IST 202 Chapter 10 Practice Questions – Flashcards

Unlock all answers in this set

Unlock answers
question
1) Which of the following is the most complete definition of a computer crime? A) the act of using a computer to commit an illegal act B) the act of using someone's computer to browse the Internet C) the act of using someone's computer to check e-mail D) the act of stealing a computer and related hardware E) the act of giving personal information to Web sites when shopping
answer
A) the act of using a computer to commit an illegal act Page Ref: 395
question
2) Those individuals who are knowledgeable enough to gain access to computer systems without authorization have long been referred to as ________. A) hackers B) bots C) online predators D) worms E) power users
answer
A) hackers Page Ref: 396
question
3) Which of the following is one of the main federal laws in the United States against computer crimes? A) Satellite Act of 1962 B) Trade Expansions Act of 1962 C) United States Information and Educational Exchange Act D) Central Intelligence Agency Act E) Electronic Communications Privacy Act of 1986
answer
E) Electronic Communications Privacy Act of 1986 Page Ref: 409
question
4) The Computer Fraud and Abuse Act of 1986 prohibits ________. A) accessing company intranet and confidential information from public computers B) stealing or compromising data about national defense, foreign relations, atomic energy, or other restricted information C) the use of external devices to provide access and information to companies' confidential information D) contracting with consultants outside the United States to process information E) access to company extranets when outsourcing work to clients overseas
answer
B) stealing or compromising data about national defense, foreign relations, atomic energy, or other restricted information Page Ref: 409
question
5) Which of the following US laws amended the Computer Fraud and Abuse Act to allow investigators access to voice-related communications? A) the Non-detention Act B) the Espionage Act C) the Patriot Act D) the Video Privacy Protection Act E) the Clery Act
answer
C) the Patriot Act Page Ref: 409
question
6) Violating data belonging to banks or other financial institutions is a crime in the United States. Which of the following legislations prohibit such violations? A) the Foreign Intelligence Surveillance Act B) the Computer Fraud and Abuse Act C) the Patriot Act D) the Banking Rights and Privacy Act E) the Electronic Communications Privacy Act
answer
B) the Computer Fraud and Abuse Act Page Ref: 409
question
7) Some violations of state and federal computer crime laws are punishable by fines and by not more than one year in prison. Such violations are charged as ________. A) misdemeanors B) felonies C) embezzlements D) indictments E) larcenies
answer
A) misdemeanors Page Ref: 409
question
8) Computer criminals who attempt to break into systems or deface Web sites to promote political or ideological goals are called ________. A) hacktivists B) crackers C) social promoters D) internet activists E) online predators
answer
A) hacktivists Page: 396
question
9) Today, people who break into computer systems with the intention of doing damage or committing a crime are usually called ________. A) bots B) white hats C) worms D) cyber spies E) crackers
answer
E) crackers Page: 396
question
10) WikiLeaks is a famous not-for-profit whistleblower Web site. MasterCard and Visa stopped payments to WikiLeaks after a series of leaks by the site. An anonymous group attacked the Web sites of both MasterCard and Visa reacting to this. These Web vandals, who tried to protect WikiLeaks, can be called ________. A) hacktivists B) bots C) ethical hackers D) patriot hackers E) cyber soldiers
answer
A) hacktivists Page: 396
question
11) Employees steal time on company computers to do personal business. This can be considered as an example of ________. A) unauthorized access B) hacking C) Web vandalism D) cyberstalking E) embezzlement
answer
A) unauthorized access Page: 398
question
12) In May 2001, an e-mail with "This is unbelievable!" in the subject field and an attached file spread to numerous computers in the world. Any user who downloaded the attached file complained of his or her systems slowing down and in some cases, files being erased. The attached file is most likely to be ________. A) adware B) spyware C) a virus D) spam E) a logic bomb
answer
C) a virus Page: 400
question
13) ________ targeted at networks, is designed to spread by itself, without the need for an infected host file to be shared. A) Adware B) Spyware C) A worm D) Spam E) A logic bomb
answer
C) A worm Page: 400
question
14) Ronald downloads a movie from the Internet onto his company's computer. During this process, his system gets affected by a virus. The virus spreads rapidly in the company's network and causes the server to crash. This type of virus is most likely to be ________. A) adware B) phishing mail C) spam D) a worm E) a Trojan horse
