Please enter something
Home Page Social Science Economics Finance Accounting Whitelisting and Encryption: True or False?

Whitelisting and Encryption: True or False?

Ken Ericksen
22 July 2021

Unlock all answers in this set

Unlock answers
question
all organizations should have a business continuity plan?
answer
true
question
The most expensive backup strategy is
answer
Hot site
question
Communications controls secure the movement of data across a network
answer
True
question
Whitelisting is more restrictive than blacklisting
answer
true
question
Encryption is the process of converting an original message into a form that cannot be read by anyone except the intended receiver
answer
true
question
Browsers usually provide a visual confirmation of a secure connection
answer
True
question
Competitive intelligence is legal, where industrial espionage is illegal
answer
True
question
There are comparatively few ways in which you can have your identity stolen
answer
True
question
___ attacks use deception to acquire sensitive information by masquerading as official emails
answer
Phishing
question
Zombies and botnets are associated with:
answer
Distributed denial-of-service attack
question
SCADA systems provide link the physical and electronic worlds
answer
true
question
SCADA attacks can cause severe damage to a nation's physical infrastructure, such as its power grid
answer
True
question
Authorization must precede authentication
answer
False
question
Your fingerprint is an example of:
answer
Something you are
question
Verifying processing by checking for known outputs using specific inputs is
answer
Auditing around the computer
question
Using live data is associated most closely with:
answer
Auditing with the computer
question
A(n)___ is the possibility that a system will be harmed by a threat
answer
Vulnerability
question
Today, the skills needed to become a hacker are:
answer
Decreasing
question
MIS and Hr employees pose little threat to information security in a firm
answer
False
question
in a(n) __ attack, the perpetrator tricks an employee into divulging confidential information
answer
Social engineering
question
Organizations perform ____ to ensure that their security programs are cost effective:
answer
Risk analysis
question
Buying insurance would be a form of:
answer
Risk transference
question
The intangible property created by individuals or corporations, which is protected under trade secret, patent, and copyright laws
answer
intellectual property
question
Systems that monitor employees' computers, e-mail activities, and Internet surfing activities
answer
employee monitoring systems
question
Copying a software program (other than freeware, demo software, etc.) without making payment to the owner
answer
piracy
question
The possibility that an information resource will be harmed by a threat.
answer
vulnerability
question
A fully configured computer facility, with all information resources and services, communications links, and physical plant operations, that duplicates your company's computing resources and provides near-real-time recovery of IT operations
answer
hot sites
question
The science and technology of authentication (i.e., establishing the identity of an individual) by measuring the subject's physiologic or behavioral characteristics.
answer
biometrics
question
Alien software that uses your computer as a launch platform for spammers
answer
spamware
question
A process in which a company identifies certain types of software that are not allowed to run in the company environment.
answer
blacklisting
question
The degree of protection against criminal activity, danger, damage, and/or loss.
answer
security
question
War in which a country's information systems could be paralyzed from a massive attack by destructive software.
answer
cyberwarfare
question
Controls that restrict unauthorized individuals from using information resources and are concerned with user identification.
answer
access controls
question
Crime in which someone uses the personal information of others to create a false identity and then uses it for some fraud.
answer
identity theft
question
A backup location that provides only rudimentary services and facilities
answer
cold site
question
A network of computers that have been compromised by, and under control of a hacker, who is called the botmaster.
answer
botnet
question
A process whereby the organization takes concrete actions against risks, such as implementing controls and developing a disaster recovery plan.
answer
risk mitigation
question
Malicious software such as viruses and worms.
answer
malware
question
Clandestine software that is installed on your computer through duplicitous methods.
answer
alien software
question
(see back door)
answer
trap doors
question
The intangible property created by individuals or corporations, which is protected under trade secret, patent, and copyright laws.
answer
intellectual property
question
Alien software that can record your keystrokes and/or capture your passwords.
answer
spyware
question
A process that identifies, controls, and minimizes the impact of threats, in an effort to reduce risk to manageable levels.
answer
risk management
question
A process that encrypts each data packet to be sent and places each encrypted packet inside another packet.
answer
tunneling
question
Defense mechanisms (also called countermeasures).
answer
Controls
question
Alien software designed to help pop-up advertisements appear on your screen.
answer
adware
question
The harm, loss, or damage that can result if a threat compromises an information resource.
answer
exposure
question
Copying a software program (other than freeware, demo software, etc.) without making payment to the owner.
