LOT-X-O Module 1 - Legislation & Operational Security

The GDPR is just a regulation and is not a law. True or False?

True

False

The GDPR exemption that is Legitimate Interests is not safe to rely on, as the OSINT practitioner cannot demonstrate any real legitimate Interest to process the PII of a Subject. True or False?

True

False

Your employer is vetting candidates for an executive position in your organisation. The short list is 3 people. If your HR department was to ask you if legally there is a way to 'check them out from online info'. You would reply with

a) Sorry, there is no way I can do this legally

b) I can do it but first, you have to get their consent

c) I can do this because we have a legitimate interest but we have to tell them first

d) Sure, I can do this and I can help with the preparatory documentation under legitimate interests so everything is compliant with the GDPR

e) I can do this. Its a Public Task and we are covered under the GDPR

To process personal data of a subject without their consent, the practitioner might rely on a lawful basis that is:

a) The Right to Investigate Fraud

b) Legitimate Interest

c) The Basics of Legitimate Rights

d) The Right of Basic Interest

e) Interested Party Authority

An OSINT practitioner needs a Lawful Basis for the authority to

a) start an OSNT investigation

b) process Personally Identifiable Information

c) comply with The Data Protection Act 1998

d) get an exemption for an OSINT investigation

e) none of the above

You have been asked by your HR department to 'check out the social media' of a prospective employee. The GDPR Exemption you will rely on for lawful processing of their PII, is:

a) a Contract between the parties

b) Public Task

c) Vital Interests

d) Legitimate Interests

e) None of the above

The PII of a subject that is good to have in the instruction, at the start of an investigation is ...?]

a) name

b) e-mail address

c) mobile number

d) date of birth

e) all of the above

Which resource has the capability to obfuscate a user's internet finger print?

a) A VPN

b) An Anonymiser or Proxy

c) A Mobile Proxy

d) An Agent Switcher

e) All of the above

A VPN will obfuscate an OSINT practitioner's internet footprint. It should be used when processing ..

a) Facebook

b) YouTube

c) X (Twitter)

d) A website

e) None of the above

A Processing Persona should have..

a) A first name and last name

b) Two e-mail addresses

c) A Date of Birth

d) A Vanity Name

e) Name of a relative

f) A Photo or Avatar

To enhance the security of a VPN connection, you should...?

a) install an anti-virus application

b) delete the default network settings

c) apply the DNS of the VPN provider to your network settings

d) contact with the VPN provider to acquire a dedicated gateway (IP address)

e) none of the above

What is the purpose of a Processing Persona?

a) to protect the identity of the OSINT practitioner

b) to Protect the identity of the organisation that employs the OSINT practitioner

c) to protect the investigation itself

d) all of the above

e) There is no purpose. A Synthetic Identity is illegal and should never be deployed