Really neat HTML.

5. None of the above.

7. 

Which computer crime category represents an individual whose primary goal is to access secured data and information just for the thrill of it?

1. Terrorist attacks.

2. Grudge attacks.

3. Business attacks.

4. Fun attacks.

5. None of the above.

8. 

Which computer-related attack crime usually goes unnoticed based on the fact that it focuses on financial gains in tiny increments?

1. Salami attack.

2. Grudge attack.

3. Business attack.

4. Fun attack.

5. None of the above.

9. 

What does RFC 1087 pertain to?

1. RFC 1087 classifies all computer crimes.

2. Better defines first computer law of 1984.

3. Ethics and proper use of the Internet.

4. Refunds For Customers who have been mislead.

5. None of the above.

10. 

Which act is concerned with the protection of information systems by deterring and obstructing terrorism?

1. Electronic Communications Privacy Act.

2. U.S. Patriot Act.

3. U.S. Homeland Act.

4. Gramm-Leach-Bliley.

5. None of the above.

11. 

Computer crimes are classified into two main categories. What are they?

1. Criminal and civil computer crimes.

2. Crimes that are carried out against a computer and crimes committed using a computer.

3. Civil and administrative computer crimes.

4. Espionage and theft computer crimes.

5. None of the above.

12. 

Which of the following is considered the intentional misrepresentation of the truth in order to gain a business edge, financial profit, or something considered valuable?

1. Embezzlement.

2. Piracy.

3. Fraud.

4. Espionage.

5. All of above.

13. 

What does MOM stand for?

1. Motivation, Opportunity, Money.

2. Malicious, Open, Motivate.

3. Motive, Opportunity, Means.

4. More, Others, Money.

5. None of the above.

14. 

This type of law has to do with wrongful doings between individuals or between businesses and individuals. Typically, it results in some sort of loss or damage. What type of law is it?

1. Administrative law.

2. Gubernatorial law.

3. Legislative law.

4. Criminal law.

5. Civil law.

6. None of the above.

15. 

A disgruntled computer savvy employee (or former employee) with a score to settle is most likely to use this as a way to get revenge?

1. Civil law.

2. Data diddling.

3. Logic bomb.

4. Chain of evidence custody.

5. MOM.

6. None of the above.

16. 

What do most businesses use to provide surveillance of entryways and exits?

1. Biometric devices.

2. CCTV.

3. Guard dogs.

4. Tokens.

5. Smart cards.

6. None of the above.

17. 

This law was enacted for the further protection of nonpublic personal information. Its main focus is to ensure that financial institutions have an obligation to protect the privacy of their customers by implementing and supporting technical, administrative, and physical safeguards. What is this law?

1. Electronic Communications Privacy Act.

2. U.S. Patriot Act.

3. U.S. Homeland Act.

4. Gramm-Leach-Bliley Law.

5. None of the above.

1. 

Correct answer = C

It's true; company employees represent the largest group or source of computer-related crime losses. Although business partners, hackers, and crackers often commit computer-related crimes, they do not represent the largest group.

2. 

Correct answer = D

In order for computer crime evidence to be admissible in court, it must relevant to the specific crime that was committed. All other choices are invalid.

3. 

Correct answer = B

In order to properly scope and handle an intrusion, the first step is always to assess the possible damage to what has been actually compromised. Answer A looks tempting. It might be on the real exam also; unfortunately, it is not the first step. All other answers are invalid.

4. 

Correct answer = B

Following the proper custody chain of evidence helps to ensure that computer crime evidence will be admissible in court and lead to successful prosecution of guilty parties. All other answers are invalid.

5. 

Correct answer = A

Data diddling is a computer crime that involves the changing or manipulation of data before or as the data is entered into a computing system. Typically, the data is changed back to original form after the crime has been committed. All other choices are invalid.

6. 

Correct answer = C

A trade secret is proprietary company information. That secrecy is essential to the health and profitability of a company. A patent is a privilege or right of use that is specifically assigned by government to the creator. A copyright is the right to create and sell that is exclusive to the creator or owner of the copyright. Really neat HTML is nice, but it is not the answer here.

