Page 1564 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1564
Chapter 19: Investigations and Ethics
1. C. A crime is any violation of a law or regulation. The violation
stipulation defines the action as a crime. It is a computer crime if
the violation involves a computer either as the target or as a tool.
2. B. A military and intelligence attack is targeted at the classified
data that resides on the system. To the attacker, the value of the
information justifies the risk associated with such an attack. The
information extracted from this type of attack is often used to plan
subsequent attacks.
3. A. Confidential information that is not related to the military or
intelligence agencies is the target of business attacks. The ultimate
goal could be destruction, alteration, or disclosure of confidential
information.
4. B. A financial attack focuses primarily on obtaining services and
funds illegally.
5. B. A terrorist attack is launched to interfere with a way of life by
creating an atmosphere of fear. A computer terrorist attack can
reach this goal by reducing the ability to respond to a simultaneous
physical attack.
6. D. Any action that can harm a person or organization, either
directly or through embarrassment, would be a valid goal of a
grudge attack. The purpose of such an attack is to “get back” at
someone.
7. A, C. Thrill attacks have no reward other than providing a boost to
pride and ego. The thrill of launching the attack comes from the act
of participating in the attack (and not getting caught).
8. C. Although the other options have some merit in individual cases,
the most important rule is to never modify, or taint, evidence. If
you modify evidence, it becomes inadmissible in court.
9. D. The most compelling reason for not removing power from a