answer
D) a worm Page:400
question
15) While Shelly downloaded an arcade game from an unknown Internet Web site, an unauthorized connection unknown to Shelly had been established with her computer. The arcade game is most likely to be ________. A) spyware B) a worm C) adware D) a Trojan horse E) encryption
answer
D) a Trojan horse Page:400
question
16) While adding information to the employee information database, Neil's computer crashed and the entire database on his computer was erased along with it. Which of the following types of virus would have caused Neil's computer to crash? A) spyware B) worm C) adware D) logic bomb E) encryption
answer
D) logic bomb Page: 401
question
17) Computers that are located in homes, schools, and businesses are infected with viruses or worms to create armies of zombie computers to execute ________ attacks. A) phishing B) malware C) adware D) denial-of-service E) encryption
answer
D) denial-of-service Page: 401
question
18) The official Web site of the Iranian government was made unreachable by foreign activists seeking to help the opposition parties during the 2009 Iranian election protests. Web sites belonging to many Iranian news agencies were also made unreachable by the activists. This cyber protest is an example of a(n) ________ attack. A) denial-of-service B) logic bomb C) Trojan horse D) online predator E) bot herder
answer
A) denial-of-service Page: 401
question
19) ________ refers to any software that covertly gathers information about a user through an Internet connection without the user's knowledge. A) Spyware B) Spam C) Web filter D) Cookie E) Bot herder
answer
A) Spyware Page: 402
question
20) Which of the following terms represents junk newsgroup postings used for the purpose of advertising for some product or service? A) spam B) adware C) cookie D) bot herder E) Web filter
answer
A) spam Page: 402
question
21) Robert receives an e-mail which says he has won an online lottery worth $50 billion. Robert had his doubts as he did not remember entering or buying any lottery ticket. It was a spam e-mail intended to obtain the bank account details and the credit card number of Robert. Which of the following is evident here? A) logic bomb B) hacktivism C) phishing D) tunneling E) cyberterrorism
answer
C) phishing Page: 403
question
22) ________ is an attempt to trick financial account and credit card holders into giving away their authentication information, usually by sending spam messages to literally millions of e-mail accounts. A) Phishing B) Cyber tunneling C) Viral marketing D) Logic bombing E) Hacking
answer
A) Phishing Page: 403
question
23) ________ is a more sophisticated fraudulent e-mail attack that targets a specific person or organization by personalizing the message in order to make the message appear as if it is from a trusted source such as an individual within the recipient's company, a government entity, or a well-known company. A) Spear phishing B) Cyber tunneling C) Viral marketing D) Logic bombing E) Hacking
answer
A) Spear phishing Page: 403
question
24) Which of the following is a message passed to a Web browser on a user's computer by a Web server? A) cookie B) botnet C) honeypot D) phish E) spam
answer
A) cookie Page: 404
question
25) When using Yahoo Messenger, you get an unsolicited advertisement from a company. This advertisement contains a link to connect to the merchant's Web site. Which of the following is the best way of classifying this advertisement? A) adware B) cookie C) Internet hoax D) spim E) cyber squatting
answer
D) spim Page: 403
question
26) A(n) ________ typically consists of a distorted image displaying a combination of letters and/or numbers that a user has to input into a form before submitting it. A) ASCII B) CTAN C) ENGO D) CAPTCHA E) WYSIWYG
answer
D) CAPTCHA Page: 403-404
question
27) Which of the following is the most accurate definition of a botnet? A) fraudulent e-mail attack that targets a specific person or organization by personalizing the message B) spider software used by a search algorithm to crawl various Web sites to return a query C) small text file passed to a Web browser on a user's computer by a Web server D) common platform used by search engines to index the contents of a Web site E) destructive software robots, working together on a collection of zombie computers via the Internet
answer
E) destructive software robots, working together on a collection of zombie computers via the Internet Page:405
question
28) ________ is the stealing of another person's Social Security number, credit card number, and other personal information for the purpose of using the victim's credit rating to borrow money, buy merchandise, and otherwise run up debts that are never repaid. A) Logic bombing B) Battery C) Spear phishing D) Bot herding E) Identity theft
answer
