Chapter 12 MC – Flashcards
Unlock all answers in this set
Unlock answersquestion
A ________ is a person or an organization that seeks to obtain or alter data or other IS assets illegally, without the owner's permission and often without the owner's knowledge.
A) target
B) vulnerability
C) threat
D) key escrow
answer
threat
question
Which of the following is considered a threat caused by human error?
A) an employee inadvertently installs an old database on top of the current one
B) an employee intentionally destroys data and system components
C) a virus and worm writer infects computer systems
D) a hacker breaks into a system to steal for financial gain
answer
an employee inadvertently installs an old database on top of the current one
question
Which of the following is considered a computer crime?
A) deletion of records by an employee who is unaware of operating procedures
B) poorly written programs resulting in data losses
C) loss of data as a result of flooding
D) hacking of information systems
answer
hacking of information systems
question
________ occurs when someone deceives by pretending to be someone else.
A) Hacking
B) Usurping
C) Sniffing
D) Pretexting
answer
Pretexting
question
When referring to security threats, pretexting, sniffing, spoofing, and phishing are all examples of ________.
A) unauthorized data disclosure
B) incorrect data modification
C) faulty services
D) loss of infrastructure
answer
unauthorized data disclosure
question
A ________ pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, Social Security numbers, account passwords, and so forth.
A) hacker
B) phisher
C) safeguard
D) sniffer
answer
phisher
question
Email spoofing is a synonym for ________.
A) hacking
B) phishing
C) usurping
D) sniffing
answer
phishing
question
________ is a technique for intercepting computer communications, either through a physical connection to a network or without a physical connection in the case of wireless networks.
A) Spoofing
B) Phishing
C) Sniffing
D) Pretexting
answer
Sniffing
question
________ take computers with wireless connections through an area and search for unprotected wireless networks and then monitor and intercept wireless traffic at will.
A) Keyloggers
B) Pretexters
C) Drive-by sniffers
D) Phishers
answer
Drive-by sniffers
question
Which of the following is an example of a sniffing technique?
A) IP spoofing
B) caches
C) denial of service
D) adware
answer
adware
question
________ occurs when a person breaks into a network to steal data such as customer lists, product inventory data, employee data, and other proprietary and confidential data.
A) Pretexting
B) Phishing
C) Hacking
D) Spoofing
answer
Hacking
question
Which of the following is most likely to be a result of hacking?
A) certain Web sites being censored for hurting sentiments
B) small amounts of spam in a user's inbox
C) an unauthorized transaction from a user's credit card
D) pop-up ads appearing frequently
answer
an unauthorized transaction from a user's credit card
question
________ occurs through human error when employees do not follow proper procedures or when procedures have not been well designed.
A) Unauthorized data disclosure
B) Incorrect data modification
C) Denial of service
D) Loss of infrastructure
answer
Incorrect data modification
question
________ is the type of security loss that involves computer criminals invading a computer system and replacing legitimate programs with their own unauthorized ones that shut down legitimate applications and substitute their own processing to spy, steal, and manipulate data.
A) Encryption
B) Spoofing
C) Phishing
D) Usurpation
answer
Usurpation
question
Which of the following usually happens in a malicious denial-of-service attack?
A) a hacker monitors and intercepts wireless traffic at will
B) a hacker floods a Web server with millions of bogus service requests
C) an intruder uses another site's IP address to masquerade as that other site
D) a phisher pretends to be a legitimate company and requests confidential data
answer
a hacker floods a Web server with millions of bogus service requests
question
________ present the largest risk for an organization's infrastructure loss.
A) Employees
B) Natural disasters
C) Hackers
D) Competitors
answer
Natural disasters
question
Which of the following statements is true about losses due to computer security threats?
A) Surveys on computer crimes provide accurate results since they use standard parameters to measure and tally computer crime costs.
B) Some organizations don't report all their computer crime losses, and some won't report such losses at all.
C) Losses due to natural disasters can be measured accurately.
D) Losses due to human error are insignificant.
answer
Some organizations don't report all their computer crime losses, and some won't report such losses at all.
question
A(n) ________ is a computer program that senses when another computer is attempting to scan the disk or otherwise access a computer.
A) intrusion detection system
B) keylogger
C) botnet
D) access control system
answer
intrusion detection system
question
Nonword passwords are vulnerable to a ________ attack, in which the password cracker tries every possible combination of characters.
