MIS Chapter 10 Review – Flashcards

question
_____ occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones.
answer
Usurpation
question
Adware and spyware are similar to each other in that they both _______.
answer
Reside in the background and observe a user's behavior
question
In the case of public key encryption, each site has a private key to encode a message and a public key to decode it. T/F
answer
False
question
Technical safeguards involve both software and hardware components of an information system. T/F
answer
True
question
Risk management is a critical security function addressed by an organization's senior management. T/F
answer
True
question
_____ is the process of transforming clear text into coded, unintelligible text for secure storage or communication.
answer
Ecryption
question
A ________ pretends to be a legitimate company and sends emails requesting confidential data.
answer
Phisher
question
Which of the following uses an individual's personal physical characteristics such as fingerprints, facial features, and retinal scans for verification purposes?
answer
biometric authentication
question
Hiring, training, and educating employees in an organization is a technical safeguard. T/F
answer
False
question
With https, data are encrypted using a protocol called the __________.
answer
Secure Sockets Layer
question
_______ are created by companies as false targets for computer criminals to attack.
answer
Honeypots
question
Which of the following occurs when millions of bogus service requests flood a Web server and prevent it from servicing legitimate requests?
answer
denial of service
question
Mark receives an email from his bank asking him to update and verify his credit card details. He replies to the email with all the requested details. Mark later learns that the email was not actually sent by his bank and that the information he had shared has been misused. Mark is a victim of________.
answer
phishing
question
As one of the safeguards against security threats, a person should preferably use the same password for different sites so as to avoid confusion. T/F
answer
False
question
The procedure of entrusting a party with a copy of an encryption key that can be used in case the actual key is lost or destroyed is called ______.
answer
key escrow
question
Davian, a professional hacker, trues every possible combination of characters to crack his victim's email password. Using this technique, he can crack a six-character password of either upper- or lowercase letters in about ten minutes. Which of the following techniques is used by Davian to obtain access to his victim's email?
answer
brute force attack
question
Most secure communications over the Internet use a protocol called_________.
answer
https
question
The loss of encryption keys by employees is referred to as key escrow. T/F
answer
False
question
Which of the following statements is true of the financial losses due to computer crimes?
answer
All studies on the costs of computer crimes are based on surveys.
question
There are no standards for tallying costs of computer crime. T/F
answer
True
question
______ occurs when a threat obtains data that is supposed to be protected.
answer
Unauthorized data closure
question
A key is a number used with an encryption algorithm to encrypt data. T/F
answer
True
question
_______ take computers with wireless connections through an area and search for unprotected wireless networks.
answer
Wardrivers
question
A virus is a computer program that replicates itself. T/F
answer
True
question
Thomas is responsible for creating backup copies of information in a system. He also works along with IT personnel to ensure that the backups are valid and that effective recovery procedures exist. Thomas is involved in establishing______.
answer
Data safeguards
question
Breaking into computers, servers, or networks to steal proprietary and confidential data is referred to as __________.
answer
hacking
question
Smart cards are convenient to use because they do not require a personal identification number for authentication. T/F
answer
False
question
Malware definitions are patterns that exist in malware code. T/F
answer
True
question
Existence of accounts that are no longer necessary does not pose a security threat. T/F
answer
False
question
In terms of password management, when an account is created, users should ________.
answer
immediately change the password they are given to a password of their own.
question
______ are all files that browsers store on users' computers when they visit Web sites.
answer
Cookies
question
Which of the following is a symptom for phishing?
answer
email spoofing
question
While making online purchases, a person should buy only from vendors who support https. T/F
answer
True
question
Which of the following is a technical safeguard against security threats?
answer
firewall
question
Which of the following is considered a personal security safeguard?
answer
removing high-value assets from computers
question
Why asymmetric encryption, two different keys are used for encoding and decoding a message. T/F
answer
true
question
Which of the following statements is true of position sensitivity?
answer
it enables security personnel to prioritize their activities in accordance with the possible risk and loss.
question
Which of the following information should be provided by users of smart cards for authentication?
answer
personal identification number
question
To safeguard data against security threats, every information system today requires a user name and a password. In this case, which of the following functions is performed by the user name?
answer
Identification
question
________refers to an organization-wide function that is in charge of developing data policies and enforcing data standards.
answer
Data administration
question
Which of the following statements is true of symmetric encryption?
answer
it uses the same key for both encoding and decoding
question
_______ is a technique for intercepting computer communications
answer
Sniffing
question
Incorrectly increasing a customer's discount is an example of incorrect data modification. T/F
answer
True
question
Backup and recovery against computer security threats are __________.