E) Identity theft Page:405
question
29) A hacker takes an individual's Social Security number, credit card number, and other personal information for the purpose of using the victim's credit rating to run up debts that are never repaid. This practice is called ________. A) identity theft B) cyberstalking C) cyberbullying D) bot herding E) viral marketing
answer
A) identity theft Page: 405
question
30) ________ are false messages often circulated online about new viruses, earthquakes, kids in trouble, cancer causes, or any other topic of public interest. A) Internet hoaxes B) Honeypots C) Cookies D) Logic bombs E) Malware
answer
A) Internet hoaxes Page: 406
question
31) ________ is the dubious practice of registering a domain name and then trying to sell the name for big bucks to the person, company, or organization most likely to want it. A) Cybersquatting B) Bot herding C) Spear phishing D) Logic bombing E) Hacktivism
answer
A) Cybersquatting Page: 406
question
32) Arbitron consultants, a leading software consulting firm in the United States, decides to launch an ERP solution. The company chooses the brand name ArbitEnterprise for the new solution. However, when the company attempts to register the domain name, it finds that the domain name is already registered to an unknown firm. The small firm is now attempting to sell the domain name to Arbitron. Which of the following terms refers to this practice of buying a domain name only to sell it for big bucks? A) cybersquatting B) logic bombing C) cyberbullying D) bot herding E) cyberstalking
answer
A) cybersquatting Page: 406
question
33) ________ broadly refers to the use of a computer to communicate obscene, vulgar, or threatening content that causes a reasonable person to endure distress. A) Cyberharassment B) Viral marketing C) Hacktivism D) Bot herding E) Spam filtering
answer
A) Cyberharassment Page: 406
question
34) Cyber criminals gain information on a victim by monitoring online activities, accessing databases, and so on and make false accusations that damage the reputation of the victim on blogs, Web sites, chat rooms, or e-commerce sites. Such acts are called ________. A) bot herding B) cyberstalking C) spam filtering D) viral marketing E) spear phishing
answer
B) cyberstalking Page: 406
question
35) ________ refers to offering stolen proprietary software for free over the Internet. A) Bot herding B) Warez peddling C) Spam filtering D) Viral marketing E) Spear phishing
answer
B) Warez peddling Page: 407
question
36) Which of the following can typically be filed for a patent? A) material inventions B) software C) music D) literature E) art
answer
A) material inventions Page: 407
question
37) Which of the following can typically be filed for a copyright? A) iPhone B) music by the Beatles C) Amazon's one-click buying D) Google Nexus phone E) iPad
answer
B) music by the Beatles Page: 407
question
38) ________ refers to an organized attempt by a country's military to disrupt or destroy the information and communication systems of another country. A) Cyberwar B) Internet hoaxing C) Cybersquatting D) Web vandalism E) Logic bombing
answer
A) Cyberwar Page: 411
question
39) Independent citizens or supporters of a country that perpetrate attacks on perceived or real enemies are called ________. A) patriot hackers B) bot herders C) online predators D) hacktivists E) ethical hackers
answer
A) patriot hackers Page: 412
question
40) ________ is the use of computer and networking technologies, by individuals and organized groups, against persons or property to intimidate or coerce governments, civilians, or any segment of society in order to attain political, religious, or ideological goals. A) Cyberterrorism B) Web vandalism C) Cyberwar D) Patriot hacking E) Cyberbullying
answer
A) Cyberterrorism Page: 412
question
41) A mass cyber attack occurred in a country when it took severe actions against a group of citizens who protested against the country's religious policies. The attack involved a denial-of-service in which selected sites were bombarded with traffic to force them offline. This is an example of ________. A) cyberterrorism B) logic bombing C) hot backing up D) cyberbullying E) cybersquatting
answer
A) cyberterrorism Page: 412
question
42) ________ by terrorists refers to the use of the vast amount of information available on the Internet regarding virtually any topic for planning, recruitment, and numerous other endeavors. A) Data mining B) Information dissemination C) Location monitoring D) Information sharing E) Cybersquatting
answer
A) Data mining Page: 413
question
43) ________ refers to precautions taken to keep all aspects of information systems safe from destruction, manipulation, or unauthorized use or access. A) Information systems security B) Information systems resources C) Information systems planning D) Information systems audit E) Information systems distribution
answer
