1. List two (2) challenges to developing cybersecurity law and policy. 2. Presidential Policy Directive 41 identified the lead federal government agencies responsible for responding to a significant cyber incident. What are the three agencies and their corresponding responsibilities with respect to a response to a significant cyber incident? 3. For cyber incident response, the relationship between the federal government and the state governments can best be described as: A. A top-down approach where the federal government directs states' responses. B. Federal and state governments directing the private sector, as most of the country's critical cyber infrastructure is privately owned. . One of coordination between various stakeholders at each level of government, where the federal government seeks to support state and local authorities. p. None of the above. 4.Is \"hacking back illegal? Yes or No and Explain. 5. What is the maximum potential penalty for failing to comply with GDPR? 6. Finish the following sentence: \"The Computer Fraud and Abuse Act (CFAA) prohibits e 7. Why was the Supreme Court's holding in Van Buren v United States significant? 8. Under what authority(s) may the FTC regulate cybersecurity practices? 9. How did LabMD Inc. v. FTC curtail the FTC's ability to regulate cybersecurity practices? 10. Implementation of the NIST Cybersecurity Framework is voluntary for the private sector. Give two (2) reasons why the private sector has nevertheless embraced the NIST Framework. 11. What law provides liability protections to private sector entities for sharing cybersecurity threat information with the federal government? 12. In data breach lawsuits, plaintiffs' cases are often dismissed due to a lack of standing. Why? 13. Companies may be legally required to notify customers after they suffer a data breach. Provide two (2) reasons why data breach notification might be burdensome to businesses? 14. Current US data privacy law can best be described as: A. A fundamental right explicitly guaranteed by the US Constitution. B. A patchwork of federal laws, industry-specific regulations, and state laws. c. An area of law reserved for the states. p. None of the above. 15. What factors should be considered to determine if a cyber attack constitutes a \"use of force\" under international law? 16. Provide an example of a peacetime norm of state behavior in cyberspace. 17. Identify four (4) things a good cyber incident response plan should include. 18. The NIST Cybersecurity Framework Core consists of what five (5) functions? 19. What is the core mission of the Cybersecurity and Infrastructure Security Agency (CISA)? A. Draft cybersecurity legislation for Congress to consider. B. To identify threats, share information and assist with incident response in defense of the nation's critical infrastructure. c. Coordinate all federal government agencies responsible for cyber incident response. p. Issue cybersecurity regulations for the private sector. 20. What was the Cyber Solarium Commission asked to do? A. To draft a comprehensive federal law on cybersecurity for Congress. B. To assess the Department of Homeland Security's role in cybersecurity response. c. To provide insights and recommendations on a series of cybersecurity challenges facing the United States. p. Pick a \"cybersecurity czar\" to lead the federal government's efforts on cybersecurity. 21. How many US states have data breach notification laws? AS. B.47. c. 50. p. This 1s a trick question. State data breach notification laws have been preempted by federal law. 22. Who must comply with the GDPR? A. Any for-profit business in the USA. B. Only European for-profit businesses. . Any organization that processes personal data of people in the EU, regardless of where the business is located. p. No organization must comply. Like the NIST Cybersecurity Framework, the GDPR is voluntary. 23. What is the Tallinn Manual? A. A legal resource written by international law experts summarizing how they believe international law applies to cyberspace. B. An international law outlining how the law applies to cyberspace. c. An agreement among NATO members on how international law applies to cyberspace. p. None of the above. 24. What are two (2) challenges to passing a comprehensive federal privacy law? 25. Before the Supreme Court weighed in, there was a Circuit Court split in how the Computer Fraud and Abuse Act was interpreted. How would you best describe that split? 26. Name two of the three main components of the NIST Cybersecurity Framework. 27. Explain the distinction between cybersecurity and data privacy. 28. Identify two potential (2) benefits that cyber insurance provides. 29. Provide two (2) reasons why a business might be hesitant to involve the government in its cyber incident response. 30. List four (4) rights that the GDPR provides to European data subjects. 31. Which US state passed the first comprehensive state data privacy legislation? 32. The Gramm-Leach-Bliley Act establishes cybersecurity regulations for which industry sector? 33. List two (2) ways for facilitating cyber threat information sharing