Professional Skills & Issues (H)
1. Companies naturally want to use their trade marks in their domain names. Which of the following statements is
false
?
Cyber squatting is not an offence.
It is possible for two companies in different countries to hold identical trade marks, but domain names are globally unique.
Domain names are allocated strictly on a first-come first-served basis, and can never be reallocated.
Domain names are allocated only for limited periods of time.
2. In United States law, unsolicited email is considered lawful in which of the following scenarios?
the sender is a registered charity.
the recipient has been offered compensation for receiving unsolicited email.
the recipient has not asked the sender to stop.
unsolicited email contains no abusive or offensive language.
3. A software supplier can legitimately include, in its terms and conditions, a clause that limits its liability in case of:
the software causing financial loss to the buyer
the software causing death or injury to the buyer
the software causing death or injury to a third party.
the software being unfit for purpose
4. The (UK) Data Protection Act 1998 introduced changes to data protection laws in the United Kingdom. What significant change did the act introduce?
religious views were reclassified as personal data.
personal data should not be transferred outside the European Economic Area (EEA), unless guaranteed adequate protection.
personal data should not be transferred outside the United Kingdom, unless guaranteed adequate protection.
personal data could be repurposed for other uses, in specific cases.
5. In UK law, when is processing sensitive data lawful?
when the data subject has not stated they would not grant consent.
when the data subject grants explicit consent.
when explicit consent is sought from the data subject.
when the data subject is a UK citizen and is at least 15 years old.
6. Suppose that a university hosts its students’ personal web pages. A student posts a defamatory article on his web page, and the defamed person complains to the university. What if anything should the university do to comply with the law??
require the student to remove the article
close the student’s web page permanently.
ask the student to remove the article
take no action
7. In the UK, if a person deliberately obtains unauthorised access to personal data stored on a computer, but makes no use of that data:
he/she can be prosecuted under the Computer Misuse Act
he/she can be prosecuted under the Data Protection Act
he/she can be prosecuted under the Freedom of Information Act
he/she cannot be prosecuted.
8. In the UK, computer fraud is covered by existing anti-fraud laws. Which of the following statements is
false
?
E-commerce increases opportunities for fraud.
Computer fraud is easier to detect than older forms of fraud.
ATMs increase opportunities for fraud.
A computer fraud trial requires specialist witnesses.
9. The contract for the development of a bespoke software system always includes the requirements for that system. Which one of the following is the most suitable way to do this?
The contract specifies the requirements, but allows the client to make a limited number of changes in return for an additional charge.
The contract specifies the requirements, but allows the client to negotiate with the developers to make a limited number of changes.
The contract specifies the requirements precisely, with no allowance for change.
The contract specifies the requirements, but allows the client freely to make a limited number of changes.
10. The (UK) Data Protection Act 1998 grants certain rights to every data subject. Which one of the following rights is
not
granted to a data subject?
the right to know whether his/her personal data has been disclosed to any other person or organisation.
the right to see his/her children’s personal data
the right to see his/her personal data
the right to have any inaccurate personal data corrected or deleted
11. Intellectual property is:
property that cannot be stolen.
property owned by an intelligent person
property created by an intelligent person
intangible property
12. In UK law, what is the basic principle of freedom of information?
that the information held by public bodies and private companies should always be available to the public.
that the information held by public bodies and private companies should be available to the public with certain exceptions.
that the information held by public bodies should always be available to the public.
that the information held by public bodies should be available to the public with certain exceptions.
13. Suppose that a business provides space for its employees’ personal web pages, and suppose that one employee uses this space to post an article that is alleged to be defamatory. In European law, which of the following statements is most accurate?
The business cannot be sued as long as it removes the article promptly.
The business can be sued on the grounds that it employs the author of the article.
The business can be sued on the grounds that it hosts the article.
The business cannot be sued if it believes that the article is actually not defamatory.
14. In which one of the following circumstances does a company own the rights to a software product?
The author is an employee working in the company’s time.
The author is a freelance programmer working for the company (under a contract that does not specifically address copyright).
The author is an employee working in his/her own time.
