Need help with these cyber security law questions:

11. Which of the following statements accurately describe National Security Letters ("NSLs")? A. They may only be issued by officials in CIA headquarters. B. They may not contain nondisclosure provisions prohibiting the recipient from disclosing the contents of the letter. C. They may only request information pertaining to a foreign power or the agent of a foreign power. D. They do not require prior judicial authorization. 12. Which of the following agencies does NOT presently have the power to issue regulations related to consumer privacy? A. Federal Communication Commission ("FCC"). B. Federal Trade Commission ("FTC"). C. Office of the Comptroller of Currency ("OCC"). D. Consumer Financial Protection Bureau ("CFPB"). 13. Under the Electronic Communications Privacy Act ("ECPA"), when may a person lawfully monitor another's telephone call? A. When one of the parties to the call has given consent. B. Only when both parties to the call have given their consent. C. Ten days after providing notice of the monitoring to both parties of the call. D. Monitoring telephone calls is illegal under all circumstances. 14. The Do Not Call Registry applies to what type of marketing? A. Telemarketing. B. Email marketing. C. Television marketing. D. Online marketing. 15. Which of the following in a statute (such as the FCRA), enables an individual to directly bring a lawsuit against a person who violates the statute? A. Consent Decree. B. Preemption Clause. C. Indemnity Provision. D. Private Right of Action. 16. The Health Insurance Portability and Accountability Act ("HIPAA") applies to whom? A. Healthcare facilities B. Health Plan C. Covered Entities & their Business Associates D. All of the above. 17. Which of the following is NOT a type of safeguard mandated by the Security Rule of the Health Insurance Portability and Accountability Act ("HIPAA")? A. Technical. B. Administrative. C. Executorial. D. Physical. 18. How does the FTC interpret the term "financial institution" with respect to enforcement of the Gramm-Leach-Bliley Act ("GLBA")? A. A bank operating in the United States. B. A business that is significantly engaged in financial activities. C. A lender regulated by federal and state banking laws. D. Any business whose main purpose is to lend money and extend credit. 19. Which of the following types of calls is NOT regulated by the National Do Not Call Registry? A. Calls to consumers living in Puerto Rico and the District of Columbia. B. Automated telephone calls. C. Calls from political organizations, charities, telephone surveyors, or companies with which a consumer has an existing business relationship. D. Calls made manually without the assistance of an automated dialer. 20. A company enjoying an existing business relationship with a consumer may call the consumer for up to how long after the consumer's last purchase? A. 6 months. B. 12 months. C. 18 months. D. 24 months.