Chapter 14: Risks, Security, and Disaster Recovery Essay

question

1. In blackouts, the voltage of the power decreases, or very short interruptions occur in the flow of power. a. True b. False
answer

false
question

2. In recent years, identity theft has been more prevalent as part of phishing. a. True b. False
answer

true
question

3. Computer viruses are so named because they act on programs and data in a fashion similar to the way viruses act on living tissue. a. True b. False
answer

true
question

4. Unintentional damage to software occurs because of poor training, lack of adherence to simple backup procedures, or simple human error. a. True b. False
answer

true
question

5. Bots are implemented not only for access but also to implement policies and ensure that nonsensical data is not entered into corporate databases. a. True b. False
answer

false
question

6. Controls translate business policies into system features. a. True b. False
answer

true
question

7. Information System managers discourage users from frequently changing their passwords. a. True b. False
answer

false
question

8. Several manufacturers of computer equipment offer individual keyboard-embedded and mouse-embedded fingerprint devices. a. True b. False
answer

true
question

9. The purpose of using atomic transactions is to ensure encrypting of all appropriate files. a. True b. False
answer

false
question

10. The best defense against unauthorized access to systems over the Internet is a firewall. a. True b. False
answer

true
question

11. With encryption, the original, unencrypted message is called ciphertext. a. True b. False
answer

false
question

12. Symmetric encryption is also called “publickey” encryption. a. True b. False
answer

false
question

13. A protocol called Transport Layer Security (TLS) is used for transactions on the Web. a. True b. False
answer

true
question

14. A digital certificate associates a user’s identity with the user’s public key. a. True b. False
answer

true
question

15. With single sign-on, users are required to identify themselves every time they access each of several different systems. a. True b. False
answer

false
question

16. Encryption slows down communication because the software must encrypt and decrypt every message. a. True b. False
answer

tru
question

17. Companies that choose not to fully develop their own recovery plan can outsource it to companies that specialize in either disaster recovery planning or provision of alternative sites. a. True b. False
answer

true
question

18. To aid in business recovery, copies of applications are usually kept in a safe place to replace those that get damaged. a. True b. False
answer

true
question

19. Redundancies increase expected downtime in business information systems. a. True b. False
answer

false
question

20. The greater the number of interdependent systems, the greater the expected downtime. a. True b. False
answer

true
question

21. In , the voltage of the power decreases, or there are very short interruptions in the flow of power. a. brownouts b. blackouts c. keystroke logging d. spear phishing
answer

brownouts
question

22. software records individual keystrokes. a. Clickstream b. Keylogging c. Honeytoken d. Public-key encryption
answer

Keylogging
question

23. A con artist telephones an employee, pretends to be from his own organization’s IT unit, and says he must have the employee’s password to fix a problem. This is an example of . a. social pathology b. data encryption c. social engineering d. data mining
answer

social engineering
question

24. A is a bogus record in a networked database that neither employees nor business partners would ever access for legitimate purposes. a. canary trap b. phish c. flame d. honeytoken
answer

honeytoken
question

25. A is a type of malware that spreads in a network without human intervention. a. logic bomb b. trapdoor c. worm d. Trojan horse
answer

worm
question

26. A is a server with invalid records set up to make intruders think they have accessed a production database. a. honeytoken b. phish c. bogus server d. honeypot
answer

honeypot
question

27. In , criminals use personal information to attack organizational systems. a. hijacking b. spear phishing c. spamming d. penetration testing
answer

spear phishing
question

28. occurs when a website receives an overwhelming number of information requests, such as merely logging on to a site. a. Denial of service (DoS) b. Hijacking c. Global attack d. Meet-in-the-middle (MITM)
answer

Denial of service (DoS)
question

29. a computer means using some or all of the resources of a computer linked to a public network without the consent of its owner. a. Hijacking b. Bit flipping c. Phishing d. Auditing
answer

hijacking
question

30. Hijacking is carried out by surreptitiously installing a small program called a on a computer. a. mine b. bot c. sinkhole d. trapdoor
answer

bot
question

is a set of disks that is programmed to replicate stored data to provide a higher degree of reliability. a. SSP b. CIFS c. RAID d. SAN
answer

RAID
question

32. are measures taken to ensure that only those who are authorized can use a computer or network or to certain applications or data. a. Near field communication b. Honeytokens c. Code reviews d. Access controls
answer

Access controls
question

(n) is a set of indivisible transactions that are either all executed or none are—never only some. a. long-running transaction b. ready-copy-update transaction c. biometric transaction d. atomic transaction
answer

atomic transaction
question

34. Sometimes a(n) is automatically created using data, such as the date and time of a transaction or the name or password of the user updating the file. a. atomic transaction b. audit trail c. denial of service d. global transaction
answer

audit trail
question

35. To increase security, some companies implement the approach. a. demilitarized zone b. denial of service c. atomic transaction d. boarding key
answer

demilitarized zone
question

36. A represents another server for all information requests from resources inside the trusted network. a. proxy server b. honeypot server c. DNS server d. bogus server
answer

proxy server
question

37. Coding a message into a form unreadable to an interceptor is called . a. classification b. encryption c. modulation d. demodulation
answer

encryption
question

38. With encryption, the coded message is called . a. plaintext b. privatetext c. ciphertext d. publictext
answer

ciphertext
question

39. _____ encryption is defined as encryption that comprises two keys: a public key, and a private key. a. Parallel b. Asymmetric c. Cascade d. Super
answer