The author is an independent contractor working for the company (under a contract that does not specifically address copyright).
15. The (US) Computer Fraud and Abuse Act 1986 was enacted to combat misuse. What are the limits of penalties for first offences?
5 years in prison.
20 years in prison.
10 years in prison.
1 year in prison.
16. The (UK) Data Protection Act 1998 defines various terms. Which of the following accurately describes the role of the data controller?
the person who processes personal data within an organisation.
the person who determines how or why personal data is processed.
the person that the data refers to.
the person who has access to personal data within an organisation.
17. Gary McKinnon (a UK citizen) openly admitted unauthorised access to US Department of Defense computers, but he was never brought to trial. Which one of the following statements is
false
?
He was attempting to find information on UFOs suppressed by the US government.
A UK citizen suspected of unauthorised access to a computer in another country cannot be tried either in the UK or in the other country.
He suffered from Asperger’s Syndrome.
He claimed no malicious intent.
18. In terms of bespoke software development to what type of code does copyright apply?
standard library code.
code generated specifically for the customer.
boiler-platecode.
open-source code.
19. Which of the following is
not
covered by copyright law?
the business logic of an airline booking system.
a smartphone’s user interface
a game-playing program that you wrote in your spare time
a large-scale geographic database
20. In UK law, under what circumstances may it be permitted for employees to override an obligation of confidence?
expose lawful business practices in the public interest.
expose excessive earnings in the public interest.
expose failure to comply with legal obligations in the public interest.
expose private conversations with customers in the public interest.
21. In UK law, what may
not
be permitted for license holders under the Copyright, Design and Patents Act 1988 (CDPA)?
installing a program on multiple machines.
making one backup copy of a program.
decompiling a program to fix bugs.
decompiling a program to understand how to write another program to inter-operate with it.
22. An application program downloaded from the Internet has no packaging on which its trade mark could be displayed. Which is the best way to get round this problem?
The application displays its trademark briefly when it is launched.
The supplier’s download page displays the trade mark.
The application’s desktop icon is its trade mark.
The application displays its trademark continuously when it is running.
23. The (UK) Data Protection Act 1998 defines sensitive personal data. Which of the following is
not
classified as sensitive personal data?
age
criminal record
religious beliefs
ethnic origin.
24. The (UK) Draft Investigatory Powers Bill would require communications service providers to:
keep communications data indefinitely
inform the police immediately of any suspicious communications
keep communications data for a limited time
delete communications with unlawful content.
25. In UK law, which of the following is usually
not
an offence under the Computer Misuse Act 1990 (CMA)?
accessing pornography on work-place devices.
intentionally spreading a virus or worm
stealing sensitive personal data (e.g., for publication or blackmail)
stealing commercially sensitive data
26. In European law, unsolicited e-mail is considered unlawful in which of the following scenarios?
the sender does not share the email address of the recipient with government organisations.
the sender has concealed their email address.
the sender has made it clear where they obtained the email address of the recipient.
the sender has attached images to the email.
27. In EU law, when is unsolicited email considered lawful?
when prior consent has been sought.
when the email address of the sender is not visible.
when prior consent has been obtained.
when the email address of the receiver is not visible.
28. In UK law, under what circumstances may whistle blowers
not
be protected under the Public Interest Disclosure Act 1998 (PIDA)?
when they approach the media, prior to the employer.
when they expose failure of employer to comply with legal obligations.
when they expose dangers to health and safety caused by employer.
when they expose environmental damage caused by employer.
29. In European law, an Internet service provider (ISP) could be considered a mere conduit in which of the following circumstances?
they temporarily store downloaded data, to speed up future downloading of the same data.
they store downloaded data for no more than 12 weeks, to speed up future downloading of the same data.
they permanently store data uploaded by the customer.
they only transmit data up/downloaded by the customer.
30. In UK law, which of the following is not an offence under the Computer Misuse Act (CMA) 1990?
unauthorised modification of a company’s or individual’s web pages
accidentally spreading a virus or worm
stealing commercially sensitive data
disrupting operations of an organisation that is unlawfully harming the environment.
