phase to determine what information is responsive to the request
                    and remove any information protected by attorney-client privilege.

              18.  D. Ethics are simply rules of personal behavior. Many professional

                    organizations establish formal codes of ethics to govern their
                    members, but ethics are personal rules individuals use to guide
                    their lives.

                                                               2
               19.  B. The second canon of the (ISC)  Code of Ethics states how a
                    CISSP should act, which is honorably, honestly, justly, responsibly,

                    and legally.

              20.  B. RFC 1087 does not specifically address the statements in A, C, or
                    D. Although each type of activity listed is unacceptable, only
                    “actions that compromise the privacy of users” are explicitly
                    identified in RFC 1087.