IT Laws plm it laws, ethic, regulations, gura ma-sii, bla bla, cacat, test, grile, sa le invatam florinmatei.fm published on February 12, 2016 Stacked 1/30 Certificates must be revoked except when: a court of law has instructed that the certificate be suspended the signatory has been put under legal interdiction the revocation has been requested by the signatory 2/30 Controls for human resources risks after the termination of employment do not include Returning of all assets Clearly defined termination responsibilities Removal of access rights Information security awareness training 3/30 User access management controls do not include: Formal user registration and de-registration procedure Formal password management process Secure operating system log-on procedures 4/30 In the plan phase of the PDCA: the scope of the system is defined security controls are implemented corrective actions are implemented in response to security incidents 5/30 Which of the following is not a principle of ISO 27001 Constructing a perfect ISMS before implementation Continuous improvement Monitoring and auditing Defining policies and objectives 6/30 The freedom of circulation of electronic signature services does not refer to: states can only create voluntary accreditation schemes for providers qualified certificates issued in Romania are recognized by default in France certificates issued in Romania are recognized by defalut in the United States 7/30 Why is it useful for a document to have “certain date”? in order to be able to invoke the document versus persons that were not parties to it in order to be able to invoke the document versus persons that were parties to it in order for the document to have any effect 8/30 Who bears the burden of proof for the fact that the conditions for the extended electronic signature have been met? the person invoking the electronic signature the person against which the electronic signature has been invoked the court of law 9/30 Can the signatory use a pseudonym? yes, in all electronic documents yes, but not in electronic documents signed in front of an electronic notary public no, the a real name must always be used 10/30 In the act phase of the PDCA: Corrective actions are taken to address potential security events Preventive actions are taken to address potential security events Preventive actions are taken to address existing security events 11/30 The 4 PDCA phases are: Plan, Do, Check, Act Plan, Do, Correct, Act Plan, Do, Check, Audit 12/30 A certificate provider is not liable when: The information contained in the certificate was not accurate when it was emitted The signatory loses control of the signature creation data, but does not notify the provider Personal data collected in order to emit the certificate was shared with third parties for commercial purposes 13/30 A timestamp provider is not liable when: the response time is predictable and documents can be registered in another order than that in which they were received the response time is predictable and documents cannot be registered in another order than that in which they were received the response time is short and documents can be registered in another order than that in which they were received 14/30 Is there a difference between the notion of electronic signature and the notion of digital signature? Only in the US Only in the EU Both in the US and the EU 15/30 Prior to employment assets are returned background checks are conducted a disciplinary process is defined for future employees 16/30 Controls for equipment security do not include Hardware placing Cabling security Hardware maintenance Software security 17/30 An electronic document has certain date since: time data was associated to it the signatory has died since it was added to the signatory's document management system 18/30 The importance of the European regulation of the electronic signature does not stem from: the doctrine of direct effect the doctrine of consistent interpretation claims for damages from the state for lack of implementation claims for damages from private parties for lack of implementation 19/30 Controls against mobile code would cover: an employee using a dound usb stick a vulnerabilty in a network application an employee connecting from home to the company network 20/30 Operating access controls do not include: Controlling the use of system utilities Session time-out for prolonged periods of inactivity Controlled access to diagnostic ports on devices 21/30 The Do stage does not cover Drafting an asset inventory Implementation of policies Implementation of procedures Monitoring ISMS performance 22/30 Can the supplier avoid liability if the information contained in the certificate were incorrect? always only if it had no reasonable way of finding out about this circumstance if it could reasonably find out about this circumstance but did nor 23/30 In order to provide certification services one must: be authorized by the regulating authority notify the regulating authority none of the above 24/30 Network access control must cover Clean desk policy User registration Routing control Use of system utilities 25/30 Which of the following is not a component of an ISMS The organizational structure A production database A procedure for the treatment of a risk A list of security responsibilities 26/30 An information security incident is: any security relevant change in the system any failure in applying defined procedures a series of events that has significant probability of compromising business operations 27/30 Which of the following is false: a certificate must be suspended when instructed by the decision of a court of law a certificate must be suspended when the signatory has died a certificate must be revoked when the signature creation data are no longer confidential 28/30 What value do advanced electronic signatures based of qualified certificates have in front of a national court of law? they can always be used as proof the can only be used as proof if the party to which they are opposed recognizes them they can only be used as proof if the signature generation device was approved 29/30 Concerning risks an ISMS: must eliminate all identified risks can accept some risks, as long as their impact has been evaluated can ignore risks, without evaluating their impact 30/30 An electronic document has authentic value when: an electronic signature has been logically associated to the document and it is recognized by the party it is invoked against an electronic signature has been logically associated to the document and it is not recognized by the party it is invoked against an extended electronic signature based on a qualified certificate has been logically associated to the document