31. Which one of the following statements is most accurate about European law on software patents?
Software is specifically excluded by the European Patent Convention.
Software can be patented in order to encourage innovative software development.
Software cannot be patented because in practice small software developers cannot afford to defend their patents against large competitors.
Software cannot be patented because there is no clear basis for defining what is inventive.
32. What is considered cyber-squatting?
registering a trademark as your domain name and refusing to sell it to another individual at any price.
duplicating a website and hosting under another domain name.
maliciously redirecting individuals to another domain name.
registering a trade mark as your own domain name and selling it to the trade mark owner at an inflated price.
33. The (UK) Freedom of Information Act 2000 gives every citizen the right to request information from certain organisations. Which of the following is
not
covered by the Act?
the salary and expenses paid to a university’s senior management
policy advice given by civil servants to a government minister
a private-sector energy company’s plans to drill for shale oil.
NHS policy on funding treatment for a particular disease
34. In terms of bespoke software development, what responsibility does a customer have in a contract-hire contract?
ensuring the correct competences of supplied staff.
management of supplied staff.
private healthcare for all supplied staff.
any associated legal cost of supplied staff.
35. In EU law, an Internet service provider (ISP) in the UK is
not
liable for damages or criminal sanctions when transmitting data, under what circumstances?
the ISP uses caching to speed up downloading of future data by temporarily storing downloaded data.
the ISP only transmits data to systems outside the UK.
the ISP acts as a mere conduit and simply transmits data up/downloaded by the customer.
the ISP hosts data by permanently storing data uploaded by its customers.
36. Nearly every country has laws restricting pornography, but what is legal varies enormously. Suppose that a pornographer based in country X has a website whose content is lawful in country X, but the website is frequently accessed by people in country Y where its content is unlawful. Which one of the following statements is
true
?
The pornographer could be extradited from country X and then prosecuted in country Y.
The pornographer could be arrested and prosecuted if he visits country Y.
The pornographer is completely immune from prosecution.
The pornographer could be prosecuted in country X for violating another country’s laws.
37. What is the primary purpose of the Internet Watch Foundation (IWF)?
offers legal advice to parents in the UK seeking damages against Internet service providers.
defends UK corporations from legal action regarding Internet content.
minimise the availability of potentially unlawful content on the Internet.
dictates UK government policy on inoffensive Internet content.
38. The (UK) Data Protection Act 1998 requires explicit consent for use of sensitive personal data. Suppose that an on-line service requires users to register, entering personal data including some data that is sensitive. Which one of the following is generally regarded as providing explicit consent?
The registration form requires the user to tick a check-box to grant consent.
The registration form contains a statement that, by registering for the service, the client is assumed to grant consent.
The registration form makes no mention of consent, but refuses to allow the client to register if any field is not correctly filled.
The registration form requires the user to untick a check-box to withhold consent.
39. When should a contract for bespoke software development specify surcharges for the customer?
for when the customer pays in a foreign currency (e.g. US dollars).
for customers who want to lease software to other users.
for a solution expected to operate across multiple territories.
for when the customer changes requirements.
40. The (UK) Data Protection Act 1998 requires that personal data should be kept no longer than necessary. Which of the following is
false
?
A police station may retain your phone number after you have called to make a complaint.
An on-line business may retain your e-mail address after it has dispatched your order to you.
A university may retain information on students who have graduated.
A restaurant may retain the phone number you used to book a table, after you have left the restaurant.
41. The (UK) Data Protection Act 1998 defined various personal data as sensitive. Which of the following is not considered sensitive data?
mental health.
gender.
sexual orientation.
physical health.
42. Some unsolicited e-mail is intended to defraud you. In which one of the following cases would you be reasonably confident that an e-mail message is
genuine
?
The message appears to come from the same e-commerce site, and invites you to claim a free voucher by simply clicking on a link.
The message appears to come from a bank, and invites you to confirm your account details.
The message comes from a sender unknown to you, and invites you to open an attached Word document.
The message appears to come from an e-commerce site for which you have registered, and invites you to claim a free voucher by signing in to the site in the normal way.
