1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 263
Выбрать главу

172. c. With the use of either a publicly available software inventory management tool or utility program, the software searches hard disks for the presence of popular applications, and a list is prepared when a match is found. The list is then compared to company issued purchase orders. When illegal software is found, it is destroyed, and a new one is purchased. The software inventory management tool is the best means to do software audits, and it can be managed remotely by system administrators, who are independent from users. The actions suggested in the other three choices are superficial and do not achieve the same purpose as the software inventory management system.

173. Which one of the following statements is true about application software source code escrow?

a. It uses a key escrow system.

b. It is placing computer programs in a bank vault.

c. It is meaningless without an object code escrow.

d. It is placing computer programs under third-party custody.

173. d. Many application software vendors do not release the source code to the purchaser. This is intended to protect their system’s integrity and copyright. The application system is installed in object code. An alternative to receiving the source programs is to establish an escrow agreement by a third-party custodian. In this agreement, the purchaser is allowed to access source programs under certain conditions (e.g., vendor bankruptcy and discontinued product support). A third party retains these programs and documents in escrow. Key escrow system is incorrect because it has nothing to do with application software escrow. A key escrow system is a system that entrusts the two components (private and public key) comprising a cryptographic key used in encryption to two key component holders or escrow agents. Computer programs in a bank vault are incorrect because they do not need to be placed in a bank vault. They can be placed with a third party agent regardless of the location. Object code is incorrect because it is not escrowed; only the source code is.

174. Which of the following statements about Cyberlaw (i.e., law dealing with the Internet) is true?

a. All materials published on the Internet and computer bulletin boards are subject to copyright protection only when accompanied by a formal copyright notice.

b. The bulletin board provider is liable for copyright infringement on its board only when it is aware of it.

c. Organizations own the copyright for building Internet sites by freelance writers.

d. An employer will always be the owner of an Internet work created by an employee within the scope of employment.

174. d. An employer will be the owner of a work created by an employee within the scope of employment. All material published on the Internet and computer bulletin boards are subject to copyright protection, whether or not it is accompanied by a formal copyright notice. It is true that an independent contractor, a freelancer, may hold the copyright in a work made for someone else if there is no express agreement to the contrary.

175. Under which of the following conditions has a copyright infringement not occurred?

a. When a work is viewed.

b. When a printed work is “scanned” into a digital file.

c. When a work is “uploaded” from a user’s computer to a bulletin board system.

d. When the contents of a downloaded file are modified.

175. a. Viewing a work is harmless, as long it is not used in a commercial way. Usually, copyright laws grant owners certain rights, including the right to reproduce a work. The reproduction work is infringed whenever a work is uploaded from a user’s computer to a bulletin board system or other server, downloaded from such a system or server, or transferred from one computer network user to another. An infringing copy is made when a printed work is scanned into a digital file and when the contents of a downloaded file are changed to prepare a derivative work.

176. Under which of the following conditions is the use of an Internet domain name (address) not illegal?

a. When the same name is used that has been in use for years by a competitor or noncompetitor.

b. When a new name is used.

c. When the company that assigns an Internet address assigns the same name.

d. When the company that assigns an Internet address has no change control system.

176. b. The Internet domain name contains elements that are in an electronic address directly following the symbol “@,” which serves as the key identifier of a computer connected to the Internet. A new name is not illegal. The case law ruled that the other three choices are illegal uses of a domain name. The company that assigns an Internet address is called a gatekeeper.

177. Sources of legal rights and obligations for privacy over electronic mail do not include:

a. The law of the country

b. Employer practices

c. Employee practices

d. Employer policies

177. c. Because e-mail can cross many state and national boundaries and even continents, it is advised to review the principal sources of legal rights and obligations. These sources include the law of the country and employer policies and practices. Employee practices have no effect on the legal rights and obligations.

178. Which of the following represents risk mitigation measures to detect, limit, or eliminate the malicious code attacks in software?

1. Secure coding practices

2. Trusted procurement processes

3. Configuration management process

4. System monitoring practices

a. 1 and 3

b. 3 only

c. 3 and 4

d. 1, 2, 3, and 4

178. d. The goal is to ensure that software does not perform functions other than those intended. Risk mitigation measures to ensure that software does not perform unintended functions (e.g., malicious code attacks) include strong integrity controls, secure coding practices, trusted procurement processes for acquiring network-related hardware and software, configuration management and control, and system monitoring practices.

179. A person sets up an electronic bulletin board on which he encourages others to upload computer-based applications’ software and games for free. The software and games are copyrighted. He then transfers the uploaded programs to a second bulletin board without any fees to potential users. The users with password access to the second bulletin board can download the programs. Under this scenario, who would be liable under wire fraud statutes?

a. The originator of the bulletin boards

b. Users who uploaded the programs to the first bulletin board

c. Users who downloaded the programs from the second bulletin board

d. Users who downloaded the programs from the first bulletin board

179. a. The originator of the bulletin board would be fully liable because he made illegal copying and distribution of copyrighted software available without payment of license fees and royalties to software manufacturers and vendors.

180. Which one of the following can cause the least damage in terms of severe financial losses?

~ 263 ~