1、CISSP 认证考试(法律、法规、调查与合规)-试卷 1 及答案解析(总分:62.00,做题时间:90 分钟)1.Cyberlaw categorizes computer-related crime into three categories. Which of the following is an example of a crime in which the use of a computer would be categorized as incidental?(分数:2.00)A.Carrying out a buffer overflow to take control of a
2、 systemB.The electronic distribution of child pornographyC.Attacking financial systems to steal fundsD.Capturing passwords as they are sent to the authentication server2.Which organization has been developed to deal with economic, social, and governance issues, and with how sensitive data is transpo
3、rted over borders?(分数:2.00)A.European UnionB.Council of EuropeC.Safe HarborD.Organisation for Economic Co-operation and Development3.Different countries have different legal systems. Which of the following correctly describes customary law?(分数:2.00)A.Not many countries work under this law purely; mo
4、st instead use a mixed system where this law, which deals mainly with personal conduct and patterns of behavior, is an integrated component.B.It covers all aspects of human life, but is commonly divided into responsibilities and obligations to others, and religious duties.C.It is a rule-based law fo
5、cused on codified law.D.Based on previous interpretations of laws, this system reflects the communitys morals and expectations.4.Widgets Inc. wishes to protect its logo from unauthorized use. Which of the following will protect the logo and ensure that others cannot copy and use it?(分数:2.00)A.Patent
6、B.CopyrightC.TrademarkD.Trade secret law5.There are four categories of software licensing. Which of the following refers to software sold at a reduced cost?(分数:2.00)A.SharewareB.Academic softwareC.FreewareD.Commercial software6.There are different types of approaches to regulations. Which of the fol
7、lowing is an example of self-regulation?(分数:2.00)A.The Health Insurance Portability and Accountability ActB.The Sarbanes-Oxley ActC.The Computer Fraud and Abuse ActD.PCI Data Security Standard7.Which of the following means that a company did all it could have reasonably done to prevent a security br
8、each?(分数:2.00)A.Downstream liabilityB.ResponsibilityC.Due diligenceD.Due care8.There are three different types of incident response teams. Which of the following correctly describes a virtual team?(分数:2.00)A.It consists of experts who have other duties within the organization.B.It can be cost prohib
9、itive to smaller organizations.C.It is a hybrid model.D.Core members are permanently assigned to the team.9.A suspected crime has been reported within your organization. Which of the following steps should the incident response team take first?(分数:2.00)A.Establish a procedure for responding to the i
10、ncident.B.Call in forensics experts.C.Determine that a crime has been committed.D.Notify senior management.10.During an incident response, what stage involves mitigating the damage caused by an incident?(分数:2.00)A.InvestigationB.ContainmentC.TriageD.Analysis11.Which of the following is a correct sta
11、tement regarding computer forensics?(分数:2.00)A.It is the study of computer technology.B.It is a set of hardware-specific processes that must be followed in order for evidence to be admissible in a court of law.C.It encompasses network and code analysis, and may be referred to as electronic data disc
12、overy.D.Computer forensics responsibilities should be assigned to a network administrator before an incident occurs.12.Which of the following dictates that all evidence be labeled with information indicating who secured and validated it?(分数:2.00)A.Chain of custodyB.Due careC.InvestigationD.Motive, O
13、pportunity, and Means13.There are several categories of evidence. How is a witnesss oral testimony categorized?(分数:2.00)A.Best evidenceB.Secondary evidenceC.Circumstantial evidenceD.Conclusive evidence14.For evidence to be legally admissible, it must be authentic, complete, sufficient, and reliable.
14、 Which characteristic refers to the evidence having a reasonable and sensible relationship to the findings?(分数:2.00)A.CompleteB.ReliableC.AuthenticD.Sufficient15.Which of the following best describes exigent circumstances?(分数:2.00)A.The methods used to capture a suspects actions are neither legal no
15、r ethical.B.Enticement is used to capture a suspects actions.C.Hacking does not actually hurt anyone.D.The seizure of evidence by law enforcement because there is concern that a suspect will attempt to destroy it.16.What role does the Internet Architecture Board play regarding technology and ethics?