43. The (UK) Data Protection Act 1984 was primarily focused on addressing the concerns of data misuse by what entities?
large organisations.
private members’ clubs.
individuals.
small independent traders.
44. The (UK) Sale of Goods Act 1979 requires that goods sold must be fit for purpose. Under which of the following scenarios could a customer demand a refund, under the act?
customer discovers the software does not function as purported on the retail box.
customer purchases software designed for a specific platform (e.g. Microsoft Windows), but is unable to use it as they own a different platform (e.g. Mac OS).
customer purchases software, but discovers a more up-to-date version is available for purchase.
customer discovers within 3 days of purchase they can purchase the same software from an Internet-based vendor for significantly less.
45. The (UK) Freedom of Information Act 2000 is based on certain principles. Which one of the following is
not
one of these principles?
Any member of the public is entitled to request specified information, subject to an administration charge approved by the Information Commissioner.
The government may refuse to disclose specified information, provided that it can convince the Information Commissioner that disclosure would not be in the public interest.
Whilst individuals have a right to privacy, the government does not.
Civil servants’ advice to government ministers remains completely confidential.
46. The (UK) Freedom of Information Act 2000 gives every citizen the right to request information from certain organisations. Which of the following is covered by the act?
the financial details of any scholarships provided by private businesses for children to attend private schools.
expenses paid to a university’s senior management.
financial holdings for financial institutions, headquartered in the United Kingdom with more than 5,000 employees.
environmental policies for any oil companies operating in the United Kingdom.
47. The principle known as "obligation of confidence" makes which of the following unlawful?
A software contractor exploits knowledge gained while working with a client, in the absence of a specific non-disclosure clause in the contract.
A software engineer working for a bank discovers a security weakness in the bank’s customer management system, but the bank refuses to address the problem, so the engineer discloses the problem to a professional body.
A software engineer moves from one employer to another, then exploits a technique developed by the first employer.
A software engineer moves from one employer to another, then exploits a technique learned from a book while working for the first employer.
48. Data protection laws were introduced to address concerns about the ways in which personal data might be misused. Which of the following was
not
such a concern?
Unauthorised persons might access the data.
The data might be stored in several different locations.
The data might be used for purposes for which it was not intended.
The data might be used for unacceptable purposes.
49. In the (UK) Data Protection Act 1998, which one of the following is
not
classified as sensitive personal data?
the data subject’s religious beliefs
the data subject’s conviction for a criminal offence.
a reference letter sent in connection with the data subject’s application for a job
the data subject’s race
50. Which one of the following statements about internet domain names is
false
?
Domain names and trade marks are covered by completely different laws.
It is unlawful for a domain name incorporating a company’s trade mark to be registered by anyone except that company.
Domain names are global, whereas trade marks are registered in specific countries.
No-one owns a particular domain name.
51. Controlling children’s access to internet pornography is difficult for a number of reasons. Which of the following is
false
?
Pornography website owners cannot be trusted to block access by children.
Children can easily impersonate adults on the Internet.
Pornography laws vary enormously from one country to another.
ISPs are unwilling to filter access to pornography websites.
52. The (UK) Computer Misuse Act 1990 was enacted to combat misuse. Which of the following is not a criminal offence under the act?
unauthorised access to any program/data held in any computer.
unauthorised modification of the contents of any computer.
building or selling hackers’ toolkits.
intent to commit a serious offence with a computer.
53. What is a professional body?
an organisation that requires specialist qualifications to be a member.
an organisation that has complete control over the training and education of all individuals employed in a specific area.
an organisation that promotes high standards in a particular profession.
an organisation that controls the minimum payment and entitlements for professionals in a specific area.
54. In the development of a bespoke software system, what is the best way for the contractor to deal with the possibility that the client might request changes in the requirements during the term of the software contract?
Ensure that the initial contract formalises the conditions for accepting requirement changes.
Refuse to accept any requirement changes.
Abandon the project.
Negotiate a new contract.
