1. List two (2) challenges to developing cybersecurity law and policy. 2. Presidential Policy Directive 41 identified the lead federal government agencies responsible for responding to a significant cyber incident. What are the three agencies and their corresponding responsibilities with respect to a response to a significant cyber incident? 3. For cyber incident response, the relationship between the federal government and the state governments can best be described as: A. A top-down approach where the federal government directs states' responses. B. Federal and state governments directing the private sector, as most of the country's critical cyber infrastructure is privately owned. . One of coordination between various stakeholders at each level of government, where the federal government seeks to support state and local authorities. p. None of the above. 4.Is \"hacking back illegal? Yes or No and Explain. 5. What is the maximum potential penalty for failing to comply with GDPR? 6. Finish the following sentence: \"The Computer Fraud and Abuse Act (CFAA) prohibits e 7. Why was the Supreme Court's holding in Van Buren v United States significant? 8. Under what authority(s) may the FTC regulate cybersecurity practices? 9. How did LabMD Inc. v. FTC curtail the FTC's ability to regulate cybersecurity practices? 10. Implementation of the NIST Cybersecurity Framework is voluntary for the private sector. Give two (2) reasons why the private sector has nevertheless embraced the NIST Framework. 20. What was the Cyber Solarium Commission asked to do? A. To draft a comprehensive federal law on cybersecurity for Congress. B. To assess the Department of Homeland Security's role in cybersecurity response. c. To provide insights and recommendations on a series of cybersecurity challenges facing the United States. p. Pick a \"cybersecurity czar\" to lead the federal government's efforts on cybersecurity. 21. How many US states have data breach notification laws? AS. B.47. c. 50. p. This 1s a trick question. State data breach notification laws have been preempted by federal law. 22. Who must comply with the GDPR? A. Any for-profit business in the USA. B. Only European for-profit businesses. . Any organization that processes personal data of people in the EU, regardless of where the business is located. p. No organization must comply. Like the NIST Cybersecurity Framework, the GDPR is voluntary. 23. What is the Tallinn Manual? A. A legal resource written by international law experts summarizing how they believe international law applies to cyberspace. B. An international law outlining how the law applies to cyberspace. c. An agreement among NATO members on how international law applies to cyberspace. p. None of the above. 24. What are two (2) challenges to passing a comprehensive federal privacy law? 25. Before the Supreme Court weighed in, there was a Circuit Court split in how the Computer Fraud and Abuse Act was interpreted. How would you best describe that split? 26. Name two of the three main components of the NIST Cybersecurity Framework. 27. Explain the distinction between cybersecurity and data privacy. 28. Identify two potential (2) benefits that cyber insurance provides. 29. Provide two (2) reasons why a business might be hesitant to involve the government in its cyber incident response. 30. List four (4) rights that the GDPR provides to European data subjects. 31. Which US state passed the first comprehensive state data privacy legislation? 32. The Gramm-Leach-Bliley Act establishes cybersecurity regulations for which industry sector? 33. List two (2) ways for facilitating cyber threat information sharing