A) denial-of-service
B) sniffing
C) brute force
D) phishing
answer
brute force
question
________ are small files that the browser stores on the user's computer when he/she visits Web sites and enables him/her to access Web sites without having to sign in every time.
A) Cookies
B) Botnets
C) Payloads
D) Public keys
answer
Cookies
question
Removing and disabling ________, which may contain sensitive security data, presents an excellent example of the trade-off between improved security and cost.
A) bookmarks
B) pop-ups
C) cookies
D) toolbars
answer
cookies
question
Which of the following is a critical security function that the senior management should address in an organization?
A) sharing the private key with all systems connected to the network
B) creating IS security software programs
C) establishing the security policy
D) avoiding the use of perimeter firewalls
answer
establishing the security policy
question
In information security, which of the following is true of managing risk?
A) All organizations except financial institutions should invest heavily in security safeguards.
B) Organizations should implement safeguards that balance the trade-off between risk and cost.
C) Passwords are classified under the technical safeguards category.
D) Physical security is classified under the human safeguards category.
answer
Organizations should implement safeguards that balance the trade-off between risk and cost.
question
Which of the following was passed to give individuals the right to access their own health data created by doctors and other healthcare providers?
A) the Privacy Act of 1974
B) the Sarbanes-Oxley Act
C) the HIPAA of 1996
D) the Gramm-Leach-Bliley Act
answer
the HIPAA of 1996
question
Which of the following is classified as a technical safeguard?
A) cookies
B) firewalls
C) key escrow
D) passwords
answer
firewalls
question
A(n) ________ has a microchip in it to hold data.
A) ATM card
B) smart card
C) cookie
D) key escrow
answer
smart card
question
Users of smart cards are required to enter a ________ to be authenticated.
A) Social Security number
B) public key
C) personal identification number
D) private key
answer
personal identification number
question
Which of the following is used for biometric authentication?
A) smart cards
B) facial features
C) passwords
D) personal identification numbers
answer
facial features
question
Which of the following statements is true of biometric identification?
A) It involves the use of a PIN for authentication.
B) It provides weak authentication.
C) It is a relatively inexpensive mode of authentication.
D) It often faces resistance from users for its invasive nature
answer
It often faces resistance from users for its invasive nature.
question
A ________ is a number used to encrypt data.
A) key
B) honeypot
C) cookie
D) cache
answer
key
question
) In asymmetric encryption, each site has a ________ for encoding messages.
A) botnet
B) private key
C) public key
D) cookie
answer
public key
question
With ________, the sender and receiver transmit a message using different keys.
A) asymmetric encryption
B) block cipher
C) symmetric encryption
D) stream cipher
answer
asymmetric encryption
question
Secure Socket Layer is also known as ________.
A) application layer
B) transport layer security
C) presentation layer
D) network interface layer security
answer
transport layer security
question
Which of the following statements is true of the Secure Socket Layer (SSL)?
A) It uses asymmetric encryption exclusively.
B) It is used to send sensitive data such as credit card numbers.
C) It uses one set of encryption keys for multiple sessions.
D) It is a stronger version of HTTPS
answer
It is used to send sensitive data such as credit card numbers.
question
Mark is transferring funds online through the Web site of a reputed bank. Which of the following will be displayed in the address bar of his browser that will let him know that the bank is using the SSL protocol?
A) ftp
B) www
C) https
D) .com
answer
https
question
A ________ examines each part of a message and determines whether to let that part pass.
A) packet-filtering firewall
B) private key
C) mail server
D) drive-by sniffer
answer
packet-filtering firewall
question
Packet-filtering firewalls ________.
A) can filter both inbound and outbound traffic
B) examine the destination address but not the source address
C) are the most complex type of firewall
D) seldom examine the data or the addresses of the message
answer
can filter both inbound and outbound traffic
question
________ is the term used to denote viruses, worms, and Trojan horses.
A) Malware
B) Cookie
C) Firewall
D) Spam
answer
Malware
question
A virus is a computer program that replicates itself. The program code that causes unwanted activity is called the ________.
A) payload
B) kernel
C) bot herder
D) key escrow
answer
payload
question
________ are viruses that masquerade as useful programs or files.
A) Adware programs
B) Spyware programs
C) Trojan horses
D) Worms
answer
Trojan horses
question
A ________ is a type of virus that propagates using the Internet or other computer networks.