Asymmetric
question

40. is the secure version of HTTP. a. SHTTP b. HTMLSec c. HTTPS d. HTMLS
answer

HTTPS
question

41. An issuer of digital certificates is called a . a. certificate dealer (CD) b. certificate bank (CB) c. certificate authority (CA) d. certificate warehouse (CW)
answer

certificate authority (CA
question

42. is a security measure in which users are required to identify themselves only once before accessing several different systems which are linked through a network. a. Digital footprint b. SP (single password) c. Multiple encryption d. SSO (single sign-on)
answer

SSO (single sign-on)
question

43. CIOs often cite as an effective way to bring down the amount of work their subordinates must do. a. secure sockets layer (SSL) b. security assertion markup language (SAML) c. mandatory access control (MAC) d. single sign-on (SSO)
answer

single sign-on (SSO)
question

44. The , as it is popularly known, gives law enforcement agencies surveillance and wiretapping rights they did not have before 2001. a. PATRIOT Act b. Civil Contingencies Act c. National Security Act d. Domestic Security Enhancement Act
answer

PATRIOT Act
question

45. When tapping communications, law enforcement agencies need the cooperation of a third party such as a(n) . a. internet service provider (ISP) b. sell side platform (SSP) c. website d. systems developer
answer

internet service provider
question

46. , those without which the business cannot conduct its operations, are given the highest priority by the disaster recovery coordinator. a. Backup applications b. Customer applications c. Mission-critical applications d. Recovery applications
answer

Mission-critical application
question

47. CIOs often find the tasks of earmarking funds for difficult because they cannot show the return on investment (ROI) of such planning. a. backup programs b. disaster recovery programs c. archival programs d. database security programs
answer

disaster recovery programs
question

48. To determine how much security is enough security, experts are employed to estimate the cost and of damages, as well as the cost of security measures. a. impact b. probabilities c. effect d. causes
answer

probabilities
question

49. Managers should focus on the asset they must protect, which in most cases is , not applications. a. hardware b. software c. information d. systems
answer

information
question

50. Experience in certain systems, such as ERP and SCM systems, can teach the IT staff for how many minutes or seconds per year the system is likely to fail. a. operating b. developing c. maintaining d. archiving
answer

operating
question

—-, the time during which ISs or data are not available in the course of conducting business, has become a dreaded situation for almost every business worldwide.
answer

downtime
question

— are total losses of electrical power.
answer

blackouts
question

53. To ensure against interruptions in power supply, organizations use —-systems, which provide an alternative power supply for a short time, as soon as a power network fails.
answer

uninterruptible power supply (UPS)
question

54. Once criminals have a person’s identifying details, such as a Social Security number, driver’s license number, or credit-card number, they can pretend to be this person, which is a crime called .—–
answer

identity theft
question

55. In computer terms, a(n)p—- is any virus disguised as legitimate software or useful software that contains a virus.
answer

trojan horse
question

56. A(n)—- is software that is programmed to cause damage at a specified time to specific applications and data files.
answer

logic bomb
question

57. Perpetrators use other people’s computers in distributed denial-of-service (DDoS) attacks. Professionals call such computers— .
answer

zombies
question

58.—- are constraints and other restrictions imposed on a user or a system, and they can be used to secure systems against risks or to reduce damage caused to systems, applications, and data.
answer

controls
question

59. Probably the easiest way to protect against loss of data is to automatically duplicate all data periodically, a process referred to as data _____.
answer

backup
question

60. A(n)—- characteristic is a unique physical, measurable characteristic of a human being that is used to identify a person.
answer

biometric
question

62. A professional whose job it is to find erroneous or fraudulent cases and investigate them is known as a(n)—- .
answer

information systems auditor
question

63. — is the process of ensuring that senders and receivers of messages are indeed who they claim to be.
answer

authentication
question

64. When both the sender and recipient use the same secret key, the technique is called—– .
answer

symmetric encryption
question

61. A(n) —– is a series of documented facts that help detect who recorded which transactions, at what time, and under whose approval.
answer

audit trail
question

65. A(n) —– is a way to authenticate online messages, analogous to a physical signature on a piece of paper, but implemented with public-key cryptography.
answer

digital signature
question

66. —- are computer files that serve as the equivalent of ID cards by associating one’s identity with one’s public key.
answer

digital certificates
question

67. To prepare for mishaps, either natural or malicious, many organizations have well-planned programs in place, called_____.
answer

business recovery plans
question

68. —- provide backup and operation facilities to which a client’s employees can move and continue operations in case of a disaster.
answer

hot sites
question

69. The cost of damage is the aggregate of all the potential damages multiplied by their respective—- .
answer

probabilities
question

70. Hardware or software that blocks access to computing resources is called a(n) — .
answer

firewall
question

45. When tapping communications, law enforcement agencies need the cooperation of a third party such as a(n) . a. internet service provider (ISP) b. sell side platform (SSP) c. website d. systems developer
answer

internet service provider

Get instant access to
all materials

Become a Member