A) Information systems security Page: 416
question
44) ________ is a process in which you assess the value of the assets being protected, determine their probability of being compromised, and compare the probable costs of their being compromised with the estimated costs of whatever protections you might have to take. A) Risk analysis B) Information systems audit C) Disintermediation D) Operational analysis E) Data mining
answer
A) Risk analysis Page:417
question
45) An organization takes active countermeasures to protect its systems, such as installing firewalls. This approach is known as ________. A) risk reduction B) risk acceptance C) risk rescheduling D) risk transference E) risk elimination
answer
A) risk reduction Page:417
question
46) An organization does not implement countermeasures against information threats; instead it simply absorbs the damages that occur. This approach is called ________. A) risk acceptance B) risk reduction C) risk mitigation D) risk transference E) risk rescheduling
answer
A) risk acceptance Page: 417
question
47) Ciscon Telecom is a mobile operator in the European Union. The company provides personalized services to its customers and its databases contain valuable information about its customers. The loss of customer information which is used to decide services would be extremely harmful to the organization. Which of the following strategies used by Ciscon is an example of risk transference? A) The company insures any possible data loss for a large sum. B) The company forms a special team of top executives to monitor and correct the information policies. C) It installs a corporate firewall to protect unauthorized access to information. D) It enforces a strict employee data policy and prohibits employees from unauthorized access. E) The company decides to absorb any damages that might occur.
answer
A) The company insures any possible data loss for a large sum. Page: 417
question
48) RBS Publishing is a leading media company in France. The company handles sensitive information and often finds it susceptible to information threats. As a counter measure the company installs strong firewalls and protective software. These steps are a part of a ________ strategy. A) risk acceptance B) risk reduction C) risk mitigation D) risk transference E) risk rescheduling
answer
B) risk reduction Page: 417
question
49) With ________, employees may be identified by fingerprints, retinal patterns in the eye, facial features, or other bodily characteristics before being granted access to use a computer or to enter a facility. A) CAPTCHAs B) biometrics C) passwords D) access-control software E) smart cards
answer
B) biometrics Page: 419
question
50) Your company uses a fingerprint recognition system instead of an access card. This helps the company prevent unauthorized physical access. Which of the following technologies is used for authentication here? A) biometrics B) passwords C) smart cards D) access-control software E) encryption
answer
A) biometrics Page:419
question
51) In ________, an attacker accesses the network, intercepts data from it, and even uses network services and/or sends attack instructions to it without having to enter the home, office, or organization that owns the network. A) drive-by hacking B) hacktivism C) viral marketing D) cybersquatting E) denial-of-service
answer
A) drive-by hacking Page:420
question
52) A(n) ________ is a network connection that is constructed dynamically within an existing network in order to connect users or nodes. A) virtual private network B) ambient network C) cognitive network D) collaborative service network E) internetwork
answer
A) virtual private network Page:420
question
53) Albitrex Systems is an Asian software consulting firm which develops solutions for companies in the United States and Europe. The company is heavily dependent on the Internet for transporting data. The company wants to ensure that only authorized users access the data and that the data cannot be intercepted and compromised. Which of the following would be most helpful to the company in achieving this goal? A) spam filtering B) hot backing up C) tunneling D) open transmitting E) cloud storage
answer
C) tunneling Page: 420-421
question
54) Which of the following is a part of a computer system designed to detect intrusion and prevent unauthorized access to or from a private network? A) firewall B) cookie C) botnet D) honeypot E) spam filter
answer
A) firewall Page:421
question
55) Which of the following is a valid observation about encryption? A) Encrypted messages cannot be deciphered without the decoding key. B) Encryption is used for data enhancement rather than data protection. C) Encryption is performed only after the messages enter the network. D) The encryption approach is not dependent on the type of data transmission. E) Encryption implementation is an expensive process and needs an authentication from a relevant authority.
answer
A) Encrypted messages cannot be deciphered without the decoding key. Page:422
question
56) Implementing encryption on a large scale, such as on a busy Web site, requires a third party, called a(n) ________. A) certificate authority B) virtual private network C) arbitrative authority D) control center E) buying center
answer
A) certificate authority Page: 422
question
57) ________ software is used to keep track of computer activity so that inspectors can spot suspicious activity and take action. A) Access-control B) Firewall C) Audit-control D) Denial-of-service E) Risk analysis
answer
C) Audit-control Page: 422
question
58) A ________ is nothing more than an empty warehouse with all necessary connections for power and communication but nothing else. A) cold backup site B) buying center C) botnet D) firewall E) collocation facility
answer
A) cold backup site Page: 424
question
59) An organization builds a fully equipped backup facility, having everything from office chairs to a one-to-one replication of the most current data. This facility is called a ________. A) buying center B) firewall C) hot backup site D) botnet E) collocation facility
answer
C) hot backup site Page: 424
question
60) Some data centers rent server space to multiple customers and provide necessary infrastructure in terms of power, backups, connectivity, and security. Such data centers are called ________. A) collocation facilities B) hot backup sites C) virtual private networks D) offshore networks E) control centers
answer
A) collocation facilities Page: 425
question
61) ________ is the use of formal investigative techniques to evaluate digital information for judicial review. A) Computer forensics B) Flaming C) Hacktivism D) Certificate authority E) Encryption
answer
A) Computer forensics Page: 426
question
62) Which of the following terms refers to a computer, data, or network site that is designed to be enticing to crackers so as to detect, deflect, or counteract illegal activity? A) honeypot B) firewall C) bot herder D) botnet E) zombie computer
answer
A) honeypot Page:426
question
63) Identify the policy that lists procedures for adding new users to systems and removing users who have left the organization. A) information policy B) use policy C) incident handling procedures D) disaster recovery plan E) account management policy
answer
E) account management policy Page: 429
question
64) Which of the following types of plans describes how a business resumes operation after a disaster? A) business continuity plan B) internal operations plan C) collocation facilities plan D) emergency operation plan E) virtual private network plan
answer
A) business continuity plan Page: 429
question
65) Recovery point objectives of a recovery plan specify ________. A) the maximum time allowed to recover from a catastrophic event B) data structures and patterns of the data C) the minimum time after which response should be allowed in a catastrophic event D) how current the backup data should be E) the capacity of a backup server in storing the necessary data
answer
D) how current the backup data should be Page: 430
question
66) Controls that are used to assess whether anything went wrong, such as unauthorized access attempts, are called ________ controls. A) detective B) preventive C) corrective D) adaptive E) protective
answer
A) detective Page: 432
question
67) Organizations periodically have an external entity review the controls so as to uncover any potential problems in the controls. This process is called ________. A) information systems audit B) risk analysis C) information modification D) recovery plan objective analysis E) business continuity plan
answer
A) information systems audit Page: 432
question
68) Which of the following laws makes it mandatory for organizations to demonstrate that there are controls in place to prevent misuse or fraud, controls to detect any potential problems, and effective measures to correct any problems? A) Sarbanes-Oxley Act B) Trade Expansions Act of 1962 C) Electronic Communications Privacy Act of 1986 D) Central Intelligence Agency Act E) USA Patriot Act
answer
A) Sarbanes-Oxley Act Page: 434
question
69) The ________ is a set of best practices that helps organizations both maximize the benefits from their IS infrastructure and establish appropriate controls. A) Sarbanes-Oxley Act of 2002 (S-OX) B) Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) C) Electronic Communications Privacy Act of 1986 D) Control objectives for information and related technology (COBIT) E) USA Patriot Act
answer
D) Control objectives for information and related technology (COBIT) Page: 434
question
70) Computer crime is defined as the act of using a computer to commit an illegal act.
answer
Answer: TRUE Page Ref: 395
question
71) Employees steal time on company computers to do personal business. This is a form of unauthorized access.
answer
Answer: TRUE Page Ref: 398
question
72) Logic bombs are variations of Trojan horses that can reproduce themselves to disrupt the normal functioning of a computer.
answer
Answer: FALSE Page Ref: 401
question
73) Spyware is electronic junk mail or junk newsgroup postings, posted usually for the purpose of advertising some product and/or service.
answer
Answer: FALSE Page Ref: 402
question
74) Spam filters are used to reduce the amount of spam processed by central e-mail servers.
answer
Answer: TRUE Page Ref: 402
question
75) A cookie is a message passed to a Web browser on a user's computer by a Web server.
answer
Answer: TRUE Page Ref: 404
question
76) An Internet hoax is a false message circulated online about new viruses.
answer
Answer: TRUE Page Ref: 406
question
77) Making false accusations that damage the reputation of the victim on blogs, Web sites, chat rooms, or e-commerce sites is a form of cyberstalking.
answer
Answer: TRUE Page Ref: 406
question
78) Patents generally refer to creations of the mind such as music, literature, or software.
answer
Answer: FALSE Page Ref: 407
question
79) Cyberwar refers to an organized attempt by a country's military to disrupt or destroy the information and communication systems of another country.
answer
Answer: TRUE Page Ref: 411
question
80) Patriot hackers are independent citizens or supporters of a country that perpetrate attacks on perceived or real enemies.
answer
Answer: TRUE Page Ref: 412
question
81) Data mining refers to the use of Web sites to disseminate propaganda to current and potential supporters, to influence international public opinion, and to notify potential enemies of pending plans.
answer
Answer: FALSE Page Ref: 413
question
82) Insuring all the systems and information processing processes is an essential part of risk acceptance strategy
answer
Answer: FALSE Page Ref: 417
question
83) A virtual private network is a network connection that is constructed dynamically within an existing network.
answer
Answer: TRUE Page Ref: 420
question
84) A firewall is a part of a computer system designed to detect intrusion and prevent unauthorized access to or from a private network.
answer
Answer: TRUE Page Ref: 421
question
85) A hot backup site is an empty warehouse with all necessary connections for power and communication.
answer
Answer: FALSE Page Ref: 424
question
86) Redundant data centers can be used to secure the facilities infrastructure of organizations.
answer
Answer: TRUE Page Ref: 424
question
87) A honeypot is a computer, data, or network site that is used to penetrate other networks and computer systems to snoop or to cause damage.
answer
Answer: FALSE Page Ref: 426
question
88) An account management policy explains technical controls on all organizational computer systems, such as access limitations, audit-control software, firewalls, and so on.
answer
Answer: FALSE Page Ref: 428
question
89) Recovery point objectives are used to specify how current the backup data should be.