55. In UK law, what amendment did the Police and Justice Act 2006 (PJA)
not
introduce to the Computer Misuse Act 1990 (CMA)?
intent to impair operation of any computer.
building or selling hackers’ toolkits.
using Facebook and Twitter to share abusive statements.
denial-of-service attacks.
56. In Europe, when is adult pornography usually deemed lawful?
when it is non-violent, consensual and inaccessible to minors.
when it is accessible to all European citizens.
when it takes the form of free speech.
when it is not disrespectful to religious beliefs.
57. In UK law, who does the Computer Misuse Act 1990 (CMA) apply to in the following circumstances?
anyone, anywhere, who unlawfully accesses a computer in the United Kingdom.
only UK citizens who unlawfully access a computer in the UK.
anyone, anywhere, who unlawfully accesses a computer anywhere in the world.
only EU citizens who unlawfully access a computer in the UK.
58. The Internet transcends national boundaries and jurisdictions. The Council of Europe (CoE) have approved a convention on cybercrime. Which of the following is not covered by the convention?
smartphone ownership, e.g. prisoners are not permitted to own one.
criminal copyright infringement.
child pornography.
computer-related fraud.
59. A UK citizen has identified potentially unlawful content on the Internet, but is unsure that it is definitely unlawful. Which of the following actions would be the best first step?
report the content to the Internet Watch Foundation (IWF).
consult a legal professional.
report the content to the local police office.
report the content to the Internet service provider (ISP).
60. In UK law, what is personal data?
data that relates to a living person who can be identified.
data that is unique to an individual, e.g. genetic information.
data that relates to any person, dead or alive.
data that any individual considers personal.
61. Under current European law, an internet service provider (ISP) can be sued for damages for transmitting a defamatory article in which one of the following circumstances?
The ISP cached the article and, when requested by a court to remove the article, responded that it would follow its normal caching policy. (Its policy is to uncache all items more than one month old).
The ISP cached the article and, when requested by a court to remove the article, uncached it immediately.
The ISP hosted the article and, when requested by a court to remove the article, removed it immediately.
The ISP merely transmitted the article.
62. If a software product is found to be defective, the supplier can limit their liability to pay damages (under UK law) in which one of the following circumstances?
The software licence limits the supplier’s liability to the purchase price.
The software licence limits the supplier’s liability to a specified maximum amount of money.
Whilst the software does have defects, they do not make the software unfit for purpose.
Whilst the software does have defects, they do not create a risk of death or injury.
63. The (UK) Public Interest Disclosure Act 1998 (PIDA) provides protection for whistle-blowers. Which of the following scenarios would not be covered by the act?
whistle-blower reveals danger to health and safety in their workplace to their line-manager.
whistle-blower exposes unlawful environmental damage by the organisation to the national media.
whistle-blower reveals the concealment of illegal activity to upper management and a professional body.
whistle-blower reveals the failure of the organisation to comply with legal obligations to upper management.
64. In terms of intellectual property rights, what is the ‘obligation of confidence’ principle?
protection for confidential information received but not intended to be passed on to others.
that employees are expected to report potentially unlawful activity with management, prior to reporting it to the media.
the expectation that consumers should have with regards to their personal data.
the right to copy documents, images, audio/video recordings, programs.
65. UK law defines various kinds of computer misuse offences. Which of the following is
not
such an offence?
intentionally spreading a virus
a denial-of-service attack
using your work-place computer to play games
development of software tools to facilitate unauthorised access to computers.
66. The (UK) Police and Justice Act 2006 (PJA) enhanced the (UK) Computer Misuse Act (CMA) 1990. Which of the following was not directly addressed in the PJA act?
denial-of-service attacks
advanced persistent threats.
increased maximum penalties for CMA offences
amended CMA to cover software tools intended to facilitate computer misuse.
67. A cost-plus contract expects customers to pay supplier’s actual costs and what else?
integration costs with existing customer systems.
an enduring annual license fee.
all associated legal fees.
an appropriate profit margin.
68. The contract for the development of a bespoke software system should define who will own the copyright in the software system. For which part of the system code could copyright reasonably be assigned to the customer?
library code
newly developed code
all of the above.
open-source code
69. The (UK) Computer Misuse Act and Police & Justice Act have proved to be less effective than expected. Which one of the following is
not
a reason for this problem?