16、(分数:2.00)A.It creates criminal sentencing guidelines.B.It issues ethics-related statements concerning the use of the Internet.C.It edits Request for Comments.D.It maintains ten commandments for ethical behavior.17.Which of the following statements is not true of dumpster diving?(分数:2.00)A.It is lega
17、l.B.It is unethical.C.It is illegal.D.It is a nontechnical attack.18.Which of the following is a legal form of eavesdropping when performed with prior consent or a warrant?(分数:2.00)A.Denial of ServiceB.Dumpster divingC.WiretappingD.Data diddling19.What type of common law deals with violations commit
18、ted by individuals against government laws, which are created to protect the public?(分数:2.00)A.Criminal lawB.Civil lawC.Tort lawD.Regulatory law20.During what stage of incident response is it determined if the source of the incident was internal or external, and how the offender penetrated and gaine
19、d access to the asset?(分数:2.00)A.AnalysisB.ContainmentC.TrackingD.Follow-up21.Which of the following is not true of a forensics investigation?(分数:2.00)A.The crime scene should be modified as necessary.B.A file copy tool may not recover all data areas of the device that are necessary for investigatio
20、n.C.Contamination of the crime scene may not negate derived evidence, but it should still be documented.D.Only individuals with knowledge of basic crime scene analysis should have access to the crime scene.22.Great care must be taken to capture clues from a computer or device during a forensics exer
21、cise. Which of the following does not correctly describe the efforts that should be taken to protect an image?(分数:2.00)A.The original image should be hashed with MD5 and/or SHA-256.B.Two time-stamped images should be created.C.New media should be properly purged before images are created on them.D.S
22、ome systems must be imaged while they are running.23.Which of the following attacks can be best prevented by limiting the amount of electrical signals emitted from a computer system?(分数:2.00)A.Salami attackB.Emanations capturingC.Password sniffingD.IP spoofing24.As a CISSP candidate, you must sign a
23、 Code of Ethics. Which of the following is from the (ISC) 2 Code of Ethics for the CISSP?(分数:2.00)A.Information should be shared freely and openly; thus, sharing confidential information should be ethical.B.Think about the social consequences of the program you are writing or the system you are desi
24、gning.C.Discourage unnecessary fear or doubt.D.Do not participate in Internet-wide experiments in a negligent manner.25.What concept states that a criminal leaves something behind and takes something with them?(分数:2.00)A.Modus OperandiB.ProfilingC.Locards Principle of ExchangeD.Motive, Opportunity,
25、and Means26.Which of the following was the first international treaty seeking to address computer crimes by coordinating national laws and improving investigative techniques and international cooperation?(分数:2.00)A.Council of Global Convention on CybercrimeB.Council of Europe Convention on Cybercrim
26、eC.Organisation for Economic Co-operation and DevelopmentD.Organisation for Cybercrime Co-operation and Development27.Lee is a new security manager who is in charge of ensuring that his company complies with the European Union Principles on Privacy when his company is interacting with their European
27、 partners. The set of principles that deals with transmitting data considered private is encompassed within which of the following laws or regulations?(分数:2.00)A.Data Protection DirectiveB.Organisation for Economic Co-operation and DevelopmentC.Federal Private BillD.Privacy Protection Law28.The comm
