[FINALS] CST LAWS FA1

The GDPR came into effect in which decade?

2010s

2000s

1990s

1980s

2010s

Which U.S. law addresses protection of patient health information?

• Homeland Security Act

• CFAA

• HIPAA

• GLBA

HIPAA

A data breach occurs when:

• A company issues a privacy notice

• Confidential or protected data is accessed without authorization

• A new software patch is applied

• A user updates their password

Confidential or protected data is accessed without authorization

What does “jurisdiction” mean in data privacy?

• Rights to own property

• Legal authority over geographical area or data transfers

• Permission to use software

• Ability to issue patents

Legal authority over geographical area or data transfers

Which regulation governs personal health information in the healthcare sector?

• SOX

• HIPAA

• PCI DSS

• CFAA

HIPAA

Which decade saw the first wave of cybersecurity legislation?

• 1960s

• 1970s

• 2010s

• 1980s–1990s

1980s–1990s

Which type of law punishes online fraud and identity theft?

• Cybercrime law

• Environmental law

• Maritime law

• Tax law

Cybercrime law

The principle of “data retention” requires:

• Storing data only as long as legally or operationally needed

• Keeping data forever

• Destroying data instantly

• Collecting data without limits

Storing data only as long as legally or operationally needed

Which of the following is an example of personal data?

• Daily weather

• Movie ratings

• Phone number

• GDP growth

Phone number

Which law enforces mandatory breach notifications within 72 hours?

• GDPR

• HIPAA

• CFAA

• GLBA

GDPR

What does DPIA stand for?

• Data Privacy International Agreement

• Digital Property Infrastructure Agreement

• Digital Privacy Identification Act

• Data Protection Impact Assessment

Data Protection Impact Assessment

Which principle ensures that personal data is processed fairly and lawfully?

• Availability

• Transparency and legitimate purpose

• Encryption

• Confidentiality

Transparency and legitimate purpose

Which of the following is an example of accountability in practice?

• Ignoring data subject requests

• Collecting data without consent

• Appointing a Data Protection Officer and keeping compliance records

• Sharing personal data freely

Appointing a Data Protection Officer and keeping compliance records

A hospital encrypts patient data but lets all employees access it without logging. This complies with confidentiality.

• False

• True

False

A company transfers EU customer data to another country with no equivalent privacy law, without safeguards. This complies with GDPR.

• True

• False

False

A school posts student grades on a public website without consent. This complies with privacy law.

• False

• True

False

Which practices comply with data protection principles?

• Encrypting sensitive data

• Obtaining informed consent

• Implementing retention limits

• Selling personal data secretly

Encrypting sensitive data

Obtaining informed consent

Implementing retention limits

Which are major challenges in enforcing cybersecurity laws?

• Rapidly evolving technologies

• Stable international agreements

• Cross-border jurisdiction conflicts

• Sophisticated cybercrime techniques

• Rapidly evolving technologies

• Cross-border jurisdiction conflicts

• Sophisticated cybercrime techniques

Which are critical elements of national cybersecurity strategies?

• Public awareness campaigns

• Promoting piracy

• Protecting critical infrastructure

• Enforcing incident reporting

• Public awareness campaigns

• Protecting critical infrastructure

• Enforcing incident reporting

Which of the following is NOT part of the CIA Triad?

• Transparency

• Availability

• Confidentiality

• Integrity

• Transparency

The U.S. Computer Fraud and Abuse Act (CFAA) of 1986 primarily addressed:

• Medical research ethics

• International tariffs

• Computer crimes

• Intellectual property licensing

• Computer crimes

Which U.S. Act of 2002 included provisions for critical infrastructure protection?

• SOX

• GLBA

• Homeland Security Act

• CFAA

• Homeland Security Act

Which concept involves notifying individuals and authorities after a breach?

• Data retention

• Breach notification requirement

• Encryption

• Consent

• Breach notification requirement

Which principle emphasizes giving individuals control over their data?

• Jurisdiction

• Consent

• Availability

• Integrity

• Consent

A company processes personal data of EU citizens without GDPR compliance. This is lawful.

False

True

False

An employee leaks client data via personal email. The company later updates policies. The leak still violates privacy law.

• True

• False

True

A hospital shares pseudonymized patient data for research with safeguards. This generally complies with privacy law.

• True

• False

• True

Which are examples of cybercrime?

• Password resetting

• Identity theft

• Hacking

• Malware distribution

• Identity theft

• Hacking

• Malware distribution

Which are key rights of data subjects under privacy laws?

• Right to access

• Right to rectification

• Right to erasure (forgotten)

• Right to free healthcare

• Right to access

• Right to rectification

• Right to erasure (forgotten)

Which are responsibilities of a Data Protection Officer (DPO)?

• Monitoring processing activities

• Selling personal data

• Advising on compliance

• Serving as contact point for authorities

• Monitoring processing activities

• Advising on compliance

• Serving as contact point for authorities

Which are benefits of international harmonization of cybersecurity laws?

• Easier compliance for global businesses

• Facilitation of trade

• Increased local isolation

• Consistent data protection standards

• Easier compliance for global businesses

• Facilitation of trade

• Consistent data protection standards

What does “consent” mean in privacy law?

• License renewal

• Judicial authorization

• Internal company approval

• Individual permission before data collection or processing

• Individual permission before data collection or processing

Which of the following best defines “cybersecurity”?

• Controlling food safety

• Managing physical assets

• Regulating water systems

• Protecting systems, networks, and data from digital attacks

Protecting systems, networks, and data from digital attacks

Which country passed the CFAA?

• Japan

• United States

• Philippines

• Germany

United States

Which U.S. law was passed after 9/11 to strengthen homeland defense?

• CFAA

• Homeland Security Act

• GLBA

• HIPAA

Homeland Security Act

Which is a challenge in cross-border data transfer?

• Different privacy jurisdictions

• Encryption being illegal

• Data never leaving one country

• Same security levels worldwide

• Different privacy jurisdictions

Which regulation aims to harmonize cybersecurity across EU nations?

• CFAA

• PCI DSS

• HIPAA

• NIS Directive

• NIS Directive

Why are privacy laws crucial in the digital age?

• Because personal data is a valuable commodity and misuse is a risk

• To encourage sports

• To promote tourism

• To reduce industrial pollution

• Because personal data is a valuable commodity and misuse is a risk

An online service allows users to download their stored personal data upon request. This is a privacy right.

• False

• True

• True

Which are recognized sensitive data categories?

• Political opinions

• Biometric identifiers

• Medical information

• Daily stock market prices

• Biometric identifiers

• Medical information

Which are examples of encryption use in compliance?

• Protecting stored medical records

• Publishing personal info openly

• Securing online payment transactions

• Protecting communications with

• SSL/TLS

Which law governs EU member states’ network and information security?

• HIPAA

• CFAA

• NIS Directive

• PCI DSS