AIS Chapter 9 – Flashcards

Which of the following is not one of the basic actions that an organization must take to preserve the confidentiality of sensitive information? A) identification of information to be protected B) backing up the information C) controlling access to the information D) training

Classification of confidential information is the responsibility of whom, according to COBIT5? A) external auditor B) information owner C) IT security professionals D) management

Information rights management software can do all of the following except A) limiting access to specific files. B) limit action privileges to a specific time period. C) authenticate individuals accessing information. D) specify the actions individuals granted access to information can perform.

Identify the first step in protecting the confidentiality of intellectual property below. A) Identifying who has access to the intellectual property B) Identifying the means necessary to protect the intellectual property C) Identifying the weaknesses surrounding the creation of the intellectual property D) Identifying what controls should be placed around the intellectual property

In developing policies related to personal information about customers, Folding Squid Technologies adhered to the Trust Services framework. The standard applicable to these policies is A) security. B) confidentiality. C) privacy. D) availability.

Under CAN-SPAM legislation, an organization that receives an opt-out request from an individual has ________ days to implement steps to ensure they do not send out any additional unsolicited e-mail to the individual again. A) 2 B) 5 C) 7 D) 10

Identify the item below which is not a piece of legislation passed to protect individuals against identity theft or to secure individuals' privacy. A) the Health Insurance Portability and Accountability Act B) the Health Information Technology for Economic and Clinical Heath Act C) the Financial Services Modernization Act D) the Affordable Care Act

If an organization asks you to disclose your social security number, yet fails to permit you to opt-out before you provide the information, the organization has likely violated which of the Generally Accepted Privacy Principles? A) Management B) Notice C) Choice and consent D) Use and retention

If an organization asks you to disclose your social security number, but fails to establish a set of procedures and policies for protecting your privacy, the organization has likely violated which of the Generally Accepted Privacy Principles? A) Management B) Notice C) Choice and consent D) Use and retention

If an organization asks you to disclose your social security number, but fails to tell you about its privacy policies and practices, the organization has likely violated which of the Generally Accepted Privacy Principles? A) Management B) Notice C) Choice and consent D) Use and retention

If an organization asks you to disclose your social security number, but decides to use it for a different purpose than the one stated in the organization's privacy policies, the organization has likely violated which of the Generally Accepted Privacy Principles? A) Collection B) Access C) Security D) Quality

If an organization asks you to disclose your date of birth and your address, but refuses to let you review or correct the information you provided, the organization has likely violated which of the Generally Accepted Privacy Principles? A) Collection B) Access C) Security D) Choice and consent

If an organization asks you to disclose your date of birth and your address, but fails to take any steps to protect your private information, the organization has likely violated which of the Generally Accepted Privacy Principles? A) Collection B) Access C) Security D) Quality

If an organization asks you to disclose your date of birth and your address, but fails to establish any procedures for responding to customer complaints, the organization has likely violated which of the Generally Accepted Privacy Principles? A) Collection B) Access C) Security D) Monitoring and enforcement

Which of the following is not true regarding virtual private networks (VPN)? A) VPNs provide the functionality of a privately owned network using the Internet. B) Using VPN software to encrypt information while it is in transit over the Internet in effect creates private communication channels, often referred to as tunnels, which are accessible only to those parties possessing the appropriate encryption and decryption keys. C) It is more expensive to reconfigure VPNs to include new sites than it is to add or remove the corresponding physical connections in a privately owned network. D) The cost of the VPN software is much less than the cost of leasing or buying the infrastructure (telephone lines, satellite links, communications equipment, etc.) needed to create a privately owned secure communications network.

All of the following are associated with asymmetric encryption except A) speed. B) private keys. C) public keys. D) no need for key exchange.

The system and processes used to issue and manage asymmetric keys and digital certificates are known as A) asymmetric encryption. B) certificate authority. C) digital signature. D) public key infrastructure.

Identify one weakness of encryption below. A) Encrypted packets cannot be examined by a firewall. B) Encryption provides for both authentication and non-repudiation. C) Encryption protects the privacy of information during transmission. D) Encryption protects the confidentiality of information while in storage.

Using a combination of symmetric and asymmetric key encryption, Sofia Chiamaka sent a report to her home office in Bangalore, India. She received an e-mail acknowledgement that her report had been received, but a few minutes later she received a second e-mail that contained a different hash total than the one associated with her report. This most likely explanation for this result is that A) the public key had been compromised. B) the private key had been compromised. C) the symmetric encryption key had been compromised. D) the asymmetric encryption key had been compromised.

Encryption has a remarkably long and varied history. The invention of writing was apparently soon followed by a desire to conceal messages. One of the earliest methods, attributed to an ancient Roman emperor, was the simple substitution of numbers for letters, for example A = 1, B = 2, etc. This is an example of A) a hashing algorithm. B) symmetric key encryption. C) asymmetric key encryption. D) a public key.

An electronic document that certifies the identity of the owner of a particular public key. A) asymmetric encryption B) digital certificate C) digital signature D) public key

Which systems use the same key to encrypt communications and to decrypt communications? A) asymmetric encryption B) symmetric encryption C) hashing encryption D) public key encryption

These are used to create digital signatures. A) asymmetric encryption and hashing B) hashing and packet filtering C) packet filtering and encryption D) symmetric encryption and hashing

Information encrypted with the creator's private key that is used to authenticate the sender is A) asymmetric encryption. B) digital certificate. C) digital signature. D) public key.

Which of the following is not one of the three important factors determining the strength of any encryption system? A) key length B) key management policies C) encryption algorithm D) privacy

A process that takes plaintext of any length and transforms it into a short code. A) asymmetric encryption B) encryption C) hashing D) symmetric encryption

Which of the following descriptions is not associated with symmetric encryption? A) a shared secret key B) faster encryption C) lack of authentication D) separate keys for each communication party

Encryption has a remarkably long and varied history. Spies have been using it to convey secret messages ever since there were secret messages to convey. One powerful method of encryption uses random digits. Two documents are prepared with the same random sequence of numbers. The spy is sent out with one and the spy master retains the other. The digits are used as follows. Suppose that the word to be encrypted is SPY and the random digits are 352. Then S becomes V (three letters after S), P becomes U (five letters after P), and Y becomes A (two letters after Y, restarting at A after Z). The spy would encrypt a message and then destroy the document used to encrypt it. This is an early example of A) a hashing algorithm. B) asymmetric key encryption. C) symmetric key encryption. D) public key encryption.

One way to circumvent the counterfeiting of public keys is by using A) a digital certificate. B) digital authority. C) encryption. D) cryptography.

n a private key system the sender and the receiver have ________, and in the public key system they have ________. A) different keys; the same key B) a decrypting algorithm; an encrypting algorithm C) the same key; two separate keys D) an encrypting algorithm; a decrypting algorithm

Asymmetric key encryption combined with the information provided by a certificate authority allows unique identification of A) the user of encrypted data. B) the provider of encrypted data. C) both the user and the provider of encrypted data. D) either the user or the provider of encrypted data.