Chapter 14: Risks, Security, and Disaster Recovery – Flashcards
Unlock all answers in this set
Unlock answersquestion
1. In blackouts, the voltage of the power decreases, or very short interruptions occur in the flow of power. a. True b. False
answer
false
question
2. In recent years, identity theft has been more prevalent as part of phishing. a. True b. False
answer
true
question
3. Computer viruses are so named because they act on programs and data in a fashion similar to the way viruses act on living tissue. a. True b. False
answer
true
question
4. Unintentional damage to software occurs because of poor training, lack of adherence to simple backup procedures, or simple human error. a. True b. False
answer
true
question
5. Bots are implemented not only for access but also to implement policies and ensure that nonsensical data is not entered into corporate databases. a. True b. False
answer
false
question
6. Controls translate business policies into system features. a. True b. False
answer
true
question
7. Information System managers discourage users from frequently changing their passwords. a. True b. False
answer
false
question
8. Several manufacturers of computer equipment offer individual keyboard-embedded and mouse-embedded fingerprint devices. a. True b. False
answer
true
question
9. The purpose of using atomic transactions is to ensure encrypting of all appropriate files. a. True b. False
answer
false
question
10. The best defense against unauthorized access to systems over the Internet is a firewall. a. True b. False
answer
true
question
11. With encryption, the original, unencrypted message is called ciphertext. a. True b. False
answer
false
question
12. Symmetric encryption is also called "publickey" encryption. a. True b. False
answer
false
question
13. A protocol called Transport Layer Security (TLS) is used for transactions on the Web. a. True b. False
answer
true
question
14. A digital certificate associates a user's identity with the user's public key. a. True b. False
answer
true
question
15. With single sign-on, users are required to identify themselves every time they access each of several different systems. a. True b. False
answer
false
question
16. Encryption slows down communication because the software must encrypt and decrypt every message. a. True b. False
answer
tru
question
17. Companies that choose not to fully develop their own recovery plan can outsource it to companies that specialize in either disaster recovery planning or provision of alternative sites. a. True b. False
answer
true
question
18. To aid in business recovery, copies of applications are usually kept in a safe place to replace those that get damaged. a. True b. False
answer
true
question
19. Redundancies increase expected downtime in business information systems. a. True b. False
answer
false
question
20. The greater the number of interdependent systems, the greater the expected downtime. a. True b. False
answer
true
question
21. In , the voltage of the power decreases, or there are very short interruptions in the flow of power. a. brownouts b. blackouts c. keystroke logging d. spear phishing
answer
brownouts
question
22. software records individual keystrokes. a. Clickstream b. Keylogging c. Honeytoken d. Public-key encryption
answer
Keylogging
question
23. A con artist telephones an employee, pretends to be from his own organization's IT unit, and says he must have the employee's password to fix a problem. This is an example of . a. social pathology b. data encryption c. social engineering d. data mining
answer
social engineering
question
24. A is a bogus record in a networked database that neither employees nor business partners would ever access for legitimate purposes. a. canary trap b. phish c. flame d. honeytoken
answer
honeytoken
question
25. A is a type of malware that spreads in a network without human intervention. a. logic bomb b. trapdoor c. worm d. Trojan horse
answer
worm
question
26. A is a server with invalid records set up to make intruders think they have accessed a production database. a. honeytoken b. phish c. bogus server d. honeypot
answer
honeypot
question
27. In , criminals use personal information to attack organizational systems. a. hijacking b. spear phishing c. spamming d. penetration testing
answer
spear phishing
question
28. occurs when a website receives an overwhelming number of information requests, such as merely logging on to a site. a. Denial of service (DoS) b. Hijacking c. Global attack d. Meet-in-the-middle (MITM)
answer
Denial of service (DoS)
question
29. a computer means using some or all of the resources of a computer linked to a public network without the consent of its owner. a. Hijacking b. Bit flipping c. Phishing d. Auditing
answer
hijacking
question
30. Hijacking is carried out by surreptitiously installing a small program called a on a computer. a. mine b. bot c. sinkhole d. trapdoor
answer
bot
question
is a set of disks that is programmed to replicate stored data to provide a higher degree of reliability. a. SSP b. CIFS c. RAID d. SAN
answer
RAID
question
32. are measures taken to ensure that only those who are authorized can use a computer or network or to certain applications or data. a. Near field communication b. Honeytokens c. Code reviews d. Access controls
answer
Access controls
question
(n) is a set of indivisible transactions that are either all executed or none are—never only some. a. long-running transaction b. ready-copy-update transaction c. biometric transaction d. atomic transaction
answer
atomic transaction
question
34. Sometimes a(n) is automatically created using data, such as the date and time of a transaction or the name or password of the user updating the file. a. atomic transaction b. audit trail c. denial of service d. global transaction
answer
audit trail
question
35. To increase security, some companies implement the approach. a. demilitarized zone b. denial of service c. atomic transaction d. boarding key
answer
demilitarized zone
question
36. A represents another server for all information requests from resources inside the trusted network. a. proxy server b. honeypot server c. DNS server d. bogus server
answer
proxy server
question
37. Coding a message into a form unreadable to an interceptor is called . a. classification b. encryption c. modulation d. demodulation
answer
encryption
question
