Module 1 Test : Legislation & Operational Security
Legislation & Operational Security
The GDPR is just a regulation and is not a law. True or False?
False
An OSINT investigation process should have a documented Lawful Basis. When should the documentation be prepared?
a) Before processing begins
b) At any time, it doesn't matter when
c) During the reporting process
d) At the end of the investigation process
e) When the report is finished
An OSINT practitioner needs a Lawful Basis for the authority to
a) start an OSINT investigation
b) process Personally Identifiable Information
c) comply with The Data Protection Act 1998
d) get an exemption for an OSINT investigation
e) none of the above
You have been asked by your HR department if, without any consent, you can, 'check out the social media' of 3 prospective employees who are on a short-list. The GDPR Exemption you will rely on for lawful processing of their PII, is:
a) A Contract between the parties
b) Public Task
c) Vital Interests
d) Legitimate Interests
e) None of the above
The PII of a subject, that is good to have in the instruction at the start of an investigation, is ...? (select the best answer)
a) name
b) e-mail address
c) mobile number
d) date of birth
e) all of the above
Before commencing an III (OSINT) process, it is best practice to: (select the best answer)
a) Ensure that you’re working from a non attributable computer
b) Activate a VPN or Mobile Proxy connection
c) Activate an Agent Switcher
d) Ensure the Browser is up-to-date
e) All of the above
Which resource has the capability to obfuscate a user's internet finger print?
a) A VPN
b) An Anonymiser or Proxy
c) A Mobile Proxy
d) An Agent Switcher
e) All of the above
To enhance the security of a VPN connection, you should...?
a) install an anti-virus application
b) delete the default network settings
c) apply the DNS of the VPN provider to your network settings
d) contact with the VPN provider to acquire a dedicated gateway (IP address)
e) none of the above
What is the purpose of a Synthetic Identity? (select the best answer)
a) to protect the identity of the OSINT practitioner
b) to Protect the identity of the organisation that employs the OSINT practitioner
c) to protect the investigation itself
d) all of the above
e) There is no purpose. A Synthetic Identity is illegal and should never be deployed
An III (OSINT) practitioner cannot ever use a Synthetic Identity that might have the name of a real world person. True or False?