answer
piracy
question
A process that determines which actions, rights, or privileges the person has, based on verified identity
answer
authorization
question
(also called asymmetric encryption) A type of encryption that uses two different keys, a public key and a private key.
answer
public-key encryption
question
Malicious software that can attach itself to (or \"infect\") other computer programs without the owner of the program being aware of the infection.
answer
viruses
question
An examination of information systems, their inputs, outputs, and processing.
answer
audit
question
Systems that monitor employees' computers, e-mail activities, and Internet surfing activities.
answer
employee monitoring systems
question
Controls that deal with the movement of data across networks.
answer
communications controls (also network controls)
question
A software program containing a hidden function that presents a security risk.
answer
Trojan Horse
question
A system (either hardware, software, or a combination of both) that prevents a specific type of information from moving between untrusted networks, such as the Internet, and private networks, such as your company's network.
answer
Firewall
question
A grant that provides the creator of intellectual property with ownership of it for a specified period of time, currently the life of the creator plus 70 years.
answer
copyright
question
A grant that provides the creator of intellectual property with ownership of it for a specified period of time, currently the life of the creator plus 70 years.
answer
authentication
question
Can be defined as a premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence against noncombatant targets by subnational groups or clandestine agents.
answer
cyberterrorism
question
Getting around security systems by tricking computer users inside a company into revealing sensitive information or gaining unauthorized access privileges.
answer
Social Engeneering
question
A separate organizational local area network that is located between an organization's internal network and an external network, usually the Internet.
answer
demilitarized zone (DMZ)
question
Controls that restrict unauthorized individuals from gaining access to a company's computer facilities.
answer
physical controls
question
A document that grants the holder exclusive rights on an invention or process for a specified period of time, currently 20 years.
answer
patent
question
Intellectual work, such as a business plan, that is a company secret and is not based on public information.
answer
Trade secret
question
A strategy in which the organization limits its risk by implementing controls that minimize the impact of a threat.
answer
risk limitation
question
Software packages that attempt to identify and eliminate viruses, worms, and other malicious software.
answer
anti-malware systems (antivirus software)
question
An electronic document attached to a file certifying that this file is from the organization it claims to be from and has not been modified from its original format or content.
answer
digital certificate
question
A third party that acts as a trusted intermediary between computers (and companies) by issuing digital certificates and verifying the worth and integrity of the certificates.
answer
certificate authority
question
A denial-of-service attack that sends a flood of data packets from many compromised computers simultaneously.
answer
distributed denial-of-service (DDoS) attack
question
Protecting an organization's information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
answer
information security
question
A strategy in which the organization accepts the potential risk, continues to operate with no controls, and absorbs any damages that occur.
answer
risk acceptance
question
A site that provides many of the same services and options of the hot site, but does not include the company's applications.
answer
Warm site
question
A process in which a company identifies acceptable software and permits it to run, and either prevents anything else from running or lets new software run in a quarantined environment until the company can verify its validity.
answer
Whitelisting
question
(see communications controls)
answer
network controls
question
Typically a password, known only to the attacker, that allows the attacker to access the system without having to go through any security procedures.
answer
back door
question
Illegal activities executed on the Internet.
answer
cybercrime
question
Small amounts of information that Web sites store on your computer, temporarily or more or less permanently.
answer
cookie
question
A private network that uses a public network (usually the Internet) to securely connect users by using encryption
answer
virtual private network (VPN)
question
(see secure socket layer)
answer
Transport Layer Security (TLS)
question
Destructive programs that replicate themselves without requiring another program to provide a safe environment for replication.
answer
worms
question
A principle that users be granted the privilege for some activity only if there is a justifiable need to grant this authorization.
answer
Least Privilege
question
A computer that has been compromised by, and under the control of, a hacker.
answer
bot
question
(also known as transport layer security) An encryption standard used for secure transactions such as credit card purchases and online banking.
answer
Secure Socket Layer (SSL)
question
A cyber attack in which an attacker sends a flood of data packets to the target computer, with the aim of overloading its resources.
answer
denial-of-service attack
question
The process by which an organization assesses the value of each asset being protected, estimates the probability that each asset might be compromised, and compares the probable costs of each being compromised with the costs of protecting it.
answer
risk analysis
question
Segments of computer code embedded within an organization's existing computer programs.
answer
logic bombs
question
A collection of related computer system operations that can be performed by users of the system.
answer
privilege
question
An attack that uses deception to fraudulently acquire sensitive personal information by masquerading as an official-looking e-mail.
answer
Phishing
question
What is a benefit of backing up data?
answer
It makes restoring data easier
question
A computer threat happens when
answer
a system is exposed in any way.
