CSL Cheat Sheet 2026

The 30 highest-yield CSL facts, distilled from real exam questions. Print it, save it as a PDF, or study it here โ€” free, no sign-up.

100 questions
120 min time limit
70.00% to pass
  1. Which principle of international law determines which country's laws apply when a cyberattack originates in one country but causes harm in another? โ†’ Effects-based jurisdiction
  2. What is the main goal of ethical hacking? โ†’ To help organizations identify and fix vulnerabilities
  3. What is a Data Protection Impact Assessment (DPIA) in the context of cybersecurity? โ†’ A process to evaluate risks to data protection and privacy
  4. The Tallinn Manual, published by NATO's CCDCOE, addresses which aspect of international law as applied to cyberspace? โ†’ International law applicable to cyber warfare and state-sponsored attacks
  5. What does the Computer Fraud and Abuse Act (CFAA) primarily address? โ†’ Prohibiting unauthorized access to computers and data theft
  6. What mechanism does the EU's General Data Protection Regulation (GDPR) provide for lawfully transferring personal data to the United States? โ†’ Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework
  7. What is the primary purpose of a non-disclosure agreement (NDA) in the context of trade secret protection? โ†’ To establish that reasonable measures were taken to protect the secret
  8. Which international treaty requires member nations to provide legal protections for technological protection measures similar to the DMCA? โ†’ WIPO Copyright Treaty (WCT)
  9. What is the main objective of data breach notification requirements under data protection laws? โ†’ To inform individuals so they can protect their data
  10. Under what legal authority can U.S. law enforcement compel a suspect to provide biometric authentication (e.g., fingerprint) to unlock a device? โ†’ Biometrics are non-testimonial and not Fifth Amendment protected
  11. Why is ethical hacking important for organizations? โ†’ To identify and fix security weaknesses before malicious actors exploit them
  12. What DMCA exemption allows security researchers to bypass TPMs for good-faith security research? โ†’ Section 1201(j) security research exemption
  13. The Defend Trade Secrets Act (DTSA) of 2016 created a federal civil cause of action for trade secret misappropriation. What is the statute of limitations? โ†’ 3 years
  14. What contractual provision governs how a vendor handles client data after contract termination? โ†’ Data return and destruction clause
  15. When conducting a forensic examination of a suspect's smartphone, which constitutional amendment primarily protects against warrantless searches? โ†’ Fourth Amendment
  16. What is a security breach in the context of incident response? โ†’ When unauthorized access leads to data or system compromise
  17. Under the EU's GDPR, what obligation does the 'one-stop-shop' mechanism create for multinationals operating across EU member states? โ†’ They deal primarily with the DPA of their EU main establishment
  18. Under HIPAA, which covered entity bears primary liability when a business associate suffers a data breach? โ†’ Both can face independent liability to HHS
  19. What contractual provision specifically allocates cybersecurity responsibilities between a company and its third-party vendor? โ†’ Security addendum or exhibit
  20. What is a security assessment questionnaire (SAQ) used for in vendor management? โ†’ To evaluate a vendor's security posture before and during a contractual relationship
  21. What is a key challenge in prosecuting cybercrimes? โ†’ The anonymity of the internet and difficulty tracing hackers
  22. What is the legal standard for obtaining a warrant to search digital devices under the Fourth Amendment? โ†’ Probable cause
  23. What does GDPR stand for in cybersecurity compliance? โ†’ General Data Protection Regulation
  24. What is the key to effective incident response? โ†’ A proactive and well-organized response
  25. What is the role of encryption in data protection? โ†’ To protect data by making it unreadable without decryption keys
  26. Which law requires the federal government to disclose vulnerabilities it discovers in commercial products through a formal equities review process? โ†’ The Vulnerabilities Equities Policy (VEP)
  27. Why is continuous monitoring important for cybersecurity compliance? โ†’ It ensures the organization stays compliant with current security regulations
  28. How can businesses ensure compliance with cybersecurity regulations? โ†’ By implementing required safeguards and staying informed about regulations
  29. Which federal agency maintains the National Software Reference Library (NSRL) used to filter known files during digital forensic investigations? โ†’ NIST
  30. Which federal statute makes it a crime to intentionally destroy evidence that may be relevant to a federal investigation? โ†’ 18 U.S.C. ยง 1519