28、on law system is broken down into which of the following categories?(分数:2.00)A.Common, civil, criminalB.Legislation, bills, regulatoryC.Civil, criminal, regulatoryD.Legislation, bills, civil29.Privacy is becoming more threatened as the world relies more and more on technology. There are several appr
29、oaches to addressing privacy, including the generic approach and regulation by industry. Which of the following best describes these two approaches?(分数:2.00)A.The generic approach is vertical enactment. Regulation by industry is horizontal enactment.B.The generic approach is horizontal enactment. Re
30、gulation by industry is vertical enactment.C.The generic approach is government enforced. Regulation by industry is self-enforced.D.The generic approach is self-enforced. Regulation by industry is government enforced.The following scenario will be used for questions 30 and 31.Stephanie has been put
31、in charge of developing incident response and forensics procedures her company needs to carry out if an incident occurs. She needs to ensure that their procedures map to the international principles for gathering and protecting digital evidence. She also needs to ensure that if and when internal for
32、ensics teams are deployed, they have labels, tags, evidence bags, cable ties, imaging software, and other associated tools.(分数:4.00)(1).Which of the following best describes the organization that developed the best practices that Stephanie needs to ensure her companys procedures map to?(分数:2.00)A.In
33、ternet Activities BoardB.International Organization on Computer EvidenceC.Department of Defense Forensics CommitteeD.International Forensics Standards Board(2).Which of the following best describes what Stephanie needs to build for the deployment teams?(分数:2.00)A.Local and remote imaging systemB.For
34、ensics field kitC.Chain of custody procedures and toolsD.Digital evidence collection softwareCISSP 认证考试(法律、法规、调查与合规)-试卷 1 答案解析(总分:62.00,做题时间:90 分钟)1.Cyberlaw categorizes computer-related crime into three categories. Which of the following is an example of a crime in which the use of a computer would
35、 be categorized as incidental?(分数:2.00)A.Carrying out a buffer overflow to take control of a systemB.The electronic distribution of child pornography C.Attacking financial systems to steal fundsD.Capturing passwords as they are sent to the authentication server解析:解析:B 正确。美国已经制定了法律来打击 3 种类型的犯罪:计算机辅助犯
36、罪、针对计算机的犯罪和附带计算机犯罪。如果某种犯罪属于“附带计算机犯罪”的范畴,这意味着计算机仅以一种次要的方式参与进来,但它的参与微不足道。儿童色情物品的数字发行便是一种“附带计算机犯罪”的例子。真正的犯罪是获取和共享儿童色情图片或图形。这些图片既可以存储在一个文件服务器上,也可以存放在某人桌子上的物理文件中。所以,如果某种犯罪属于这种犯罪类型,并非是一个计算机攻击另外一个计算机。虽然计算机未遭受攻击,但是它却以某种方式被人使用。因此,计算机成为与犯罪有关的额外的证据来源。 A 不正确。因为利用缓冲区溢出达到控制系统的目的便是一种针对计算机的犯罪。针对计算机的犯罪是指专门针对计算机(和它的主
37、人)的攻击。其他针对计算机犯罪的例子还有:分布式拒绝服务攻击(distributed denial-of-service attack)、安装旨在造成瘫痪的恶意软件、安装具有恶意目的的rootkits 和嗅探器。 C 不正确。因为攻击金融系统以偷取资金是一种计算机辅助犯罪。计算机辅助犯罪是指将计算机作为开展犯罪活动的工具。计算机辅助犯罪的例子还有:通过攻击军事系统获取军事情报资料和通过攻击重要的国家基础设施系统从事信息战活动。 D 不正确。因为在密码被发送到验证服务器时截获它们是一个针对计算机犯罪的例子。“计算机辅助犯罪”和“针对计算机的犯罪”这两个类别通常容易被混淆,因为从直觉上来看,任何攻
38、击都属于这两类。而区分它们的一种方法就是:针对计算机的犯罪没有计算机就不可能实现,而计算机辅助犯罪在没有计算机的情况下仍然可行。因此,针对计算机的犯罪在计算机普及使用之前不存在(也不可能存在)。换句话说,在过去的好时光里,你不能对你的邻居进行缓冲区溢出攻击,也不能在你敌人的系统上安装恶意软件。这些犯罪都需要用到计算机。2.Which organization has been developed to deal with economic, social, and governance issues, and with how sensitive data is transported ove