question
What increases the vulnerability of information?
answer
businesses are more connected
question
What type of network is the Internet considered to be?
answer
untrusted
question
Which employees in a company pose the greatest threat to information security?
answer
IT personnel
question
A human error is described as
answer
a mistake by employees
question
Losing the password to a computer is an example of
answer
human error
question
Social engineering usually involves a(n) _____ act on the part of an attacker.
answer
intentional
question
Identity theft is the main purpose of
answer
Phishing
question
Copyright protection lasts for the life of the creator plus
answer
70 years
question
Unlike a virus, a(n) __________ spreads by itself, without the help of another program.
answer
worm
question
What type of software records continuous monitoring of screen activity?
answer
Screen Scrapor
question
SCADA systems are vulnerable to Stuxnet, which is a type of
answer
worm
question
In what process would a company compare the probable cost of a computer attack to the cost of protecting the system?
answer
Risk analysis
question
What is the first step in any risk analysis process?
answer
calculate the value of what needs protection
question
Minimizing the impact of a computer threat refers to risk _____
answer
limitation
question
Which is an example of an access control?
answer
eye scans
question
Where is a DMZ located?
answer
Between two firewalls
question
_______ identifies a person, but does not determine the person's level of access.
answer
Authentication
question
A(n) ______ information system audit is generally performed by accountants and is the first step in a company's auditing process.
answer
Internal
question
Backup and recovery procedures are recommended only to safeguard against hardware/software failures
answer
False
question
An information systems ____ is the likelihood that the system or resource will be compromised by a ____ that will result in its ____ to further attacks
answer
Vulnerability, threat, exposure
question
Which of the following factors that make information resources more vulnerable to attack can be most easily remedied?
answer
Lack of management control
question
which of the following can be classified as unintentional threats to information systems caused by human errors
answer
Selecting a weak password
question
An unintentional attack in which the perpetrator uses social skills to trick or manipulate a legitimate employee into providing confidential company information is known as:
answer
Social engineering
question
Making and distributing information goods to which you do not own the ___ is referred to as ____
answer
copyright, piracy
question
Whereas phishing attacks are ____, the denial of service attacks are ____.
answer
remote attacks requiring user action, remote attacks requiring no user action
question
Computer programs like CAPTCHA are used to counter
answer
Hackers using key loggers
question
Buying health insurance is an example of risk _____, whereas going without it is an example of Risk ______.
answer
Transference, acceptance
question
Implementing controls to prevent threats from occurring and developing a recovery plan should the threats occur are two broad functions of ____.
answer
Risk mitigation
question
Access controls consist of ____, which confirms user identity, and ______, which determines user access levels.
answer
Authentication, authorization
question
_____ can be used to create strong passwords that are easy to remember
answer
Passphrases
question
The threats to information security are _____, and the greatest threat is ____.
answer
Increasing, human
question
Which of the following employees typically poses the most significant threat to information security
answer
IS employees
question
Which of the following is not a social engineering technique?
answer
Careless internet surfing
question
Which type of remote software attack does not require user action?
answer
Denial-of service attack
question
Which type of alien software uses your computer to send emails that look like they came from you to all the people in your address book?
answer
Spamware
question
Which of the following would be an example of a SCADA attack?
answer
Computer viruses are introduced into the electrical company's systems resulting in a shutdown of the power plant
question
which of the following is not a common risk mitigation strategy?
answer
Risk analysis
question
A password system on a computer network is an example of which type of information security control?
answer
Access
question
Which of the following statements is true?
answer
Multifactor authentication systems are more reliable and more expensive than singlefactor
question
_______ is an encryption standard used for secure transactions such as credit card processing and online banking
answer
TLS
question
A(n) ____ is the possibility that a system will be harmed by a threat
answer
vulnerability
question
Organizations perform ___ to ensure that their security programs are cost effective?
answer
Risk analysis
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New
Get unstuck with AI assistant right now
  • Enter your topic/question
  • Receive an explanation
Pro tips to get quality response
  • Ask one question at a time
  • Enter a specific assignment topic
  • Aim at least 500 characters
Question
What is the right structure for an essay
Answer
A paragraph is a related group of sentences that develops one main idea. Each paragraph in the body of the essay should contain:
  • a topic sentence that states the main or controlling idea
  • supporting sentences to explain and develop the point you’re making
  • evidence from your reading or an example from the subject area that supports your point
  • analysis of the implication/significance/impact of the evidence finished off with a critical conclusion you have drawn from the evidence.