38. With encryption, the coded message is called . a. plaintext b. privatetext c. ciphertext d. publictext
answer
ciphertext
question
39. _____ encryption is defined as encryption that comprises two keys: a public key, and a private key. a. Parallel b. Asymmetric c. Cascade d. Super
answer
Asymmetric
question
40. is the secure version of HTTP. a. SHTTP b. HTMLSec c. HTTPS d. HTMLS
answer
HTTPS
question
41. An issuer of digital certificates is called a . a. certificate dealer (CD) b. certificate bank (CB) c. certificate authority (CA) d. certificate warehouse (CW)
answer
certificate authority (CA
question
42. is a security measure in which users are required to identify themselves only once before accessing several different systems which are linked through a network. a. Digital footprint b. SP (single password) c. Multiple encryption d. SSO (single sign-on)
answer
SSO (single sign-on)
question
43. CIOs often cite as an effective way to bring down the amount of work their subordinates must do. a. secure sockets layer (SSL) b. security assertion markup language (SAML) c. mandatory access control (MAC) d. single sign-on (SSO)
answer
single sign-on (SSO)
question
44. The , as it is popularly known, gives law enforcement agencies surveillance and wiretapping rights they did not have before 2001. a. PATRIOT Act b. Civil Contingencies Act c. National Security Act d. Domestic Security Enhancement Act
answer
PATRIOT Act
question
45. When tapping communications, law enforcement agencies need the cooperation of a third party such as a(n) . a. internet service provider (ISP) b. sell side platform (SSP) c. website d. systems developer
answer
internet service provider
question
46. , those without which the business cannot conduct its operations, are given the highest priority by the disaster recovery coordinator. a. Backup applications b. Customer applications c. Mission-critical applications d. Recovery applications
answer
Mission-critical application
question
47. CIOs often find the tasks of earmarking funds for difficult because they cannot show the return on investment (ROI) of such planning. a. backup programs b. disaster recovery programs c. archival programs d. database security programs
answer
disaster recovery programs
question
48. To determine how much security is enough security, experts are employed to estimate the cost and of damages, as well as the cost of security measures. a. impact b. probabilities c. effect d. causes
answer
probabilities
question
49. Managers should focus on the asset they must protect, which in most cases is , not applications. a. hardware b. software c. information d. systems
answer
information
question
50. Experience in certain systems, such as ERP and SCM systems, can teach the IT staff for how many minutes or seconds per year the system is likely to fail. a. operating b. developing c. maintaining d. archiving
answer
operating
question
----, the time during which ISs or data are not available in the course of conducting business, has become a dreaded situation for almost every business worldwide.
answer
downtime
question
--- are total losses of electrical power.
answer
blackouts
question
53. To ensure against interruptions in power supply, organizations use ----systems, which provide an alternative power supply for a short time, as soon as a power network fails.
answer
uninterruptible power supply (UPS)
question
54. Once criminals have a person's identifying details, such as a Social Security number, driver's license number, or credit-card number, they can pretend to be this person, which is a crime called .-----
answer
identity theft
question
55. In computer terms, a(n)p---- is any virus disguised as legitimate software or useful software that contains a virus.
answer
trojan horse
question
56. A(n)---- is software that is programmed to cause damage at a specified time to specific applications and data files.
answer
logic bomb
question
57. Perpetrators use other people's computers in distributed denial-of-service (DDoS) attacks. Professionals call such computers--- .
answer
zombies
question
58.---- are constraints and other restrictions imposed on a user or a system, and they can be used to secure systems against risks or to reduce damage caused to systems, applications, and data.
answer
controls
question
59. Probably the easiest way to protect against loss of data is to automatically duplicate all data periodically, a process referred to as data _____.
answer
backup
question
60. A(n)---- characteristic is a unique physical, measurable characteristic of a human being that is used to identify a person.
answer
biometric
question
62. A professional whose job it is to find erroneous or fraudulent cases and investigate them is known as a(n)---- .
answer
information systems auditor
question
63. --- is the process of ensuring that senders and receivers of messages are indeed who they claim to be.
answer
authentication
question
64. When both the sender and recipient use the same secret key, the technique is called----- .
answer
symmetric encryption
question
61. A(n) ----- is a series of documented facts that help detect who recorded which transactions, at what time, and under whose approval.
answer
audit trail
question
65. A(n) ----- is a way to authenticate online messages, analogous to a physical signature on a piece of paper, but implemented with public-key cryptography.
answer
digital signature
question
66. ---- are computer files that serve as the equivalent of ID cards by associating one's identity with one's public key.
answer
digital certificates
question
67. To prepare for mishaps, either natural or malicious, many organizations have well-planned programs in place, called_____.
answer
business recovery plans
question
68. ---- provide backup and operation facilities to which a client's employees can move and continue operations in case of a disaster.
answer
hot sites
question
69. The cost of damage is the aggregate of all the potential damages multiplied by their respective---- .
answer
probabilities
question
70. Hardware or software that blocks access to computing resources is called a(n) --- .
answer
firewall
question
45. When tapping communications, law enforcement agencies need the cooperation of a third party such as a(n) . a. internet service provider (ISP) b. sell side platform (SSP) c. website d. systems developer
answer
internet service provider
