INFO 360 – Chapter 8 – Flashcards
Unlock all answers in this set
Unlock answersquestion
A(n) _____ is a person that tries to gain access to a computer system without authorization and with criminal intent, different from a person that simply tries to gain access.
answer
cracker
question
_____ can be destructive to a company when at risk for people or programs deliberately moving through ads, thus driving up advertising costs for a company.
answer
Click fraud
question
The _____ outlines medial security and privacy rules and procedures for the health care industry.
answer
HIPAA Act
question
The _____ mandates that financial services firms ensure security and confidentiality of customer data.
answer
Gramm-Leach-Bliley Act
question
_____ check for data entering a system for accuracy and completeness, such as when a clerk confirms a telephone number for a new customer.
answer
Input controls
question
With security, a(n) _____ sets how information assets are used while _____ controls who can access information assets.
answer
acceptable use policy; identity management
question
Current tablet devices require a fingerprint as a(n) ____ to control who can access a device.
answer
biometric authentication
question
Using a combination of hardware and software, ____ are able to control incoming and outgoing data on a network.
answer
firewalls
question
Which of the following is NOT a security threat posed by the use of the iPhone, iPad and other mobile computing devices in the workplace? A. Mobile devices appear vulnerable to rogue apps. B. Mobile devices have less stringent passwords and locks. C. Mobile devices are easily stolen and often contain corporate data. D. Dictating what kind of data an app can access inside its sandbox domain. E. Data leakage is caused by use of cloud storage services with mobile devices.
answer
D. Dictating what kind of data an app can access inside its sandbox domain.
question
Which is NOT a type of security loss? A. Unauthorized data disclosure B. Denial of service C. Unauthorized data modification D. Faulty service E. Forgotten passwords
answer
E. Forgotten passwords
question
Which of the following items does NOT comprise part of an organization's security policy? A. Identifying acceptable security goals B. Controlling what non organizational activities employees can do C. Weighing what risks the organization is willing to accept for each asset D. Ranking priorities of information risks E. Identifying the mechanisms for achieving these goals
answer
B. Controlling what non organizational activities employees can do
question
A key logger is a type of _____.
answer
spyware
question
Which of the following examine(s) data files and sorts out low-priority online material while assigning higher priority to business-critical files? A. Intrusion detection systems B. Managed security service providers C. Unified threat management D. Deep packet inspection E. Antivirus software
answer
D. Deep packet inspection
question
Which is NOT a characteristic of the most secure, hard-to-break passwords? A. Is a mix of letters and numbers B. Contains no word in any language C. Has upper- and lowercase characters D. Contains special characters E. Has six or fewer characters
answer
E. Has six or fewer characters
question
Computer forensics deals with all of the following problems EXCEPT: A. presenting the information to a court of law. B. protecting the computer assets from fraudulent access. C. finding significant information in a large volume of electronic data. D. recovering data from computers while preserving evidential integrity. E. securely storing and handling recovered electronic data.
answer
B. protecting the computer assets from fraudulent access.
question
Which of the following was NOT one of security practices that LinkedIn failed to follow? A. LinkedIn did not install security patches and bug fixes. B. LinkedIn had minimal password protection via encryption. C. LinkedIn did not sufficiently protect its website from hackers. D. LinkedIn had not salted its user passwords. E. LinkedIn did not store hashed passwords on separate secure Web servers.
answer
A. LinkedIn did not install security patches and bug fixes.
question
Human safeguards involve the people and procedure components of information systems. All of the following constitute effective human safeguards EXCEPT ______. A. dissemination and enforcement B. positon definiton C. incidence response plan D. termination E. hiring and screening
answer
C. incidence response plan
question
Which of the following is an opportunity for threats to gain access to assets? A. Threat B. Target C. Attack D. Vulnerability E. Safeguard
answer
D. Vulnerability
question
Which of the following is NOT a type of malware? A. Adware B. Virus C. Cookies D. Spyware E. Trojan horse
answer
C. Cookies
question
Which of the following is a critical security function of senior management in an organization? A. Establishing the security policy and managing risk B. Managing security programs on a real-time basis C. Safeguarding computer hardware and software D. Developing IS security software E. Monitoring potential malicious activity continuously
answer
A. Establishing the security policy and managing risk
question
Which of the following is NOT a situation when a computer is the target of a crime? A. Knowingly transmitting a program, program code, or command that intentionally causes damages to a protected computer B. Accessing a computer system without authority C. Breaching the confidentiality of protected computerized data D. Using e-mail for threats or harassment E. Knowingly accessing a protected computer to commit fraud
answer
D. Using e-mail for threats or harassment
question
Technical safeguards against computer security threats include all of the following EXCEPT ______. A. malware protection B. passwords C. Firewalls D. encryption E. identification and authorization
answer
B. passwords
question
Which of the following is FALSE regarding public-key encryption? A. The sender encrypts the message with the recipient's public key. B. The private key is kept secret. C. The public key is shared using a directory. D. On receiving the message, the recipient uses the public key to decrypt it. E. It uses two keys that are mathematically related.
answer
D. On receiving the message, the recipient uses the public key to decrypt it.
question
Electronic evidence on computer storage media that is not visible to the average user is called ______.
answer
ambient data
question
Data safeguards include all of the following EXCEPT _____. A. encryption B. data rights and responsibilities C. passwords D. backup and recovery E. training
answer
E. training
question
Which of the following threats is NOT considered a computer crime aimed at unauthorized data disclosure? A. Hacking B. Sniffing C. Procedural mistakes D. Spoofing E. Phishing
answer
C. Procedural mistakes
question
An independent computer program that copies itself from one computer to another over a network is called a _____.
answer
worm
question
Which act requires financial institutions to ensure the security and confidential of customer data and mandates that data must be stored on a secure medium and protected during storage and transmittal?
answer
Gramm-Leach-Bliley Act
question
Which of the following is NOT a situation where the computer is used as the instrument of crime? A. Unauthorized copying of software or copyrighted intellectual property B. Launching schemes to defraud C. Accessing a computer system without authority D. Intentionally attempting to intercept electronic communication E. Using e-mail for threats or harassment
answer
C. Accessing a computer system without authority
question
Which of the following is NOT addressed by a business continuity plan? A. The identification of critical business processes B. When and how the plan is to be updated and refined C. Action plans for handling mission-critical functions if systems go down D. The technical issues involved in keeping systems up and running E. How the company can restore business operations after a disaster strikes
answer
D. The technical issues involved in keeping systems up and running
question
Which of the following is NOT a good practice for protecting against security threats? A. Not using the same password for all your accounts B. Buying only from online vendors that use https in their transactions C. Using long and complex passwords D. Never sending valuable data such as credit number in email or IM E. Backing up your browsing history, temporary files, and cookies
answer
E. Backing up your browsing history, temporary files, and cookies
question
Which of the following is FALSE regarding digital certificates? A. They help a user and a merchant to validate that their digital certificates were issued by an authorized and trusted third party before they exchange data. B. The recipient decodes the encrypted message by using the CA's public key. C. They authenticate that the public key belongs to the designated owner. D. The CA verifies a digital certificate user's identity online. E. They contain the owner's identification and a copy of the owner's public key.
answer
D. The CA verifies a digital certificate user's identity online.
question
Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is referred to as ______.
answer
social engineering