A) worm
B) sniffer
C) Trojan horse
D) phisher
answer
worm
question
________ is similar to spyware but it watches user activity and produces pop-ups.
A) A cookie
B) Adware
C) A payload
D) Shareware
answer
Adware
question
Which of the following is likely to be accepted by a poorly designed application, leading to improper disclosure of data?
A) public key
B) asymmetric encryption
C) key escrow
D) SQL injection
answer
SQL injection
question
________ refers to an organization-wide function that is in charge of developing data policies and enforcing data standards.
A) Data administration
B) Authentication
C) Usurpation
D) Data encryption
answer
Data administration
question
________ is a function pertaining to a particular database that develops procedures and practices to control and protect the database.
A) Data encryption
B) Database administration
C) Data authentication
D) Database normalization
answer
Database administration
question
Which of the following statements is true of data administration?
A) It is a line function to the chief information officer.
B) It merely involves developing data policies.
C) It applies to individual units and not to the entire organization.
D) It is involved in establishing data safeguards.
answer
It is involved in establishing data safeguards.
question
Key escrow is a(n) ________.
A) protocol used to secure communication over the internet
B) safety procedure that allows a trusted party to have a copy of the encryption key
C) device that prevents unauthorized network access
D) encryption algorithm that uses both public and private keys
answer
safety procedure that allows a trusted party to have a copy of the encryption key
question
________ protect databases and other organizational data.
A) Cookies
B) Payloads
C) Data safeguards
D) Data strings
answer
Data safeguards
question
The computers that run the DBMS and all devices that store database data should reside in locked, controlled-access facilities. This is done to ________.
A) stop SQL injection attacks
B) protect against email spoofing
C) prevent brute force attacks
D) provide physical security
answer
provide physical security
question
Which of the following statements is true with regard to human safeguards?
A) System administrators should retain user accounts after an employee has been terminated.
B) All employees must be provided with uniform, general training on security, regardless of their position's sensitivity.
C) Documenting position sensitivity enables security personnel to prioritize their activities based on possible risk.
D) Holding public users of Web sites accountable for security violations is quite easy and inexpensive.
answer
Documenting position sensitivity enables security personnel to prioritize their activities based on possible risk.
question
________ involve the people and procedure components of information systems.
A) Firewalls
B) Technical safeguards
C) Human safeguards
D) Payloads
answer
Human safeguards
question
Which of the following statements is true about human safeguards for employees?
A) Security screening in an organization is a one-time process and applies only to new employees.
B) User accounts should be defined to give users the least possible privilege necessary to perform their jobs.
C) Companies should provide user accounts and passwords to employees prior to their security training.
D) System administrators should retain user accounts after an employee has been terminated.
answer
User accounts should be defined to give users the least possible privilege necessary to perform their jobs.
question
When an employee is terminated, IS administrators should receive advance notice so that they can ________.
A) destroy the employee's records
B) plan for new recruitment
C) disseminate information
D) remove the user account and password
answer
remove the user account and password
question
________ a Web site means to take extraordinary measures to reduce a system's vulnerability, using special versions of the operating system.
A) Pretexting
B) Hardening
C) Phishing
D) Spoofing
answer
Hardening
question
The process of hardening a Web site is a ________ safeguard.
A) political
B) financial
C) technical
D) physical
answer
technical
question
________ are the primary means of authentication and are important not just for access to a user's computer, but also for authentication to other networks and servers to which the user may have access.
A) Private keys
B) User names
C) Passwords
D) Personal identification numbers
answer
Passwords
question
Which of the following systems procedures is specifically the responsibility of operations personnel?
A) writing software program codes
B) using systems to perform job tasks
C) creating back up of system databases
D) knowing whom to contact when a security breach occurs
answer
creating back up of system databases
question
________ involves accomplishing job tasks during failure.
A) Authentication
B) Hardening
C) Usurpation
D) Recovery
answer
Recovery
question
Firewalls produce ________ which include lists of all dropped packets, infiltration attempts, and unauthorized access attempts from within the firewall.
A) honeypots
B) blogs
C) activity logs
D) RSS feeds
answer
activity logs
question
________ are false targets for computer criminals to attack.
A) Botnets
B) Hot sites
C) Honeypots
D) Web beacons
answer
Honeypots