CCT 085: Practice CISSP Exam Questions: Navigating Contractual Law, Cybersecurity Legislation, and Computer Crime Acts (Domain 1.4)

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Hey all Sean Gerber, with CISSP Cyber Training and I hope you guys are all having a wonderful day today. Today is CISSP Question Thursday. So today we're going to be talking about the various aspects as it relates to Domain 1. And we're going to be going over navigating contractual law, cybersecurity legislation and computer crime acts. Those are some of the questions that you may see on the CISSP and we're going to go over those as we talked about it in our podcast on Monday. But before we do, one thing I wanted to bring up was I saw this article this week around. These cyber criminals are actually stealing medical records from plastic surgery offices. Now, if you're listening to this podcast, you may or may not know what much deals with plastic surgery, but it's folks that actually may get procedures done on their bodies to help enhance or to make changes. I'll give you an example my children, one of them. They both had cleft lip and cleft palate and so therefore they had nose revisions, mouth revisions, those kinds of things, and that is a plastic surgeon. Well, the plastic surgeons are actually getting targeted by these folks that are specifically trying to get medical records from them. I think that mainly, the one of the aspects that they're trying to do is, in the case of much of the enhancements that are occurring, such as in the United States, there's many people that get breast augmentation, those types of aspects they're trying to then extort these plastic surgeons to then they're going to release these very explicit pictures of individuals and saying, hey, we're going to release that unless you pay up and use some sort of ransom with that, and so that's just one aspect. Right, it could be breast augmentation, it could be liposuction, it could be all of those aspects, and that's probably you don't want to take stuff from your lips, but bottom line is they are trying to take and a lot of times these folks will actually have pictures of people and they will then, in turn, try to use that to get leverage to them, have them pay ransom. So that was really interesting in that that's happening in California, south Dakota, it's Brazil and in the UK it's been occurring. So you, as a security person, you're going to be dealing with this a lot and you may, even, if you have a business, reach out to some of these folks to ask them if they've dealt with it and if that you could provide them some services. So there, it's really interesting how these cyber criminals are targeting various entities, trying to gain a foothold within the medical records aspect piece of this, but in the same time, just trying to make money off of poor people that are having to deal with this. So it's not good, but anyway, something that I thought popped up. I would have never even thought that a cyber criminal would go after a plastic surgeon, because it just didn't make sense to me. But people are, so they need your services now more than ever. All right, so we're going to get into the CISSP cyber questions of this week, and it's over domain one. You can see this video on CISSP cyber training. You can go get there and get the video. You'll be able to see it on YouTube eventually, or you just listen to this podcast. Obviously, you will be able to hear it immediately. So let's roll into question one which US law makes identity theft a federal crime? A can spam act, b HIPAA, C identity theft and assumption deterrence act or DMCA. So when it comes down to which US law makes identity theft a federal crime, it is identity theft and assumption deterrence act, it's ITADA. That is what makes it a federal crime. Which European law focuses on data protection and privacy A data protection act C or C, b GDPR, c the UK Misuse Act of 1990, or DEFTA, okay, and which European law focuses on data protection and privacy? And that is GDPR. General Data Privacy Regulation is what it is called. Question three what does the Economic Espionage Act of 1996 primarily address? A copyright infringement, b identity theft, c theft of trade secrets or D email spamming, and that is C theft of trade secrets. Theft of trade secrets or the misappropriation of valuable business information. That does include trade secrets underlines the importance of safeguarding your proprietary information. Question four which law prohibits unauthorized interception of communications? A the Can Spam Act. B the Wiretap Act, c the RECO Act or just RECO, and then D the CFAA. And the answer is the B Wiretap Act. Wiretap Act prohibits unauthorized interception of wire, oral or electronic communications. Question five which law targets unauthorized access to computer systems? A the UK Computer Misuse Act, b the DMCA, c COPPA or DECPA. Again, which law targets unauthorized access to computer systems? And the answer is A the UK Misuse Act of 1990. It criminalizes unauthorized access of computer systems within the UK and it sets legal boundaries for system access, especially for international operations. Question six which type of law deals with non-criminal disputes? A administrative law, administrative law, b criminal law, c civil law or D contractual law. Okay so what type of law deals with non-criminal disputes? And the answer is C civil law. This focuses on resolving non-criminal disputes between two parties and it's crucial for understanding. These issues, such as a breach of contract or data privacy violations, would be in the context of your CISSP and it is part of the civil law aspects. Question seven what does Can Spam Act regulate? A