CSL Cheat Sheet 2026
The 30 highest-yield CSL facts, distilled from real exam questions. Print it, save it as a PDF, or study it here โ free, no sign-up.
100 questions
120 min time limit
70.00% to pass
- Which principle of international law determines which country's laws apply when a cyberattack originates in one country but causes harm in another? โ Effects-based jurisdiction
- What is the main goal of ethical hacking? โ To help organizations identify and fix vulnerabilities
- What is a Data Protection Impact Assessment (DPIA) in the context of cybersecurity? โ A process to evaluate risks to data protection and privacy
- The Tallinn Manual, published by NATO's CCDCOE, addresses which aspect of international law as applied to cyberspace? โ International law applicable to cyber warfare and state-sponsored attacks
- What does the Computer Fraud and Abuse Act (CFAA) primarily address? โ Prohibiting unauthorized access to computers and data theft
- What mechanism does the EU's General Data Protection Regulation (GDPR) provide for lawfully transferring personal data to the United States? โ Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework
- What is the primary purpose of a non-disclosure agreement (NDA) in the context of trade secret protection? โ To establish that reasonable measures were taken to protect the secret
- Which international treaty requires member nations to provide legal protections for technological protection measures similar to the DMCA? โ WIPO Copyright Treaty (WCT)
- What is the main objective of data breach notification requirements under data protection laws? โ To inform individuals so they can protect their data
- Under what legal authority can U.S. law enforcement compel a suspect to provide biometric authentication (e.g., fingerprint) to unlock a device? โ Biometrics are non-testimonial and not Fifth Amendment protected
- Why is ethical hacking important for organizations? โ To identify and fix security weaknesses before malicious actors exploit them
- What DMCA exemption allows security researchers to bypass TPMs for good-faith security research? โ Section 1201(j) security research exemption
- The Defend Trade Secrets Act (DTSA) of 2016 created a federal civil cause of action for trade secret misappropriation. What is the statute of limitations? โ 3 years
- What contractual provision governs how a vendor handles client data after contract termination? โ Data return and destruction clause
- When conducting a forensic examination of a suspect's smartphone, which constitutional amendment primarily protects against warrantless searches? โ Fourth Amendment
- What is a security breach in the context of incident response? โ When unauthorized access leads to data or system compromise
- Under the EU's GDPR, what obligation does the 'one-stop-shop' mechanism create for multinationals operating across EU member states? โ They deal primarily with the DPA of their EU main establishment
- Under HIPAA, which covered entity bears primary liability when a business associate suffers a data breach? โ Both can face independent liability to HHS
- What contractual provision specifically allocates cybersecurity responsibilities between a company and its third-party vendor? โ Security addendum or exhibit
- What is a security assessment questionnaire (SAQ) used for in vendor management? โ To evaluate a vendor's security posture before and during a contractual relationship
- What is a key challenge in prosecuting cybercrimes? โ The anonymity of the internet and difficulty tracing hackers
- What is the legal standard for obtaining a warrant to search digital devices under the Fourth Amendment? โ Probable cause
- What does GDPR stand for in cybersecurity compliance? โ General Data Protection Regulation
- What is the key to effective incident response? โ A proactive and well-organized response
- What is the role of encryption in data protection? โ To protect data by making it unreadable without decryption keys
- Which law requires the federal government to disclose vulnerabilities it discovers in commercial products through a formal equities review process? โ The Vulnerabilities Equities Policy (VEP)
- Why is continuous monitoring important for cybersecurity compliance? โ It ensures the organization stays compliant with current security regulations
- How can businesses ensure compliance with cybersecurity regulations? โ By implementing required safeguards and staying informed about regulations
- Which federal agency maintains the National Software Reference Library (NSRL) used to filter known files during digital forensic investigations? โ NIST
- Which federal statute makes it a crime to intentionally destroy evidence that may be relevant to a federal investigation? โ 18 U.S.C. ยง 1519
Turn these facts into recall: