The document discusses questions about US cybersecurity laws and policies. It asks about the two types of criminal prohibitions under the Economic Espionage Act (18 U.S.C. 1831 and 1832), the agency responsible for protecting civilian US networks (CISA), the agencies with lead responsibilities under PPD-41 for threat response, asset response and intelligence support after a cybersecurity incident, and the four key pillars of the Trump Administration's National Cyber Strategy.

1. What are the two types of criminal prohibitions under the Economic Espionage Act?
Question 59 options:
1831 (theft of trade secrets to benefit a foreign government, instrumentality, or agent).
1832 (theft of trade secrets to benefit anyone other than the owner).
1831 (theft of trade secrets to benefit anyone other than the owner).
1832 (theft of trade secrets to benefit a foreign government, instrumentality, or agent).
Which agency has the lead responsibility for protecting the cybersecurity of civilian U.S.
networks?
Question 61 options:
Central Intelligence Agency.
Federal Bureau of Investigation.
National Security Agency.

2. The Cybersecurity and Infrastructure Security Agency, within the Department of Homeland
Security.
Under PPD 41, which agency has the lead for threat response after a cybersecurity incident?
Question 62 options:
National Aeronautics and Space Administration.
National Security Agency.
Justice Department.
Federal Bureau of Investigation.
Under PPD 41, which agency has the lead for asset response after a cybersecurity incident?
Question 63 options:
Department of Homeland Security.
Justice Department.

3. Federal Bureau of Investigation.
Central Intelligence Agency.
Under PPD 41, which agency has the lead for intelligence support and related activities after a
cybersecurity incident?
Question 64 options:
Central Intelligence Agency.
Office of Director of National Intelligence.
Department of Homeland Security.
Justice Department.
What are the four key pillars of the Trump Administration's National Cyber Strategy?
Question 65 options:
Defend cyber sovereignty ensuring each country has the right to police the internet within their
own boarders.

4. Preserve peace and security by strengthening the ability of the United Statesin concert with allies
and partnersto deter and, if necessary, punish those who use cyber tools for malicious purposes.
Expand American influence abroad to extend the key tenets of an open, interoperable, reliable,
and secure internet.
Promote American prosperity by nurturing a secure, thriving digital economy and fostering
strong domestic innovation.
Defend the American energy grids by filling the gas reserves.
Defend the homeland by protecting networks, systems, functions, and data.
The Cybersecurity Act of 2015 allows companies to share; cyber threat indicators and defensive
measures, for cybersecurity purposes.
Question 66 options:
Do "defensive measures" as authorized by the Cybersecurity Act of 2015 include hacking back?
Question 67 options:
Yes.
No.

5. What are the five main principles of the NIST Cybersecurity Framework?
Question 68 options:
Encrypt.
Identify.
Protect.
Recover.
Detect.
Respond.
Locate.
Anonymize.

6. Reboot.
Prevent.
Which federal agency serves as the general data security regulator in the United States?
Question 1 options:
Although the United States does not formally have a general data security or privacy regulator,
the Federal Trade Commission effectively serves in that role under its authority in Section 5 of
the FTC Act.
Although the United States does not formally have a general data security or privacy regulator,
the Security and Exchange Commission effectively serves in that role under its authority in
Section 9 of the SEC Act.
FBI.
FBI and SEC.
What factor(s) will the FTC consider in determining whether a data security practice is deceptive
under Section 5 of the FTC Act?
Question 2 options:

7. A representation, omission, or practice that is likely to mislead the consumer.
Examined from the perspective of a consumer acting reasonably in the circumstances.
The representation, omission, or practice must be "material".
All of the above.
What is the FTC's test to determine whether a company's practices violated the unfairness prong
of Section 5 of the FTC Act? (Select all that apply)
Question 3 options:
Substantial injury.
The injury is one that consumers could not have reasonably avoided.
Injury must not be outweighed by an offsetting consumer or competitive benefit that the sales
practice also produces.

8. 1831 (theft of trade secrets to benefit a foreign government, instrumentality, or agent).
1832 (theft of trade secrets to benefit anyone other than the owner).
1831 (theft of trade secrets to benefit anyone other than the owner).
1832 (theft of trade secrets to benefit a foreign government, instrumentality, or agent).