answer
Answer: TRUE Page Ref: 430
question
90) Detective controls are used to prevent any potentially negative event from occurring, such as preventing outside intruders from accessing a facility.
answer
Answer: FALSE Page Ref: 432
question
91) COBIT is a set of best practices that helps organizations maximize the benefits from their IS infrastructure and establish appropriate controls.
answer
Answer: TRUE Page Ref: 434
question
92) What is computer crime? Explain your answer.
answer
Answer: Computer crime is defined as the act of using a computer to commit an illegal act. This broad definition of computer crime can include the following: 1. Targeting a computer while committing an offense. For example, someone gains unauthorized entry to a computer system in order to cause damage to the computer system or to the data it contains. 2. Using a computer to commit an offense. In such cases, computer criminals may steal credit card numbers from Web sites or a company's database, skim money from bank accounts, or make unauthorized electronic fund transfers from financial institutions. 3. Using computers to support a criminal activity despite the fact that computers are not actually targeted. For example, drug dealers and other professional criminals may use computers to store records of their illegal transactions. Page Ref: 395
question
93) What is unauthorized access? Provide a few examples of unauthorized access.
answer
Answer: Unauthorized access occurs whenever people who are not authorized to see, manipulate, or otherwise handle information look through electronically stored information files for interesting or useful data, peek at monitors displaying proprietary or confidential information, or intercept electronic information on the way to its destination. The following are a few additional examples from recent media reports: 1. Employees steal time on company computers to do personal business. 2. Intruders break into government Web sites and change the information displayed. 3. Thieves steal credit card numbers and Social Security numbers from electronic databases, and then use the stolen information to charge thousands of dollars in merchandise to victims. 4. An employee at a Swiss bank steals data that could possibly help to charge the bank's customers for tax evasion, hoping to sell this data to other countries' governments for hefty sums of money. Page Ref: 398
question
94) Compare and contrast computer viruses and a Trojan horse.
answer
Answer: A virus is a destructive program that disrupts the normal functioning of computer systems. Viruses differ from other types of malicious code in that they can reproduce themselves. Some viruses are intended to be harmless pranks, but more often they do damage to a computer system by erasing files on the hard drive or by slowing computer processing or otherwise compromising the system. Unlike viruses, the Trojan horses do not replicate themselves, but, like viruses, can do much damage. When a Trojan horse is planted in a computer, its instructions remain hidden. The computer appears to function normally, but in fact it is performing underlying functions dictated by the intrusive code. Page Ref: 400
question
95) What are cookies? Do they pose a threat to users?
answer
Answer: A cookie is a message passed to a Web browser on a user's computer by a Web server. The browser then stores the message in a text file, and the message is sent back to the server each time the user's browser requests a page from that server. Cookies are normally used for legitimate purposes, such as identifying a user in order to present a customized Web page or for authentication purposes. Although you can choose to not accept the storage of cookies, you may not be able to visit the site, or it may not function properly. In such cases, cookies may contain sensitive information (such as credit card numbers) and thus pose a security risk in case unauthorized persons gain access to the computer. Page Ref: 404
question
96) Briefly explain cyberstalking and cybersquatting.
answer
Answer: Cybersquatting refers to the dubious practice of registering a domain name and then trying to sell the name for big bucks to the person, company, or organization most likely to want it. Domain names are one of the few scarce resources on the Internet and cybersquatting makes use of it. Cyberharassment refers to the use of computer to communicate obscene, vulgar, or threatening content that causes a reasonable person to endure distress. Repeated contacts with a victim are referred to as cyberstalking. It includes making false accusations, gaining information on a victim by monitoring online activities, encouraging others to harass a victim, and so forth. Page Ref: 406
question
97) Briefly explain cyberwar and cyberterrorism.
