CISSP Prep- Legal And Investigations

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Cindymurray

Cindymurray

Community Contributor

Quizzes Created: 8 | Total Attempts: 14,975

Questions: 15 | Attempts: 173 | Updated: Mar 20, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Difficulty

Sequential Easy First Hard First

Play as

Quiz Flashcard

Create your own Quiz

Share on Facebook Share on Twitter Share on Whatsapp Share on Pinterest Share on Email Copy to Clipboard Embed on your website

Questions and Answers

1.

Where does the greatest risk of cybercrime come from?
- A.
  
  Outsiders
- B.
  
  Nation-states
- C.
  
  Insiders
- D.
  
  Script kiddies
Correct Answer
C. Insiders

Explanation
A word of caution is necessary: although the media has tended
to portray the threat of cybercrime as existing almost exclusively from the outside,
external to a company, reality paints a much diff erent picture. Th e greatest risk of
cybercrime comes from the inside, namely, criminal insiders. Page 520.

Rate this question:
2.

What is the biggest hindrance to dealing with computer crime?
- A.
  
  Computer criminals are generally smarter than computer investigators.
- B.
  
  Adequate funding to stay ahead of the computer criminals.
- C.
  
  Activity associated with computer crime is truly international.
- D.
  
  Th ere are so many more computer criminals than investigators that it is impossible to keep up.
Correct Answer
C. Activity associated with computer crime is truly international.

Explanation
Th e biggest hindrance to eff ectively dealing with computer
crime is the fact that this activity is truly international in scope, and thus requires
an international solution, as opposed to a domestic one based on archaic concepts
of borders and jurisdictions. Page 520.

Rate this question:
3.

Computer forensics is really the marriage of computer science, information technology, and engineering with
- A.
  
  Law
- B.
  
  Information systems
- C.
  
  Analytical thought
- D.
  
  Th e scientifi c method
Correct Answer
A. Law

Explanation
As a forensic discipline, this area deals with evidence and the
legal system and is really the marriage of computer science, information technology,
and engineering with law. Page 529.

Rate this question:
4.

What principal allows us to identify aspects of the person responsible for a crime when, whenever committing a crime, the perpetrator takes something with him and leaves something behind?
- A.
  
  Meyer’s principal of legal impunity
- B.
  
  Criminalistic principals
- C.
  
  IOCE/Group of 8 Nations principals for computer forensics
- D.
  
  Locard’s principal of exchange
Correct Answer
D. Locard’s principal of exchange

Explanation
Locard’s principle of exchange states that when a crime is committed,
the perpetrators leave something behind and take something with them,
hence the exchange. Th is principle allows us to identify aspects of the persons
responsible, even with a purely digital crime scene. Page 530.

Rate this question:
5.

Which of the following is not one of the fi ve rules of evidence?
- A.
  
  Be authentic
- B.
  
  Be redundant
- C.
  
  Be complete
- D.
  
  Be admissible
Correct Answer
B. Be redundant

Explanation
At a more generic level, evidence should have some probative
value, be relevant to the case at hand, and meet the following criteria (often called
the fi ve rules of evidence): be authentic, be accurate, be complete, be convincing,
and be admissible. Page 531.

Rate this question:
6.

What is not mentioned as a phase of an incident response?
- A.
  
  Documentation
- B.
  
  Prosecution
- C.
  
  Containment
- D.
  
  Investigation
Correct Answer
B. Prosecution

Explanation
Th e incident response and handling phase can be broken down
further into triage, investigation, containment, and analysis and tracking. Page 523.

Rate this question:
7.

__________ emphasizes the abstract concepts of law and is infl uenced by the writings of legal scholars and academics.
- A.
  
  Criminal law
- B.
  
  Civil law
- C.
  
  Religious law
- D.
  
  Administrative law
Correct Answer
B. Civil law

Explanation
Civil law emphasizes the abstract concepts of law and is infl uenced
by the writings of legal scholars and academics, more so than common law
systems. Page 509

Rate this question:
8.

Which type of intellectual property covers the expression of ideas rather than the ideas themselves?
- A.
  
  Trademark
- B.
  
  Patent
- C.
  
  Copyright
- D.
  
  Trade secret
Correct Answer
C. Copyright

Explanation
A copyright covers the expression of ideas rather than the ideas
themselves; it usually protects artistic property such as writing, recordings, databases,
and computer programs. Page 512.

Rate this question:
9.

Which type of intellectual property protects the goodwill a merchant or vendor invests in its products?
- A.
  
  Trademark
- B.
  
  Patent
- C.
  
  Copyright
- D.
  
