BIS Chp 12 – Flashcards
Unlock all answers in this set
Unlock answersquestion
1) Which of the following is an example of a security threat resulting from malicious human activity? A) an employee who misunderstands operating procedures B) an employee who accidentally deletes customer records C) an employee who inadvertently installs an old database on top of the current one D) an employee who intentionally destroys data or other system components
answer
D) an employee who intentionally destroys data or other system components
question
2) A person calls the Draper residence and pretends to represent a credit card company. He asks Mrs. Draper to confirm her credit card number. This is an example of ________. A) hacking B) phishing C) pretexting D) sniffing
answer
C) pretexting
question
3) Which of the following is a synonym for phishing? A) drive-by sniffing B) e-mail spoofing C) IP spoofing D) system hacking
answer
B) e-mail spoofing
question
4) ________ simply take computers with wireless connections through an area and search for unprotected wireless networks. A) Drive-by sniffers B) Spoofers C) Hackers D) Phishers
answer
A) Drive-by sniffers
question
5) An employee carelessly releases proprietary data to the media. This is a case of ________ resulting from ________. A) loss of infrastructure; human error B) unauthorized data disclosure; human error C) loss of infrastructure; malicious activity D) unauthorized data disclosure; malicious activity
answer
B) unauthorized data disclosure; human error
question
) A ________ pretends to be a legitimate company and sends emails requesting confidential data. A) hacker B) phisher C) drive-by sniffer D) sniffer
answer
B) phisher
question
7) Mark recently received an email from what appeared to be a legitimate company, asking him to update and verify his credit card details. Unknowingly, he obliged and later realized that the information had been misused. Mark is a victim of ________. A) hacking B) phishing C) pretexting D) sniffing
answer
B) phishing
question
8) ________ is a technique for intercepting computer communications. A) Spoofing B) Hacking C) Pretexting D) Sniffing
answer
D) Sniffing
question
9) ________ occur when bogus services flood a Web server. A) Spoofing attacks B) Hacking attacks C) Phishing attacks D) DOS attacks
answer
D) DOS attacks
question
10) Some unauthorized programs are able to ________ legitimate systems and substitute their own processing. A) usurp B) spoof C) hack D) flood
answer
A) usurp
question
11) ________ occurs when a person gains unauthorized access to a computer system. A) Usurpation B) Spoofing C) Hacking D) Phishing
answer
C) Hacking
question
12) A problem in a customer billing system that occurs due to errors made during software installation is a case of ________ resulting from ________. A) faulty service; human error B) distributed denial of service; malicious activity C) faulty service; malicious activity D) distributed denial of service; human error
answer
A) faulty service; human error
question
13) ________ is an example of a data safeguard against security threats. A) Application design B) Backup and recovery C) Accountability D) Procedure design
answer
B) Backup and recovery
question
14) Which of the following is a human safeguard against security threats? A) backup B) firewalls C) physical security D) procedure design
answer
D) procedure design
question
15) Which of the following is a technical safeguard against security threats? A) passwords B) backup and recovery C) compliance D) identification and authorization
answer
D) identification and authorization
question
16) A user name ________ a user. A) authenticates B) identifies C) conceals D) encrypts
answer
B) identifies
question
17) A password ________ a user. A) authenticates B) identifies C) conceals D) encrypts
answer
A) authenticates
question
18) Users of smart cards are required to enter a ________ to be authenticated. A) PIN B) password C) biometric detail D) key
answer
A) PIN
question
19) A(n) ________ card has a microchip on it that is loaded with identifying data. A) USB B) biometric C) smart D) encryption
answer
C) smart
question
20) ________ use(s) personal physical characteristics such as fingerprints, facial features, and retinal scans to verify users. A) Passwords B) Smart cards C) Biometric authentication D) Personal identification numbers
answer
C) Biometric authentication
question
21) ________ is the process of transforming clear text into coded, unintelligible text for secure storage or communication. A) Usurpation B) Authentication C) Standardization D) Encryption
answer
D) Encryption
question
22) Which of the following steps of the Secure Socket Layer is NOT true? A) The computer obtains the public key of the website to which it will connect. B) The computer generates a key for symmetric encryption. C) The computer encodes that key using the Web site's public key. D) The Web site decodes the symmetric key using its public key.
answer
D) The Web site decodes the symmetric key using its public key.
question
23) A(n) ________ sits outside the organizational network and is the first device that Internet traffic encounters. A) internal firewall B) perimeter firewall C) packet-filtering firewall D) malware firewall
answer
B) perimeter firewall
question
24) ________ firewalls can prohibit outsiders from starting a session with any user behind the firewall. A) Perimeter B) Internal C) Packet-filtering D) Malware
answer
C) Packet-filtering
question
25) The program code that causes unwanted activity is called the ________. A) key escrow B) metadata C) widget D) payload
answer
D) payload
question
26) The broadest definition of ________ includes viruses, worms, Trojan horses, spyware, and adware. A) malware B) metadata C) software D) widgets
answer
A) malware
question
27) Which of the following are malware masquerading as useful programs? A) macro viruses B) trojan horses C) worms D) payloads
answer
B) trojan horses
question
28) What is the similarity between adware and spyware? A) Both masquerade as useful programs. B) Both are specifically programmed to spread. C) Both are installed without user's permission. D) Both are used to steal data.
