-
web.groovymark@gmail.com
- November 19, 2024
Question 21
A government agency asks a company to develop software with specific criteria. Flaws are discovered during testing, but the company proceeds with implementation as per the contract. What should the company do to avoid a strict liability lawsuit?
- a) Hire an external auditor
- b) Develop software in-house
- c) Advise the client of the defects
- d) Correct the flaws post-implementation
Correct Answer: c) Advise the client of the defects
Explanation: To avoid liability, the company must disclose any defects to the client before proceeding. Continuing without informing the client could lead to a strict liability lawsuit, regardless of fault.
Question 22
What is the primary argument against overly restrictive copyright laws?
- a) They decrease technological innovation
- b) They stifle creativity
- c) They benefit large corporations
- d) They increase software piracy
Correct Answer: b) They stifle creativity
Explanation: Overly restrictive copyright laws can limit creativity by preventing individuals from building upon existing works. The focus is less on technological innovation or corporate benefits and more on restricting creative freedoms.
Question 23
What does a victim have to prove to win a strict liability case against a software company?
- a) The software was defective
- b) The company was negligent
- c) The software was hacked
- d) The company violated the contract
Correct Answer: a) The software was defective
Explanation: In strict liability cases, the plaintiff does not need to prove negligence. Instead, they must demonstrate that the software was defective and that this defect caused harm.
Question 24
Which type of attack is commonly used to obtain personal information about consumers in e-commerce scenarios?
- a) Phishing
- b) Denial-of-service (DoS)
- c) SQL injection
- d) Man-in-the-middle
Correct Answer: a) Phishing
Explanation: Phishing attacks are frequently used to deceive consumers into disclosing personal information in e-commerce environments by pretending to be legitimate entities.
Question 25
What are the consequences of more lenient bring-your-own-device (BYOD) policies for IT?
- a) Decreased employee satisfaction
- b) Increased productivity and vulnerability to breaches
- c) Reduced security measures
- d) Increased IT workload
Correct Answer: b) Increased productivity and vulnerability to breaches
Explanation: BYOD policies can boost productivity as employees use familiar devices, but they also introduce security vulnerabilities, as personal devices may lack the security controls implemented on corporate devices.
Question 26
Which law was passed to protect customers’ financial information from unauthorized federal access?
- a) Right to Financial Privacy Act
- b) Fair Credit Reporting Act
- c) Freedom of Information Act
- d) Foreign Corrupt Practices Act
Correct Answer: a) Right to Financial Privacy Act
Explanation: The Right to Financial Privacy Act protects customers' records from being accessed by federal agencies without proper authorization, ensuring privacy for personal financial information.
Question 27
What is the goal of implementing CIA security measures at the organizational, network, application, and end-user levels?
- a) Improve productivity
- b) Ensure business continuity
- c) Increase profitability
- d) Reduce employee turnover
Correct Answer: b) Ensure business continuity
Explanation: CIA (Confidentiality, Integrity, Availability) measures aim to protect sensitive data, maintain data accuracy, and ensure systems are operational. This supports business continuity by minimizing disruptions.
Question 28
A healthcare company plans to adopt an artificial intelligence (AI) solution to identify which doctors and drugs provide the best value. What should the data scientist provide to ensure the AI makes accurate recommendations?
- a) Patient demographics
- b) Personal health records (PHR)
- c) Electronic health records (EHR)
- d) Insurance claims
Correct Answer: c) Electronic health records (EHR)
Explanation: EHRs contain comprehensive patient medical histories, which are essential for making accurate recommendations in healthcare AI systems. PHRs and insurance claims provide less detailed information.
Question 29
A car manufacturer allows customers to disengage the automatic braking system, which could cause accidents. What should the company do to address the ethical issue?
- a) Include a disclaimer in the owner’s manual
- b) Conduct a recall
- c) Display a warning when the brakes are disengaged
- d) Replace the braking system
Correct Answer: c) Display a warning when the brakes are disengaged
Explanation: To ensure customers are aware of the risks, the manufacturer should display a clear warning when the automatic braking system is disengaged. This transparency helps mitigate liability and ethical concerns.
Question 30
A company’s product fails to meet the terms of its warranty, leading to customer dissatisfaction. Which legal issue could this situation lead to?