Judges have tended to impose light sentences.
Companies are reluctant to report computer security breaches for fear of damaging publicity.
The police lack the expertise and resources to investigate computer misuse properly.
Juries are reluctant to convict because they do not regard computer misuse as a real crime.
70. In US law, which of the following is usually
not
an offence under the Computer Fraud and Abuse Act (CFAA)?
selling a physical textbook bought in the UK to a US customer through the Internet.
denial-of-service attacks
unauthorised access to any "protected computer"
trafficking in passwords.
71. What is a fixed-price software contract?
all costs agreed prior to commencement of software development, but all intellectual rights reside with the developer.
all costs agreed prior to commencement of software development, no additional charges may be applied.
costs agreed prior to commencement of software development, penalty costs permitted in specific situations.
costs are fixed for specific time-period of software development, beyond agreed time period costs can be renegotiated.
72. An application program downloaded from the Internet has no packaging on which its trade mark could be displayed. Which is the best way to get round this problem?
The application displays its trademark continuously when it is running.
The supplier’s download page displays the trade mark.
The application displays its trademark briefly when it is launched.
The application’s desktop icon is its trade mark.
73. In UK law, under what circumstances may personal data be transferred to a country or territory outside the European Economic Area (EEA)?
it may be permitted, if the country or territory have a specific trade agreement with the EU.
it may be permitted, if the country or territory ensure adequate levels of protection for the rights and freedoms of data subjects.
it may be permitted, if the consent of the data subject is obtained prior to transfer of data.
it is not permitted under any circumstances.
74. The (UK) Regulation of Investigatory Powers Act 2000 grants certain agencies the right to seek a warrant to monitor telephone communications to or from a named person or organisation suspected of certain offences. Which one of the following agencies is
not
granted such a right?
HM Revenue & Customs (the agency responsible for tax collection), investigating suspected tax evasion.
a private detective agency, investigating suspected marital infidelity
the intelligence services, investigating suspected terrorists
the police force, investigating suspected drug dealers
75. There are some differences between European and US laws on unsolicited e-mail (spam). Which of the following is
true
?
Both European and US law require prior consent from individual recipients.
Both European and US law require every unsolicited e-mail to contain a valid address enabling the recipient to request the mailing to cease.
Both European and US law require every unsolicited e-mail to contain the sender’s true name.
Both European and US law apply to e-mails from senders in any country.
76. Software patenting is a difficult issue. Which of the following is
not
a reason for this difficulty?
Most software lacks genuine novelty.
Patent practice does not always follow the law.
It is always impossible to get a patent for software.
Small software companies could not afford to defend any patents that they own.
77. In European law, an internet service provider (ISP) could be prosecuted in which of the following circumstances?
The ISP hosts content uploaded or downloaded by its customers, but blocks access to any content shown to be unlawful.
The ISP caches content uploaded or downloaded by its customers, and accepts no liability for any unlawful content.
The ISP hosts content uploaded by its customers, but removes any content shown to be unlawful.
The ISP merely transmits content uploaded or downloaded by its customers, and accepts no liability for any unlawful content.
78. Retail software licences and corporate software licences differ in several respects. Which one of the following is typical of a
corporate
software licence?
The licence covers maintenance free of charge.
The licence covers user training free of charge.
The license does not cover maintenance.
The license fee depends on the number of users.
79. The (UK) Copyright, Design and Patents Act 1988 is the primary copyright law in the United Kingdom. Which of the following is accurate in the case of source code?
closed source code is protected under the act.
boilerplate source code is protected under the act.
open source code is protected under the act.
original source code is protected under the act.
80. Which of the following is
not
an offence under the (UK) Computer Misuse Act 1990?
unauthorised access to the data stored in a computer, motivated by simple curiosity
unauthorised changes to the data stored in a computer.
unauthorised access to the data stored in a computer, motivated by searching for sensitive data
unauthorised modification of a computer’s hardware
Submit Quiz