- Which federal government agency has responsibility for ensuring the security of government computer systems that are not used to process sensitive and/or classified information?
(a) National Security Agency
(b) Federal Bureau of Investigation
(c) National Institute of Standards and Technology
(d) Secret Service
Answer:
(c)
Explanation:
NIST is charged with the security management of all federal computer systems not used to process sensitive national security information. The NSA (part of the DoD) is responsible for managing systems that process classified and/or sensitive info.
- Which law protects the rights of citizens to privacy by placing restrictions on the authority granted to government agencies to search private residences & facilities?
(a) Privacy Act
(b) Fourth Amendment
(c) Second Amendment
(d) Gramm-Leach-Bliley Act
Answer:
(b)
Explanation:
The Fourth Amendment of the US Constitution sets the “probable cause” standard that law enforcement officers must follow when conducting searches and/or seizures of private property. It also states that officers must obtain a warrant beforehand.
- What is the broadest category of computer systems protected by the Computer Fraud & Abuse Act, as amended?
(a) Government-owned systems
(b) Federal interest systems
(c) Systems used in interstate commerce
(d) Systems located in the United States?
Answer:
(c)
Explanation:
The original CFAA covered only systems used by the government & financial institutions. It was broadened in 1986 to include all federal interest systems. The Computer Abuse Amendments Act of 1994 further amended the CFAA to cover all systems used in interstate commerce, including a large portion (but not all) of the computer systems in the US.
- Matthew recently authored an innovative algorithm for solving a mathematical problem, and he wants to share it with the world. However, prior to publishing the software code in a technical journal, he wants to obtain some sort of intellectual property protection. Which type of protection is best suited to his needs?
(a) Copyright
(b) Trademark
(c) Patent
(d) Trade secret
Answer:
(a)
Explanation:
Copyright is the only type of protection available here. It covers only the specific software code used. It does not cover the process or ideas behind the software. Patent protection does not apply to mathematical algorithms. Matthew can’t seek trade secret protection because he plans to publish the algorithm in a public technical journal.
- What law prevents government agencies from disclosing personal information that an individual supplies to the government under protected circumstances?
(a) Privacy Act
(b) Electronic Communications Privacy Act
(c) Health Insurance Portability & Accountability Act
(d) Gramm-Leach-Bliley Act
Answer:
(a)
- Which one of the following types of licensing agreements does not require that the user acknowledge that they have read the agreement prior to executing it?
(a) Standard license agreement
(b) Shrink-wrap agreement
(c) Click-wrap agreement
(d) Verbal agreement
Answer:
(b)
Explanation:
Shrink-wrap license agreements become effective when the user opens a software package. Click-wrap agreements require the user to click a button during the installation process to accept the terms of the licence agreement. Standard licence agreements require the user to sign a written agreement prior to using the software. Verbal agreements are not normally used for software licensing, but require some active degree of participation by the software user.
- What is the standard duration of patent protection in the US?
(a) 14 years from the application date
(b) 14 years from the date the patent is granted
(c) 20 years from the application date
(d) 20 years from the date the patent is granted
Answer:
(c)
- Which one of the following is not a requirement that ISPs must satisfy in order to gain protection under the “transitory activities” clause of the DMCA?
(a) The ISP and originator of the message must be located in different countries
(b) The transmission, routing, provision of connections or copying must be carried out by an automated technical process without selection of material by the service provider
(c) Any intermediate copies must not ordinarily be accessible to anyone other than anticipated recipients and must not be retained for longer than reasonably necessary
(d) The transmission must be originated by a person other than the provider
Answer:
(a)
Explanation:
The DMCA does not include any geographical location requirements for protection under the “transitory activities” exemption. The other options are three of the five mandatory requirments. The other two requirements are that the ISP must not determine the recipients of the material, and the material must be transmitted with no modification to its content.
- Which of the following is NOT a benefit of using an FHRP (First Hop Redundancy Protocol) in your network routing infrastructure?
(a) Hosts always have at least two gateway IP addresses that provide fault tolerance
(b) Routers share a virtual IP address, allowing either one to use the address
(c) A standby router provides failover support to the active router
(d) An active router can be manually preempted for hardware maintenance tasks
Answer
(a)
Explanation:
FHRP is a way to help create highly-available networks, by taking two or more routers and creating a virtual router. That virtual router will have an IP address, and one of the nodes (the “active” nodes) will respond to requests on this address. The benefit is that, should the active node fail, another router can seamlessly take over. This provides the benefits listed in (b), (c) & (d) above. Hosts only have a single default gateway, pointing to the virtual router IP, so (a) is incorrect.
- A system in your enterprise does not support individual user passwords but multiple administrators require access to the system at least once each month. Which of the following is the BEST solution to provide user accountability?
(a) Isolate the legacy system to its own VLAN
(b) Change the password weekly and manually share it with authorised users
(c) Utilise an enterprise password manager with password sharing features
(d) Remove the system from the network until a replacement can be identified
(e) Assign one admin to perform all tasks on the system
Answer:
(c)
Explanation:
An enterprise password manager with password sharing features, such as CyberArk, can effectively allow you to “check out” a password; CyberArk will give you the password to log into the system, and when you are done, CyberArk will automatically change the password. This provides accountability while using a shared account.
- Comment
- Reblog
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
My CISSP Notes 