1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 264
Выбрать главу

a. Online stalkers

b. Computer worm designers

c. Computer virus designers

d. An employee tapping into a former employer’s computer

180. a. Online stalking is harassment by a computer via sending threatening or obscene electronic-mail messages. Antistalking laws are state government-dependent and hence not enforced uniformly. The victim may be able to seek a restraining order to stop such online conduct.

The other three choices are incorrect because they cause heavy damage in terms of financial losses. A worm and virus designer can destroy valuable computer programs and tie up the network for hours and days. An employee tapping into a former employer’s computer can steal valuable information and can sell it to competitors for financial gain or revenge.

181. Which one of the following raises significant legal issues in terms of fair use of copyrighted material?

a. Published work on paper

b. Unpublished work on paper

c. Digitized work on computer

d. Out-of-print work on paper

181. c. Information that is in digital form, and is thus easy to reuse and manipulate, raises a number of legal issues about what constitutes fair use. For example, if computer software is reverse-engineered, the systems analyst might copy the entire work, not just parts of it. This causes a significant loss of market share to the software vendor.

The other choices deal with paper media where “fair use” is clearly defined in terms of percentage of the work copied or used.

182. Which of the following is a major risk of not tracking personal computer hardware and software assets?

a. Incorrect amortization charges

b. Incorrect depreciation charges

c. Charges of software piracy

d. Lost vendor discounts

182. c. Managing PC hardware and software assets alerts management of any new, unauthorized software brought into the organization for the purpose of using it. These alerts not only find the presence of computer viruses but also protect from software piracy charges. Any unauthorized use of software should be discouraged.

The other three choices are incorrect because incorrect depreciation and amortization charges and lost vendor discounts are also risks, but not as big as the computer viruses and charges of software piracy. Amortization is used for software, whereas depreciation is used for hardware. An incorrect depreciation and amortization charge will result when the hardware and software assets are not properly accounted for and valued for. Vendor purchase discounts will be lost when centralized purchasing management is not aware of the potential assets.

183. A United States organization is transmitting its data outside the country. Its management must be alerted to which of the following?

a. The receiving country’s transborder laws

b. The transmitting country’s transborder laws

c. The receiving organization’s data center policies

d. The transmitting organization’s data center policies

183. a. Many European countries (e.g., Germany) place strong restrictions on the international flow of personal and financial data. This includes personal records, bank statements, and even mailing lists. Therefore, the transmitting country should be aware of the receiving country’s transborder data flow laws. A specific data center’s policies have nothing to do with the country’s transborder data flow laws.

184. Which one of the following logs helps in assessing the final damage from computer security incidents?

a. Contact logs

b. Activity logs

c. Incident logs

d. Audit logs

184. c. An organization needs to retain a variety of information for its own operational use and for conducting reviews of effectiveness and accountability. Incident logs are generated during the course of handling an incident. Incident logs are important for accurate recording of events that may need to be relayed to others. Information in incident logs is helpful for establishing new contacts; piecing together the cause, course, and extent of the incident; and for post-incident analysis and final assessment of damage. An incident should minimally contain (i) all actions taken, with times noted, (ii) all conversations, including the person(s) involved, the date and time, and a summary, and (iii) all system events and other pertinent information such as user IDs. The incident log should be detailed, accurate, and the proper procedures should be followed so that the incident log could be used as evidence in a court of law.

Contact logs are incorrect because they include such items as vendor contacts, legal and investigative contacts, and other individuals with technical expertise. A contact database record might include name, title, address, phone/fax numbers, e-mail address, and comments.

Activity logs are incorrect because they reflect the course of each day. Noting all contacts, telephone conversations, and so forth ultimately saves time by enabling one to retain information that may prove useful later.

Audit logs are incorrect because they contain information that is useful to trace events from origination to destination and vice versa. This information can be used to make users accountable on the system.

185. Software is an intellectual property. Which one of the following statements is true about software use and piracy?

a. An employee violated the piracy laws when he copied commercial software at work to use at home for 100 percent business reasons.

b. An employee violated the piracy laws when he copied commercial software for backup purposes.

c. An employee violated the piracy laws when he copied commercial software at work to use on the road for 100 percent business reasons.

d. The terms of the software license contract determines whether a crime or violation has taken place.

185. d. Software piracy laws are complex and varied. A software vendor allows users to have two copies (one copy at work and the other one at home or on the road as long as they are using only one copy at a time), and a copy for backup purposes. Because each vendor’s contractual agreement is different, it is best to consult with that vendor’s contractual terms.

186. Regarding presenting evidence in a court of law, which one of the following items is not directly related to the other three items?

a. Exculpatory evidence

b. Inculpatory evidence

c. Internal body of evidence

d. Electronic evidence

186. c. Evidence can be internal or external depending on when and where it is presented. The internal body of evidence is not related to the other three items because it is the set of data that documents the information system’s adherence to the security controls applied. It is more of an evidence of internal control documents within an organization, and it might be used in a court of law as external evidence when needed.

The other three choices are incorrect because they are examples of external evidence required in a court of law, and are directly related to each other. Exculpatory evidence is the evidence that tends to decrease the likelihood of fault or guilt. Inculpatory evidence is the evidence that tends to increase the likelihood of fault or guilt. Electronic evidence is data and information of investigative value that is stored on or transmitted by an electronic device.

~ 264 ~