17 Vincent believes that a former employee took trade secret information from his firm and brought it with him to a competitor. He wants to pursue legal action. Under what law could he pursue charges?Copyright lawLanham ActGlass-Steagall ActEconomic Espionage Act
18 Which one of the following principles imposes a standard of care upon an individual that is broad and equivalent to what one would expect from a reasonable person under the circumstances?Due diligenceSeparation of dutiesDue careLeast privilege
19 Brenda's organization recently completed the acquisition of a competitor firm. Which one of the following tasks would be LEAST likely to be part of the organizational processes addressed during the acquisition?Consolidation of security functionsIntegration of security toolsProtection of intellectual propertyDocumentation of security policies
20 Kelly believes that an employee engaged in the unauthorized use of computing resources for a side business. After consulting with management, she decides to launch an administrative investigation. What is the burden of proof that she must meet in this investigation?Preponderance of the evidenceBeyond a reasonable doubtBeyond the shadow of a doubtThere is no standard
21 Keenan Systems recently developed a new manufacturing process for microprocessors. The company wants to license the technology to other companies for use but wants to prevent unauthorized use of the technology. What type of intellectual property protection is best suited for this situation?PatentTrade secretCopyrightTrademark
22 Which one of the following actions might be taken as part of a business continuity plan?Restoring from backup tapesImplementing RAIDRelocating to a cold siteRestarting business operations
23 When developing a business impact analysis, the team should first create a list of assets. What should happen next?Identify vulnerabilities in each asset.Determine the risks facing the asset.Develop a value for each asset.Identify threats facing each asset.
24 Mike recently implemented an intrusion prevention system designed to block common network attacks from affecting his organization. What type of risk management strategy is Mike pursuing?Risk acceptanceRisk avoidanceRisk mitigationRisk transference
25 Laura has been asked to perform an SCA. What type of organization is she most likely in?Higher educationBankingGovernmentHealthcare
26 Carl is a federal agent investigating a computer crime case. He identified an attacker who engaged in illegal conduct and wants to pursue a case against that individual that will lead to imprisonment. What standard of proof must Carl meet?Beyond the shadow of a doubtPreponderance of the evidence Beyond a reasonable doubtMajority of the evidence
27 The International Information Systems Security Certification Consortium uses the logo shown here to represent itself online and in a variety of forums. What type of intellectual property protection may it use to protect its rights in this logo?CopyrightPatentTrade secretTrademark
28 Mary is helping a computer user who sees the following message appear on his computer screen. What type of attack has occurred?AvailabilityConfidentialityDisclosureDistributed
29 Which one of the following organizations would not be automatically subject to the privacy and security requirements of HIPAA if they engage in electronic transactions?Healthcare providerHealth and fitness application developerHealth information clearinghouseHealth insurance plan
30 John's network begins to experience symptoms of slowness. Upon investigation, he realizes that the network is being bombarded with TCP SYN packets and believes that his organization is the victim of a denial-of-service attack. What principle of information security is being violated?AvailabilityIntegrityConfidentialityDenial
31 Renee is designing the long-term security plan for her organization and has a three- to five-year planning horizon. Her primary goal is to align the security function with the broader plans and objectives of the business. What type of plan is she developing?OperationalTacticalSummaryStrategic
32 Gina is working to protect a logo that her company will use for a new product they are launching. She has questions about the intellectual property protection process for this logo. What U.S. government agency would be best able to answer her questions?USPTOLibrary of CongressNSANIST
33 The Acme Widgets Company is putting new controls in place for its accounting department. Management is concerned that a rogue accountant may be able to create a new false vendor and then issue checks to that vendor as payment for services that were never rendered. What security control can best help prevent this situation?Mandatory vacationSeparation of dutiesDefense in depthJob rotation
34 Which one of the following categories of organizations is most likely to be covered by the provisions of FISMA?BanksDefense contractorsSchool districtsHospitals
35 Robert is responsible for securing systems used to process credit card information. What security control framework should guide his actions?HIPAAPCI DSSSOXGLBA
36 Which one of the following individuals is normally responsible for fulfilling the operational data protection responsibilities delegated by senior management, such as validating data integrity, testing backups, and managing security policies?Data custodianData ownerUserAuditor
37 Alan works for an e-commerce company that recently had some content stolen by another website and republished without permission. What type of intellectual property protection would best preserve Alan's company's rights?Trade secretCopyrightTrademarkPatent
38 Florian receives a flyer from a U.S. federal government agency announcing that a new administrative law will affect his business operations. Where should he go to find the text of the law?United States CodeSupreme Court rulingsCode of Federal RegulationsCompendium of Laws
39 Tom enables an application firewall provided by his cloud infrastructure as a service provider that is designed to block many types of application attacks. When viewed from a risk management perspective, what metric is Tom attempting to lower by implementing this countermeasure?ImpactRPO MTOLikelihood
40 Which one of the following individuals would be the most effective organizational owner for an information security program?CISSP-certified analystChief information officer (CIO)Manager of network securityPresident and CEO
41 What important function do senior managers normally fill on a business continuity planning team?Arbitrating disputes about criticalityEvaluating the legal environmentTraining staffDesigning failure controls
42 You are the CISO for a major hospital system and are preparing to sign a contract with a software as a service (SaaS) email vendor and want to perform a control assessment to ensure that its business continuity planning measures are reasonable. What type of audit might you request to meet this goal?SOC 1FISMAPCI DSSSOC 2
43 Gary is analyzing a security incident and, during his investigation, encounters a user who denies having performed an action that Gary believes he did perform. What type of threat has taken place under the STRIDE model?RepudiationInformation disclosureTamperingElevation of privilege
44 Beth is the security administrator for a public school district. She is implementing a new student information system and is testing the code to ensure that students are not able to alter their own grades. What principle of information security is Beth enforcing?IntegrityAvailabilityConfidentialityDenial
45 Which one of the following issues is not normally addressed in a service-level agreement (SLA)?Confidentiality of customer informationFailover timeUptimeMaximum consecutive downtime
46 Joan is seeking to protect a piece of computer software that she developed under intellectual property law. Which one of the following avenues of protection would not apply to a piece of software?TrademarkCopyrightPatentTrade secretFor questions 47–49, please refer to the following scenario:Juniper Content is a web content development company with 40 employees located in two offices: one in New York and a smaller office in the San Francisco Bay Area. Each office has a local area network protected by a perimeter firewall. The local area network (LAN) contains modern switch equipment connected to both wired and wireless networks.Each office has its