identity theft, b commercial emails, c electronic funds transfers or D data protection in healthcare. The Can Spam Act what does it regulate? It regulates commercial emails. B the Can Spam Act sets rules for commercial emails and protects consumers against unwanted solicitations. You see this all the time in your emails and that's part of the Can Spam Act. It's basically an integral part of all organization email policies and I highly recommend that you get aware of it, especially as you become a CISSP and you're doing cybersecurity for a company. Question eight which law governs data protection in healthcare? A, hipaa, b, copa, c, pci DSS or D CFAA? And the answer is HIPAA A. The Health Insurance Portability Accountability Act that's a lot of words governs the protection of sensitive patient health information, particularly those that are crucial to the healthcare industry. Question nine what type of law governs public administration and regulatory agencies? A civil law, b administrative law, c criminal law or D contractual law? And the answer is B administrative law. Administrative law is concerned with public administration and regulatory agencies. It is the key for ensuring policies and procedures are compliant with the governmental regulations. Question 10, what does DMCA protect? A trademarks, b digital content, c financial data or D health data. So DMCA, what does it protect? And it would be B digital content. Right, it's the Digital Millennium Copyright Act, dmca, and it came out to protect digital content such as software, music videos, et cetera not et cetera, et cetera, all right, and so it's important for any type of media or software that you may have. The DMCA covers that. Question 11, which law protects children's online privacy? A COPPA, b, cisa, b, glba or DEFTA? Defta that is a acronym, supa, and the answer is A COPPA. This is the Children's Online Privacy Protection Act, and it does protect online privacy of kids under the age of 13, and it is crucial for websites and online services that are specifically aimed towards children. So my YouTube channel, they ask me all the time do you promote to kids? And so, therefore, you have to look and understand would you fall under COPPA? Question 12, what does the RICO Act provide penalties for? Okay, rico. Okay, what does it plan act provide penalties for? A data breach, b email spam, c organized crime activity or D copyright infringement. So, depending upon who your political ads are, right now, our political person is I think Donald Trump at the time of this recording is being looked under RICO. Oh, they're not. That's true or not, who knows? But RICO has come up and I did not know what that really was at first, because I'd heard about it but didn't really know, and then, after I kind of understood the acronym, I'm like, oh yeah, I know that, but the RICO Act is for organized crime activity and it's what it's called is. It's a racketeering, influenced and corruption organizations. That's what RICO Act stands for, and it provides extended penalties for criminal acts performed in an ongoing organization, basically around organized crime. So that's what they're trying to go after for the former president of the United States. So question 13, which act focuses on electronic funds transfer? A CISA, b EFTA, c SOX or D FISMA? Again, which act focuses on electronic funds transfers? And that is A CISA. Cisa is the Cyber Information Sharing Act and it aims to improve cybersecurity by facilitating the sharing of cybersecurity threat information between the government and the private sector. All right, you also CISA comes in the Cyber Security Infrastructure Security Agency as well. So now, if you don't get confused with CISA, you have multiple reasons to get confused. Question 14, which act focuses on electronic funds transfers? A the CANSPAM Act, b EFTA, c SOX or D FISMA? And the answer is B EFTA, which stands for the Electronic Funds Transfer Act. Efta focuses on protecting consumers engaging in electronic funds transfers and it does set liability limits on those specific transfers, not on the transfers, but basically on if there's an investigation that's done. Question 15, which law focuses on integrity of financial reporting by corporations? A FISMA, b SOX, cpci, dss or DGDPR? And the answer is B socks, sarbanes, oxley aims to protect the fraudulent financial reporting by corporations and it's good. It is crucial for your security professionals in the financial sector. You need to understand that. All right, that is all I've got for you today. Hey, go out to CISP Cyber Training. I'm looking to make some changes. We're actually gonna be doing some coaching and mentoring for people. I think you're gonna like it a lot. I have a lot of response from people that are working on their CISP but they go. What do I do for my career? How do I plan for that? Just expect to see some changes around this, because I know there's a definite need for it and with my background of over 20 some years of doing cybersecurity, working from all different positions all the way up to a CISO, I understand what you need. I win. I came from nothing. I was flying B1 bombers to where I'm at today. I can help you and I'm looking to provide some level of coaching out there and mentoring for you to help you get the career you want, and that includes resume prep. That includes helping you with interview questions so that you can reach and attain the goals you want financially for you and your family. All right, again, go out to CISSPcybertrainingcom and check it out. I guarantee you will love what I've got out there to help you with your CISSP and on with your future as well. Have a great day. We'll catch you on the flip side, see ya.