IT Laws plm it laws, ethic, regulations, gura ma-sii, bla bla, cacat, test, grile, sa le invatam florinmatei.fm published on February 12, 20160 responses 0 « Previous Next » Questions in vertical order 1/30 Which of the following is not a principle of ISO 27001 Constructing a perfect ISMS before implementation Continuous improvement Monitoring and auditing Defining policies and objectives 2/30 An information security incident is: any security relevant change in the system any failure in applying defined procedures a series of events that has significant probability of compromising business operations 3/30 Controls against mobile code would cover: an employee using a dound usb stick a vulnerabilty in a network application an employee connecting from home to the company network 4/30 The Do stage does not cover Drafting an asset inventory Implementation of policies Implementation of procedures Monitoring ISMS performance 5/30 Network access control must cover Clean desk policy User registration Routing control Use of system utilities 6/30 Who bears the burden of proof for the fact that the conditions for the extended electronic signature have been met? the person invoking the electronic signature the person against which the electronic signature has been invoked the court of law 7/30 Controls for human resources risks after the termination of employment do not include Returning of all assets Clearly defined termination responsibilities Removal of access rights Information security awareness training 8/30 Controls for equipment security do not include Hardware placing Cabling security Hardware maintenance Software security 9/30 In the plan phase of the PDCA: the scope of the system is defined security controls are implemented corrective actions are implemented in response to security incidents 10/30 An electronic document has certain date since: time data was associated to it the signatory has died since it was added to the signatory's document management system 11/30 Is there a difference between the notion of electronic signature and the notion of digital signature? Only in the US Only in the EU Both in the US and the EU 12/30 The importance of the European regulation of the electronic signature does not stem from: the doctrine of direct effect the doctrine of consistent interpretation claims for damages from the state for lack of implementation claims for damages from private parties for lack of implementation 13/30 A certificate provider is not liable when: The information contained in the certificate was not accurate when it was emitted The signatory loses control of the signature creation data, but does not notify the provider Personal data collected in order to emit the certificate was shared with third parties for commercial purposes 14/30 The freedom of circulation of electronic signature services does not refer to: states can only create voluntary accreditation schemes for providers qualified certificates issued in Romania are recognized by default in France certificates issued in Romania are recognized by defalut in the United States 15/30 A timestamp provider is not liable when: the response time is predictable and documents can be registered in another order than that in which they were received the response time is predictable and documents cannot be registered in another order than that in which they were received the response time is short and documents can be registered in another order than that in which they were received 16/30 User access management controls do not include: Formal user registration and de-registration procedure Formal password management process Secure operating system log-on procedures 17/30 Operating access controls do not include: Controlling the use of system utilities Session time-out for prolonged periods of inactivity Controlled access to diagnostic ports on devices 18/30 Can the supplier avoid liability if the information contained in the certificate were incorrect? always only if it had no reasonable way of finding out about this circumstance if it could reasonably find out about this circumstance but did nor 19/30 Can the signatory use a pseudonym? yes, in all electronic documents yes, but not in electronic documents signed in front of an electronic notary public no, the a real name must always be used 20/30 Which of the following is false: a certificate must be suspended when instructed by the decision of a court of law a certificate must be suspended when the signatory has died a certificate must be revoked when the signature creation data are no longer confidential 21/30 What value do advanced electronic signatures based of qualified certificates have in front of a national court of law? they can always be used as proof the can only be used as proof if the party to which they are opposed recognizes them they can only be used as proof if the signature generation device was approved 22/30 In the act phase of the PDCA: Corrective actions are taken to address potential security events Preventive actions are taken to address potential security events Preventive actions are taken to address existing security events 23/30 Which of the following is not a component of an ISMS The organizational structure A production database A procedure for the treatment of a risk A list of security responsibilities 24/30 In order to provide certification services one must: be authorized by the regulating authority notify the regulating authority none of the above 25/30 An electronic document has authentic value when: an electronic signature has been logically associated to the document and it is recognized by the party it is invoked against an electronic signature has been logically associated to the document and it is not recognized by the party it is invoked against an extended electronic signature based on a qualified certificate has been logically associated to the document 26/30 Why is it useful for a document to have “certain date”? in order to be able to invoke the document versus persons that were not parties to it in order to be able to invoke the document versus persons that were parties to it in order for the document to have any effect 27/30 Concerning risks an ISMS: must eliminate all identified risks can accept some risks, as long as their impact has been evaluated can ignore risks, without evaluating their impact 28/30 Prior to employment assets are returned background checks are conducted a disciplinary process is defined for future employees 29/30 The 4 PDCA phases are: Plan, Do, Check, Act Plan, Do, Correct, Act Plan, Do, Check, Audit 30/30 Certificates must be revoked except when: a court of law has instructed that the certificate be suspended the signatory has been put under legal interdiction the revocation has been requested by the signatory