39、r borders?(分数:2.00)A.European UnionB.Council of EuropeC.Safe HarborD.Organisation for Economic Co-operation and Development 解析:解析:D 正确。跨国家边境传输数据的国际组织必须了解和遵循经济合作与发展组织(Organisation for Economic Co-operation and Development,OECD)准则。因为关于私人数据的定义以及如何保护私人数据,大多数国家都有不同的法律条款,因此,国际贸易变得更加错综复杂并给国家经济带米了负面影响。OECD
40、是一个国际化组织,它旨在帮助不同国家和政府共同应对全球化经济所面临的经济、社会和管理挑战。正因为如此,OECD 提出了不同国家应该遵循行为指南,从而确保数据得到保护,以及各国都遵循相同的一套规则。这套规则之一便是主体应该能够找出一个组织是否拥有它们自己的私人信息,如果有的话,这信息是什么,从而纠正错误数据并对要求这样做的否定请求提出质疑。 A 不正确。因为欧盟(European Union)不是一个处理经济、社会和治理问题的组织,而是一个处理敏感数据保护问题的组织。欧盟的隐私原则是:必须在收集数据时具体说明收集原因:数据不能用作其他目的:不应该收集不必要的数据;数据应该只保留到完成既定任务为止
41、:只有需要完成既定任务的人才应该拥有数据的访问权:任何负责安全地存储数据的人都不应该允许数据的无意“泄露”。 B 不正确。因为欧洲理事会(Council of Europe)负责创建网络犯罪公约(Conventionfor Cybercrime)。欧洲理事会的网络犯罪公约试图创建一个应对网络犯罪的国际标准。实际上,它是第一个试图通过协调国家法律、提高侦查技术和国际合作寻求处理计算机犯罪的国际化条约。这个公约的目标包括为被告的管辖权和引渡创建一个框架。例如,只有当事故在两个司法管辖区都是犯罪行为时,条约中的引渡条款才可生效。 C 不正确。因为安全港(Safe Harbor)不是一个组织,而是对希
42、望与欧洲各实体交换数据的组织的一系列要求。一直以来,欧洲在保护隐私数据方面的控制都要比美国和世界其他地区更加严格。所以,过去当美国和欧洲公司需要交换数据时就会出现混乱,业务也会中断,因为律师不得不介入以找出如何在不同的法律框架内工作的方法。为了收拾这一残局,一个叫做“安全港”框架应运而生,它描述了任何计划从欧洲转移隐私数据或者向欧洲转移隐私数据的实体都应如何保护这些数据。与欧洲实体打交道的美国公司可以以这个规则为基础获得合格证书,从而使得数据传输能够更快、更容易地进行。3.Different countries have different legal systems. Which of th
43、e following correctly describes customary law?(分数:2.00)A.Not many countries work under this law purely; most instead use a mixed system where this law, which deals mainly with personal conduct and patterns of behavior, is an integrated component. B.It covers all aspects of human life, but is commonl
44、y divided into responsibilities and obligations to others, and religious duties.C.It is a rule-based law focused on codified law.D.Based on previous interpretations of laws, this system reflects the communitys morals and expectations.解析:解析:A 正确。习惯法(Customary Law)是一个与个人行为习惯和行为模式有关的法律。它基于一个地区的传统和习俗而制定
45、。它是随着社区的出现以及人与人的合作成为必要而产生的。不是所有的国家都纯粹依照习惯法体系行事;相反,绝大多数国家使用的是集成了习惯法的混合体系(被编撰成法典的民法系统来源于习惯法)。习惯法通常用于世界上拥有混合法律体系的地区,比如中国和印度。习惯法体系常使用罚款或者提供服务等赔偿方式。 B 不正确。因为此选项描述的是宗教法律体系。习惯法是与个人的行为习惯和行为模式有关的法律,而宗教法律体系则通常分为对他人承担的责任和义务,以及宗教职责。宗教法律体系是基于一个地区的宗教信仰。例如,在伊斯兰教国家,法律是根据古兰经的规则而制定的。然而,每个伊斯兰教国家的法律也不尽相同。 C 不正确。因为民法(ci
46、vil law)是以规则为基础,多数情况下以成文法(即被写下来的法律)为中心。民法是世界上使用最广泛的法律体系,也是欧洲最常用的法律体系。它是各州或各国建立的进行自我规范的法律。因此,民法还可以细分为若干小类,比如法国民法、德国民法等。 D 不正确。因为普通法(common law)是基于以前法律的解释。在过去,法官会走遍全国执行法律和解决争端。他们没有书面的法律集,所以他们根据自己的法律习惯和先例来判案。这个体系反映了社会的道德和期望。4.Widgets Inc. wishes to protect its logo from unauthorized use. Which of the f
47、ollowing will protect the logo and ensure that others cannot copy and use it?(分数:2.00)A.PatentB.CopyrightC.Trademark D.Trade secret law解析:解析:C 正确。知识产权(intellectual property)受几种不同法律的保护,到底受哪种法律的保护取决于知识产权的资源类型。商标法用于保护单词、名称、标志、声音、形状、颜色或它们的组合例如 Logo。公司之所以把这些或这些的组合注册成商标是因为在人们和世界面前,它代表着这个公司(品牌标识)。公司的营销部门努力
48、创新的目的是希望该公司引起人们的关注,并在众多竞争者中脱颖而出。把这种努力的结果在政府部门注册成商标是正确保护它,确保其他人不会复制和使用它的一个方法。 A不正确。因为专利权(patent)保护发明,而商标权保护单词、名称、标注、声音、形状、颜色或它们的组合。专利被授予个人或公司,以承认其合法所有权,使他们能够防止别人使用或者复制受专利保护的发明。专利涵盖了发明。发明必须新颖、实用而不显而易见。专利权是对知识产权最有力的保护形式。 B 不正确。因为在美国,版权(copyright)法保护作者对公开发行、复制、展示和对原著改编的控制权利。这个法律涵盖了多个作品类别:图案、图形、音乐、戏剧、文学、
49、电影、雕塑、录音和建筑。版权法并不涵盖特定资源。它保护的是对资源的想法的表现,而不是资源本身。版权法通常用于保护作家的作品、艺术家的绘画、程序员的源代码或者音乐家创作的特定节奏和结构。 D 不正确。因为商业秘密法保护特定类型的信息或资源免受未经授权的使用或泄露。对于拥有商业秘密资源的公司而言,这个资源必须带给公司某种有竞争力的价值或优势。如果开发某个商业秘密需要特殊的技能、智慧和(或)资金,以及不懈努力的话,该商业秘密可以受到法律保护。5.There are four categories of software licensing. Which of the following refers to software sold at a reduced cost?(分数:2.00)A.SharewareB.Academic software C.FreewareD.Commercial software解析:解析:B 正确。当供应商开发出一个应用程序时,供应商通常会提供应用程序许可证而不是直接出售它。许可证协议包括与这个软件及其相关手册的使用和安全有关的规定。如果公司或个人未能遵守并履行这些规定,许可证有可能被吊销;根据行为的性质还可能受到刑事指控。开发这一软件并向外颁发许可证的供应商所面临的风险是损失了本应该获得的利润。软件许可证的四个类别是:共享软件
