IT Laws plm

Question 1

1/30

Network access control must cover

User registration

Answer

Clean desk policy

Answer

Routing control

Answer

Use of system utilities

Question 2

2/30

Who bears the burden of proof for the fact that the conditions for the extended electronic signature have been met?

the person invoking the electronic signature

Answer

the person against which the electronic signature has been invoked

Answer

the court of law

Question 3

3/30

Which of the following is not a principle of ISO 27001

Constructing a perfect ISMS before implementation

Answer

Continuous improvement

Answer

Monitoring and auditing

Answer

Defining policies and objectives

Question 4

4/30

In order to provide certification services one must:

notify the regulating authority

Answer

be authorized by the regulating authority

Answer

none of the above

Question 5

5/30

A timestamp provider is not liable when:

the response time is predictable and documents can be registered in another order than that in which they were received

Answer

the response time is predictable and documents cannot be registered in another order than that in which they were received

Answer

the response time is short and documents can be registered in another order than that in which they were received

Question 6

6/30

Which of the following is false:

a certificate must be suspended when the signatory has died

Answer

a certificate must be suspended when instructed by the decision of a court of law

Answer

a certificate must be revoked when the signature creation data are no longer confidential

Question 7

7/30

The Do stage does not cover

Monitoring ISMS performance

Answer

Drafting an asset inventory

Answer

Implementation of policies

Answer

Implementation of procedures

Question 8

8/30

The 4 PDCA phases are:

Plan, Do, Check, Act

Answer

Plan, Do, Correct, Act

Answer

Plan, Do, Check, Audit

Question 9

9/30

Can the signatory use a pseudonym?

yes, but not in electronic documents signed in front of an electronic notary public

Answer

yes, in all electronic documents

Answer

no, the a real name must always be used

Question 10

10/30

An electronic document has certain date since:

the signatory has died

Answer

time data was associated to it

Answer

since it was added to the signatory's document management system

Question 11

11/30

Which of the following is not a component of an ISMS

A production database

Answer

The organizational structure

Answer

A procedure for the treatment of a risk

Answer

A list of security responsibilities

Question 12

12/30

Controls for human resources risks after the termination of employment do not include

Clearly defined termination responsibilities

Answer

Returning of all assets

Answer

Removal of access rights

Answer

Information security awareness training

Question 13

13/30

In the act phase of the PDCA:

Corrective actions are taken to address potential security events

Answer

Preventive actions are taken to address potential security events

Answer

Preventive actions are taken to address existing security events

Question 14

14/30

An electronic document has authentic value when:

an electronic signature has been logically associated to the document and it is recognized by the party it is invoked against

Answer

an electronic signature has been logically associated to the document and it is not recognized by the party it is invoked against

Answer

an extended electronic signature based on a qualified certificate has been logically associated to the document

Question 15

15/30

User access management controls do not include:

Secure operating system log-on procedures

Answer

Formal user registration and de-registration procedure

Answer

Formal password management process

Question 16

16/30

A certificate provider is not liable when:

The signatory loses control of the signature creation data, but does not notify the provider

Answer

The information contained in the certificate was not accurate when it was emitted

Answer

Personal data collected in order to emit the certificate was shared with third parties for commercial purposes

Question 17

17/30

Is there a difference between the notion of electronic signature and the notion of digital signature?

Only in the US

Answer

Only in the EU

Answer

Both in the US and the EU

Question 18

18/30

In the plan phase of the PDCA:

the scope of the system is defined

Answer

security controls are implemented

Answer

corrective actions are implemented in response to security incidents

Question 19

19/30

Why is it useful for a document to have “certain date”?

in order to be able to invoke the document versus persons that were not parties to it

Answer

in order to be able to invoke the document versus persons that were parties to it

Answer

in order for the document to have any effect

Question 20

20/30

Certificates must be revoked except when:

a court of law has instructed that the certificate be suspended

Answer

the signatory has been put under legal interdiction

Answer

the revocation has been requested by the signatory

Question 21

21/30

Controls against mobile code would cover:

an employee connecting from home to the company network

Answer

an employee using a dound usb stick

Answer

a vulnerabilty in a network application

Question 22

22/30

The importance of the European regulation of the electronic signature does not stem from:

claims for damages from private parties for lack of implementation

Answer

the doctrine of direct effect

Answer

the doctrine of consistent interpretation

Answer

claims for damages from the state for lack of implementation

Question 23

23/30

What value do advanced electronic signatures based of qualified certificates have in front of a national court of law?

they can only be used as proof if the signature generation device was approved

Answer

they can always be used as proof

Answer

the can only be used as proof if the party to which they are opposed recognizes them

Question 24

24/30

Prior to employment

background checks are conducted

Answer

assets are returned

Answer

a disciplinary process is defined for future employees

Question 25

25/30

Controls for equipment security do not include

Software security

Answer

Hardware placing

Answer

Cabling security

Answer

Hardware maintenance

Question 26

26/30

Concerning risks an ISMS:

can accept some risks, as long as their impact has been evaluated

Answer

must eliminate all identified risks

Answer

can ignore risks, without evaluating their impact

Question 27

27/30

An information security incident is:

a series of events that has significant probability of compromising business operations

Answer

any security relevant change in the system

Answer

any failure in applying defined procedures

Question 28

28/30

Can the supplier avoid liability if the information contained in the certificate were incorrect?

always

only if it had no reasonable way of finding out about this circumstance

Answer

if it could reasonably find out about this circumstance but did nor

Question 29

29/30

The freedom of circulation of electronic signature services does not refer to:

certificates issued in Romania are recognized by defalut in the United States

Answer

states can only create voluntary accreditation schemes for providers

Answer

qualified certificates issued in Romania are recognized by default in France

Question 30

30/30

Operating access controls do not include:

Controlled access to diagnostic ports on devices

Answer

Controlling the use of system utilities

Answer

Session time-out for prolonged periods of inactivity