need help with the cyber security law questions:

31. Which of the following Supreme Court cases established the need for law enforcement to acquire a warrant, in most cases, before searching a smart phone? A. Katz v. Untied States. B. Riley v. California. C. Spokeo v. Robins. D. Jones v. United States.

32. Which of the following legal hurdles presents the greatest challenge to plaintiffs seeking to sue a corporation immediately following a data breach? A. Standing due to lack of injury. B. Lack of class certification. C. Inability to name a defendant with particularity. D. Financial resources.

33. According to the Cyber Civil Rights Initiative, how many states in the U.S. currently have some law on the books explicitly directed at combatting "revenge porn?" A. 26. B. 38 plus District of Columbia. C. 40 plus a federal law. D. All 50 states.

34. Which rule within the HIPAA Privacy Rule requires transfer of only the protected health information required to accomplish the authorized task? A. Principle of Least Privilege. B. Minimum Necessary Requirement/Rule. C. Breach Notification Rule. D. Red Flags Rule.

35. Which of the following purposes for disclosure under HIPAA do not require separate, specific consent from a patient prior to disclosure, assuming you have received prior authorization at the beginning of the client relationship? A. Payment. B. Treatment C. Operations D. All may be disclosed assuming proper authorization at the beginning of the client relationship.

36. In Professor Heck's most humble of opinions, which of the following federal laws provides the most guidance for any company to model a data governance program from? A. HIPAA B. FCRA C. GLBA D. TCPA.

37. Which of the following is not an example of an administrative safeguard? A. Trainings for staff members on data governance procedures. B. Firewalls. C. A prominently displayed privacy policy. D. A policy and procedure distributed to staff members about proper email usage.

38. Which of the following accounts for more data breaches than any other intrusion method? A. Social engineering techniques. B. Password generating applications. C. Spoofing of biometric identifiers. D. Inadvertent disclosure of personal identifying information.

39. Which of the following can be considered personal identifying information? A. Date of Birth B. IP Address C. Driver's License Number. D. All of the above could be considered personal identifying information.

40. The act of auditing your data to determine the level of financial and reputational and legal harm if improperly disclosed, and then labeling the data according to its risk level is called what? A. Data classification. B. Data mapping. C. Data examining. D. Data mining.