7. 

Correct answer = D

The goal of the fun attacker is of a boastful nature. 'What can I get at?, 'How far can I get?' and 'Who can I tell how special I am for getting there?' are usually the interests of this individual or group. Terrorists utilize information systems and technology as tools to support their financial and other illegal and immoral activities. Grudge attacks are meant to cause damage to people and systems that the attacker doesn't like. Attacks on businesses and business systems are meant to reduce profits and undermine a company's reputation.

8. 

Correct answer = A

A salami attack is a computer-related attack with intention of making a financial gain using very small increments of information and money that usually go unnoticed. Grudge attacks are meant to cause damage to people and systems that the attacker doesn't like. Attacks on businesses and business systems are meant to reduce profits and undermine a company's reputation. The goal of the fun attacker is of a boastful nature. 'What can I get at?,' 'How far can I get?,' and 'Who can I tell how special I am for getting there?' are usually the interests of this individual or group.

9. 

Correct answer = C

RFC (Request For Comments) 1087 pertains to ethics and proper use of the Internet. The 1986 Computer Fraud and Abuse Act better defines the first computer security law created in 1984. All other choices are invalid.

10. 

Correct answer = B

The U.S. Patriot Act addresses many of the growing concerns regarding the protection of information systems by deterring and obstructing terrorism is the U.S. The Electronic Communications Privacy Act prohibits eavesdropping by way of wire or oral communications without explicit permission. The Gramm-Leach-Bliley law ensures that financial institutions have an obligation to protect the privacy of their customers by implementing and supporting technical, administrative, and physical safeguards.

11. 

Correct answer = B

Computer crimes are separated into in two categories. Crimes that are carried out against a computer and crimes committed using a computer. All other choices are invalid.

12. 

Correct answer = C

Fraud is the intentional misrepresentation of the truth in order to gain a business edge, financial profit, or something considered valuable. Fraud can be also defined as trickery, deception, and lying in order to position oneself for illegal gain. Embezzlement is the illegal use of or stealing property that belongs to someone else that has been entrusted to your care. Software piracy is the illegal duplication, use, and distribution of software. Espionage is considered the act of spying on someone or something with the intent of gaining secret, personal, or classified information.

13. 

Correct answer = C

Information security specialists and several security examinations (including the Security+ exam) use the acronym, MOM, to describe the 'why, when, and how' of computer crime crimes. MOM stands for Motive, Opportunity, Means. All other choices are invalid.

14. 

Correct answer = E

Civil law has to do with wrongful doings between individuals or between businesses and individuals. Typically, it results in some sort of loss or damage. Administrative law pertains to and regulates government agencies, organizations and offices. Criminal law protects society from individuals or groups that violate laws enacted by the government. All other choices are invalid.

15. 

Correct answer = C

Grudge attacks are usually launched from remote locations using existing VPN connections or in the form of a particular type of malicious code such as a logic bomb. Civil law has to do with wrongful doings between individuals or between businesses and individuals. This would be the constructive approach to handling existing differences between employee and employer. Data diddling is a computer crime that involves the changing or manipulation of data before or as the data is entered into a computing system. The chain of evidence custody is a documented report that identifies who has custody of evidence from beginning to end. Information security specialists and several security examinations (including the Security+ exam) use the acronym, MOM, to describe the 'why, when, and how' of computer crime crimes.

16. 

Correct answer = B

Most businesses monitor entryways, exits, and access to secured locations through the use of Closed-Circuit Television (CCTV). Biometric devices, tokens, and smart cards are primarily used as authentication mechanisms. Guard dogs are used as physical deterrents or physical barriers.

17. 

Correct answer = D

The Gramm-Leach-Bliley law ensures that financial institutions have an obligation to protect the privacy of their customers by implementing and supporting technical, administrative, and physical safeguards. The Electronic Communications Privacy Act prohibits eavesdropping by way of wire or oral communications without explicit permission. The U.S. Patriot Act addresses many of the growing concerns regarding the protection of information systems by deterring and obstructing terrorism is the U.S. Choice C and E are invalid selections.