  Trade secret
Correct Answer
A. Trademark

Explanation
Trademark laws are designed to protect the goodwill a merchant
or vendor invests in its products. Page 511.

Rate this question:
10.

Which of the following is not a computer forensics model?
- A.
  
  IOCE
- B.
  
  SWGDE
- C.
  
  MOM
- D.
  
  ACPO
Correct Answer
C. MOM

Explanation
Like incident response, there are various computer forensics
guidelines (e.g., International Organization of Computer Evidence (IOCE),
Scientifi c Working Group on Digital Evidence (SWGDE), Association of Chief
Police Offi cers (ACPO)). Th ese guidelines formalize the computer forensic processes
by breaking them into numerous phases or steps. MOM stands for means,
opportunity, and motives. Page 529.

Rate this question:
11.

Which of the following is not a category of software licensing?
- A.
  
  Freeware
- B.
  
  Commercial
- C.
  
  Academic
- D.
  
  End-user licensing agreement
Correct Answer
D. End-user licensing agreement

Explanation
Th ere are four categories of software licensing: freeware, shareware,
commercial, and academic. Within these categories, there are specifi c types
of agreements. Master agreements and end-user licensing agreements (EULAs) are
the most prevalent. Page 513.

Rate this question:
12.

What are the rights and obligations of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information related to?
- A.
  
  Privacy
- B.
  
  Secrecy
- C.
  
  Availability
- D.
  
  Reliability
Correct Answer
A. Privacy

Explanation
Privacy can be defi ned as “the rights and obligations of individuals
and organizations with respect to the collection, use, retention, and disclosure
of personal information.” Page 514.

Rate this question:
13.

Triage encompasses which of the following incident response subphases?
- A.
  
  Collection, transport, testimony
- B.
  
  Traceback, feedback, loopback
- C.
  
  Detection, identification, notifi cation
- D.
  
  Confi dentiality, integrity, availability
Correct Answer
C. Detection, identification, notifi cation

Explanation
Triage is a process in incident response that involves quickly assessing and prioritizing the incidents. The correct answer, "Detection, identification, notification," accurately represents the subphases of triage. Detection refers to identifying the presence of an incident, identification involves determining the nature and scope of the incident, and notification involves informing the appropriate individuals or teams about the incident. These subphases are crucial in effectively responding to and managing incidents.

Rate this question:
14.

Integrity of a forensic bit stream image is often determined by
- A.
  
  Comparing hash totals to the original source
- B.
  
  Keeping good notes
- C.
  
  Taking pictures
- D.
  
  Can never be proven
Correct Answer
A. Comparing hash totals to the original source

Explanation
Ensuring the authenticity and integrity of evidence is critical.
If the courts feel the evidence or its copies are not accurate or lack integrity, it is
doubtful that the evidence or any information derived from the evidence will be
admissible. Th e current protocol for demonstrating authenticity and integrity relies
on hash functions that create unique numerical signatures that are sensitive to any

Rate this question:
15.

When dealing with digital evidence, the crime scene
- A.
  
  Must never be altered
- B.
  
  Must be completely reproducible in a court of law
- C.
  
  Must exist in only one country
- D.
  
  Must have the least amount of contamination that is possible
Correct Answer
D. Must have the least amount of contamination that is possible

Explanation
Given the importance of the evidence that is available at a
crime scene, the ability to deal with a scene in a manner that minimizes the amount
of disruption, contamination, or destruction of evidence. Once a scene has been contaminated,
there is no undo or redo button to push; the damage is done. Page 531.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 20, 2023

Quiz Edited by
ProProfs Editorial Team
Dec 21, 2012

Quiz Created by
Cindymurray

CISSP Prep- Legal And Investigations

Where does the greatest risk of cybercrime come from?

What is the biggest hindrance to dealing with computer crime?

Computer forensics is really the marriage of computer science, information technology, and engineering with

What principal allows us to identify aspects of the person responsible for a crime when, whenever committing a crime, the perpetrator takes something with him and leaves something behind?

Which of the following is not one of the fi ve rules of evidence?

What is not mentioned as a phase of an incident response?

__________ emphasizes the abstract concepts of law and is infl uenced by the writings of legal scholars and academics.

Which type of intellectual property covers the expression of ideas rather than the ideas themselves?

Which type of intellectual property protects the goodwill a merchant or vendor invests in its products?

Which of the following is not a computer forensics model?

Which of the following is not a category of software licensing?

What are the rights and obligations of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information related to?

Triage encompasses which of the following incident response subphases?

Integrity of a forensic bit stream image is often determined by

When dealing with digital evidence, the crime scene