answer
Answer: Cyberwar refers to an organized attempt by a country's military to disrupt or destroy the information and communication systems of another country. Cyberwar is often executed simultaneously with traditional methods to quickly dissipate the capabilities of an enemy. Unlike cyberwar, cyberterrorism is launched not by governments but by individuals and organized groups. Cyberterrorism is the use of computer and networking technologies against persons or property to intimidate or coerce governments, civilians, or any segment of society in order to attain political, religious, or ideological goals. Page Ref: 411-412
question
98) What is risk analysis? What are the three ways in which organizations react to perceived risks?
answer
Answer: Risk analysis is a process in which the value of the assets being protected are assessed, their likelihood of being compromised determined, and the probable costs of their being compromised compared with the estimated costs of whatever protections it requires. Risk analysis then helps determine the steps, if any, to take to secure systems. There are three general ways to react: 1. Risk Reduction: Taking active countermeasures to protect systems, such as installing firewalls. 2. Risk Acceptance: Implementing no countermeasures and simply absorbing any damages that occur. 3. Risk Transference: Having someone else absorb the risk, such as by investing in insurance or by outsourcing certain functions to another organization with specific expertise. Page Ref: 417
question
99) List the six commonly used methods in which technology is employed to safeguard information systems.
answer
Answer: The six methods employed to safeguard information systems are: 1. Physical access restrictions 2. Firewalls 3. Encryption 4. Virus monitoring and prevention 5. Audit-control software 6. Secure data centers Page Ref: 417
question
100) Briefly describe the concept of virtual private networks.
answer
Answer: A virtual private network (VPN) is a network connection that is constructed dynamically within an existing network, often called a secure tunnel, in order to connect users or nodes. A number of companies and software solutions enable you to create VPNs within the Internet as the medium for transporting data. These systems use authentication and encryption and other security mechanisms to ensure that only authorized users can access the VPN and that the data cannot be intercepted and compromised; this practice of creating an encrypted "tunnel" to send secure (private) data over the (public) Internet is known as tunneling. Page Ref: 420-421
question
101) Suggest a few safeguards that organizations can employ to secure their facilities infrastructure.
answer
Answer: 1. Backups: Organizations and individual computer users should perform backups of important files to external hard drives, CDs, tapes, or online backup service providers at regular intervals. 2. Backup Sites: Backup sites are critical for business continuity in the event a disaster strikes; in other words, backup sites can be thought of as a company's office in a temporary location. 3. Redundant Data Centers: Often, companies choose to replicate their data centers in multiple locations. Even if the primary infrastructure is located in-house, it pays to have a backup located in a different geographic area to minimize the risk of a disaster happening to both systems. 4. Closed-Circuit Television: While installation and monitoring a closed-circuit television system is costly, the systems can monitor for physical intruders in data centers, server rooms, or collocation facilities. 5. Uninterruptible Power Supply: An uninterruptible power supply does not protect against intruders, but it protects against power surges and temporary power failures that can cause information loss. Page Ref: 423-425
question
102) Explain the concept of disaster planning in organizations.
answer
Answer: Organizations need to be prepared for when something catastrophic occurs. The most important aspect of preparing for disaster is creating a business continuity plan, which describes how a business resumes operation after a disaster. A subset of the business continuity plan is the disaster recovery plan, which spells out detailed procedures for recovering from systems-related disasters, such as virus infections and other disasters that might cripple the IS infrastructure. When planning for disaster, two objectives should be considered by an organization: recovery time and recovery point objectives. Recovery time objectives specify the maximum time allowed to recover from a catastrophic event. Recovery point objectives specify how current the backup data should be. Page Ref: 429-430
question
103) Explain various types of information systems controls.
answer
Answer: The three types of information systems controls are: 1. Preventive controls: to prevent any potentially negative event from occurring, such as by preventing outside intruders from accessing a facility. 2. Detective controls: to assess whether anything went wrong, such as unauthorized access attempts. 3. Corrective controls: to mitigate the impact of any problem after it has arisen, such as restoring compromised data. Page Ref: 432
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New