answer
C) Both are installed without user's permission.
question
29) ________ are the patterns that exist in malware code and should be downloaded and updated frequently. A) Data safeguards B) Patches C) Antivirus scans D) Malware definitions
answer
D) Malware definitions
question
30) Organizations should protect sensitive data by storing it in ________ form. A) digital B) standardized C) encrypted D) authenticated
answer
C) encrypted
question
31) Because encryption keys can get lost or destroyed, a copy of the key should be stored with a trusted third party. This safety procedure is sometimes called ________. A) key escrow B) white hat C) key encryption D) biometric authentication
answer
A) key escrow
question
32) Which of the following is an example of a data safeguard? A) application design B) dissemination of information C) physical security D) malware protection
answer
C) physical security
question
33) Which of the following statements is true regarding position sensitivity? A) It is a type of data safeguard. B) It enables security personnel to prioritize their activities in accordance with the possible risk and loss. C) It is documented only for high-sensitivity positions. D) It applies to new employees only
answer
B) It enables security personnel to prioritize their activities in accordance with the possible risk and loss.
question
34) Enforcement of security procedures and policies consists of three interdependent factors: ________. A) centralized reporting, preparation, and practice B) account administration, systems procedures, and security monitoring C) separation of duties, least privilege, and position sensitivity D) responsibility, accountability, and compliance
answer
D) responsibility, accountability, and compliance
question
35) In terms of password management, when an account is created, users should ________. A) create two passwords and switch back and forth between those two B) immediately change the password they are given to a password of their own C) maintain the same password they are given for all future authentication purposes D) ensure that they do not change their passwords frequently, thereby reducing the risk of password loss
answer
B) immediately change the password they are given to a password of their own
question
36) Typically, a help-desk information system has answers to questions that only a true user would know, such as the user's birthplace, mother's maiden name, or last four digits of an important account number. This information ________. A) allows help-desk representatives to create new passwords for users B) reduces the strength of the security system C) protects the anonymity of a user D) helps authenticate a user
answer
D) helps authenticate a user
question
37) Activity log analysis is an important ________ function. A) account administration B) security monitoring C) backup D) data administration
answer
B) security monitoring
question
38) ________ are remote processing centers run by commercial disaster-recovery services. A) Cold sites B) Web browsers C) Hot sites D) Backup centres
answer
C) Hot sites
question
39) Every organization should have a(n) ________ as part of the security program, which should include how employees are to react to security problems, whom they should contact, the reports they should make, and steps they can take to reduce further loss. A) key escrow B) smart card C) human safeguard plan D) incident-response plan
answer
D) incident-response plan
question
40) Which of the following is true regarding an incident-response plan? A) The plan should provide decentralized reporting of all security incidents. B) The plan should require minimal training on the part of employees. C) The plan should identify critical personnel and their off-hours contact information. D) The plan should be simple enough to ensure a fast response with limited practice.
answer
C) The plan should identify critical personnel and their off-hours contact information.
question
Pretexting occurs when someone deceives by pretending to be someone else.
answer
true
question
) Sniffing is usually initiated via email
answer
false
question
Incorrectly increasing a customer's discount is an example of incorrect data modification.
answer
true
question
System errors are not caused by human error.
answer
false
question
Denial-of-service attacks are caused by human error, not malicious intent.
answer
false
question
Senior management has two critical security functions: overall policy and risk management.
answer
true
question
Malware protection is an example of a technical safeguard
answer
true
question
Creating backup copies of database contents is a technical safeguard
answer
false
question
Technical safeguards include passwords and encryption
answer
false
question
Technical safeguards involve just the software components of an information system
answer
false
question
Smart cards are convenient and easy to use since they don't require a PIN number for authentication
answer
false
question
A criticism against biometric authentication is that it provides weak authentication
answer
false
question
Most secure communication over the Internet uses a protocol called HTTP
answer
false
question
Viruses, worms, and Trojan horses are types of firewalls.
answer
false
question
Internal firewalls sit outside the organizational network
answer
false
question
Packet-filtering firewalls examine each part of a message and determine whether to let that part pass
answer
true
question
Perimeter firewalls are the simplest type of firewalls
answer
false
question
The existence of spyware is generally unknown to the user
answer
true
question
Most spyware is benign in that it does not perform malicious acts or steal data
answer
false
question
Once a backup of database contents is made, it is safe to assume that the database is protected
answer
false
question
In the context of human safeguards against security threats, the security sensitivity for each position should be documented
answer
true
question
The existence of accounts that are no longer necessary do not pose a serious security threat
answer
false
question
Backup procedures for system users include backing up Web site resources, databases, administrative data, account and password data, and other data
answer
false
question
Following a disaster, hot sites provide office space, but customers themselves must provide and install the equipment needed to continue operations
answer
false
question
) Every organization must have an incident-response plan that allows for decentralized reporting of all security incidents
answer
false