- a) Fraud
- b) Breach of contract
- c) Breach of warranty
- d) Misrepresentation
Correct Answer: c) Breach of warranty
Explanation: A breach of warranty occurs when a product does not meet the standards outlined in its warranty. Customers may seek remedies or compensation for the failure.
Question 31
A software development company hires a new developer who previously worked for a competitor. What ethical issue should the company be concerned about?
- a) Misrepresentation
- b) Intellectual property theft
- c) Conflict of interest
- d) Breach of confidentiality
Correct Answer: d) Breach of confidentiality
Explanation: The new hire may have access to confidential information from their previous employer. The company should ensure no confidential information is disclosed or used unethically.
Question 32
Which technique is commonly used to develop International Organization for Standardization (ISO) 9000-compliant systems?
- a) Root cause analysis
- b) Failure mode and effects analysis (FMEA)
- c) Reverse engineering
- d) Agile development
Correct Answer: b) Failure mode and effects analysis (FMEA)
Explanation: FMEA is a widely used technique for developing ISO 9000-compliant systems by identifying potential failure modes and their effects to ensure quality and reliability.
Question 33
Which scenario might create a conflict of interest between IT workers and clients?
- a) IT workers providing security services to clients
- b) IT workers using company software for personal projects
- c) IT workers auditing their own company’s security systems
- d) IT workers conducting audits and recommending their own remediation services
Correct Answer: d) IT workers conducting audits and recommending their own remediation services
Explanation: A conflict of interest arises when IT workers provide both audit services and recommend solutions, as they could financially benefit from their recommendations.
Question 34
What is the primary threat associated with doxing?
- a) Unauthorized disclosure of personally identifiable information (PII)
- b) Loss of intellectual property
- c) System vulnerabilities
- d) Identity theft
Correct Answer: a) Unauthorized disclosure of personally identifiable information (PII)
Explanation: Doxing involves gathering and disclosing personal information without consent, which can lead to harassment, privacy invasion, and other risks.
Question 35
A manager directs an employee to use their company card to buy gifts for potential clients. The employee is concerned about the ethical implications of bribery. What ethical theory supports the employee’s concern?
- a) Utilitarianism
- b) Deontology
- c) Relativism
- d) Virtue ethics
Correct Answer: b) Deontology
Explanation: Deontology emphasizes following moral duties and rules. The employee's concern about bribery reflects a belief in adhering to ethical guidelines, regardless of cultural norms.
Question 36
Which two certifications should an IT professional obtain to ensure proper handling of cyberattack evidence for court admissibility?
- a) Certified Computer Examiner, EnCase Certified Examiner
- b) Certified Ethical Hacker, CISSP
- c) CompTIA A+, Network+
- d) Certified Information Security Manager, Certified Data Privacy Solutions Engineer
Correct Answer: a) Certified Computer Examiner, EnCase Certified Examiner
Explanation: These certifications are recognized for ensuring the proper collection and handling of digital evidence, making it admissible in court.
Question 37
Which factor does deontology use to evaluate the morality of human actions?
- a) Duty
- b) Outcome
- c) Intent
- d) Impact
Correct Answer: a) Duty
Explanation: Deontology is based on the principle of duty, meaning actions are judged morally right or wrong based on whether they adhere to ethical rules or obligations, not on their outcomes.
Question 38
A developer creates video games depicting real war scenarios that involve excessive violence. The developer is concerned about the impact on players’ moral character. Which ethical theory does this situation represent?
- a) Virtue ethics
- b) Utilitarianism
- c) Deontology
- d) Relativism
Correct Answer: a) Virtue ethics
Explanation: Virtue ethics focuses on moral character and the development of virtuous habits. The developer's concern reflects an ethical perspective focused on the potential impact on players’ character.
Question 39
Which of the following are components of information privacy? (Select all that apply.)
- a) Communication privacy
- b) Data privacy
- c) System privacy
- d) Hardware privacy
Correct Answer: a) Communication privacy, b) Data privacy
Explanation: Information privacy is concerned with protecting both communication privacy (the confidentiality of personal interactions) and data privacy (the protection of personal data from unauthorized access).
Question 40
What is the primary threat associated with the use of stalking apps?
- a) Decreased bandwidth usage
- b) Increased data accuracy
- c) Invasion of privacy
- d) Improved system efficiency
Correct Answer: c) Invasion of privacy
Explanation: Stalking apps are a severe privacy concern as they allow unauthorized access to an individual's private information, often without their knowledge or consent.
