Читаем CISSP Practice полностью

183. a. Many European countries (e.g., Germany) place strong restrictions on the international flow of personal and financial data. This includes personal records, bank statements, and even mailing lists. Therefore, the transmitting country should be aware of the receiving country’s transborder data flow laws. A specific data center’s policies have nothing to do with the country’s transborder data flow laws.

184. Which one of the following logs helps in assessing the final damage from computer security incidents?

a. Contact logs

b. Activity logs

c. Incident logs

d. Audit logs

184. c. An organization needs to retain a variety of information for its own operational use and for conducting reviews of effectiveness and accountability. Incident logs are generated during the course of handling an incident. Incident logs are important for accurate recording of events that may need to be relayed to others. Information in incident logs is helpful for establishing new contacts; piecing together the cause, course, and extent of the incident; and for post-incident analysis and final assessment of damage. An incident should minimally contain (i) all actions taken, with times noted, (ii) all conversations, including the person(s) involved, the date and time, and a summary, and (iii) all system events and other pertinent information such as user IDs. The incident log should be detailed, accurate, and the proper procedures should be followed so that the incident log could be used as evidence in a court of law.

Contact logs are incorrect because they include such items as vendor contacts, legal and investigative contacts, and other individuals with technical expertise. A contact database record might include name, title, address, phone/fax numbers, e-mail address, and comments.

Activity logs are incorrect because they reflect the course of each day. Noting all contacts, telephone conversations, and so forth ultimately saves time by enabling one to retain information that may prove useful later.

Audit logs are incorrect because they contain information that is useful to trace events from origination to destination and vice versa. This information can be used to make users accountable on the system.

185. Software is an intellectual property. Which one of the following statements is true about software use and piracy?

a. An employee violated the piracy laws when he copied commercial software at work to use at home for 100 percent business reasons.

b. An employee violated the piracy laws when he copied commercial software for backup purposes.

c. An employee violated the piracy laws when he copied commercial software at work to use on the road for 100 percent business reasons.

d. The terms of the software license contract determines whether a crime or violation has taken place.

185. d. Software piracy laws are complex and varied. A software vendor allows users to have two copies (one copy at work and the other one at home or on the road as long as they are using only one copy at a time), and a copy for backup purposes. Because each vendor’s contractual agreement is different, it is best to consult with that vendor’s contractual terms.

186. Regarding presenting evidence in a court of law, which one of the following items is not directly related to the other three items?

a. Exculpatory evidence

b. Inculpatory evidence

c. Internal body of evidence

d. Electronic evidence

186. c. Evidence can be internal or external depending on when and where it is presented. The internal body of evidence is not related to the other three items because it is the set of data that documents the information system’s adherence to the security controls applied. It is more of an evidence of internal control documents within an organization, and it might be used in a court of law as external evidence when needed.

The other three choices are incorrect because they are examples of external evidence required in a court of law, and are directly related to each other. Exculpatory evidence is the evidence that tends to decrease the likelihood of fault or guilt. Inculpatory evidence is the evidence that tends to increase the likelihood of fault or guilt. Electronic evidence is data and information of investigative value that is stored on or transmitted by an electronic device.