answer
data safeguards
question
Which of the following is a data safeguard against security threats?
answer
physical security
question
Viruses, worms, and Trojan horses are types of firewalls. T/F
answer
False
question
Packet-filtering firewalls cannot prohibit outsiders from starting a session with any user behind the firewall. T/F
answer
False
question
Incident-response plans should provide centralized reporting of all security incidents. T/F
answer
True
question
Which of the following is a human safeguard against threats?
answer
Procedure design
question
Pretexting occurs when someone deceives by pretending to be someone else.T/F
answer
True
question
Which of the following are the three independent factors that constitute the enforcement of security procedures and policies?
answer
responsibility, accountability, and compliance
question
A_______ is a message that individuals or organizations take to block a threat from obtaining an asset.
answer
safeguard
question
A threat is a person or an organization that seeks to obtain or alter data illegally, without the owners permission or knowledge.T/F
answer
True
question
Financial institutions must invest heavily in security safeguards because they are obvious targets for theft. T/F
answer
True
question
A criticism of biometric authentication is that it provides weak authentication. T/F
answer
False
question
Packet-filtering firewalls are the most sophisticated type of firewall.T/F
answer
False
question
An_______includes how employees should react to security problems, whom they should contact, the reports they should make, and steps they can take to reduce further loss.
answer
incident-response plan
question
_______ is a broad category of software that includes viruses, worms, Trojan horses, spyware, and adware.
answer
Malware
question
Technical safeguards include encryption and usage of passwords. T/F
answer
False
question
In an organization, security sensitivity for each position should be documented. T/F
answer
True
question
An________is a computer program that senses when another computer is attempting to scan a disk or access a computer.
answer
intrusion detection system
question
A help-desk information system has answers to questions that only a true user of an account or system would know. T/F
answer
True
question
______ a site means to take extraordinary measures to reduce a system's vulnerability.
answer
Hardening
question
Malware protection is an example of a technical safeguard. T/F
answer
True
question
A person calls the Stark residence and pretends to represent a credit card company. He asks Mrs. Stark to confirm her credit card number. this is an example of _______.
answer
pretexting
question
Damages to security systems caused by natural disasters are minimal when compared to the damages due to human errors.T/F
answer
False
question
The creation of backup copies of databse contents makes the data move vulnerable to security threats. T/F
answer
False
question
Every information system today should require users to sign on with a user name and a password. In this case, which of the following functions is performed by the user's password?
answer
authentication
question
Spoofing is a technique for intercepting computer communications. T/F
answer
False
question
In a brute force attack, a password cracker trues every possible combination of characters. T/F
answer
True
question
_______ are viruses that masquerade as useful programs like a computer game, an MP3 file, or some other useful innocuous program.
answer
Trojan horses
question
A _______ sits outside an organizational network and is the first device that Internet traffic encounters.
answer
perimeter firewall
question
Advanced persistent threats can be a means to engage in cyber warfare and cyber espionage. T/F
answer
True
question
IP spoofing occurs when an intruder uses another site's IP address to masquerade as that other site. T/F
answer
True
question
A_____ examines the source address, destination address, and other data of a message and determines whether to let that message pass.
answer
packet-filtering firewall
question
Which of the following types of encryption is used by the secure sockets layer protocol?
answer
public key encryption
question
Spyware programs are installed on a user's computer without the user's knowledge. T/F
answer
True
question
Wardrives are those who engage in phishing to obtain unauthorized access to data. T/F
answer
False
question
A user name authenticates a user, and a password identifies that user. T/F
answer
False
question
An _______ is a sophisticated, possibly long-run computer hack that is perpetrated by large, well-funded organizations like governments.
answer
advanced persistent threat
question
A______ is a plastic card that has a microchip loaded with identifying data.
answer
smart card
1 of

Unlock all answers in this set

Unlock answers
question
_____ occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones.
answer
Usurpation
question
Adware and spyware are similar to each other in that they both _______.
answer
Reside in the background and observe a user's behavior
question
In the case of public key encryption, each site has a private key to encode a message and a public key to decode it. T/F
answer
False
question
Technical safeguards involve both software and hardware components of an information system. T/F
answer
True
question
Risk management is a critical security function addressed by an organization's senior management. T/F
answer
True
question
_____ is the process of transforming clear text into coded, unintelligible text for secure storage or communication.
answer
Ecryption
question
A ________ pretends to be a legitimate company and sends emails requesting confidential data.
answer
Phisher
question
Which of the following uses an individual's personal physical characteristics such as fingerprints, facial features, and retinal scans for verification purposes?
answer
biometric authentication
question
Hiring, training, and educating employees in an organization is a technical safeguard. T/F
answer
False
question
With https, data are encrypted using a protocol called the __________.
answer
Secure Sockets Layer
question
_______ are created by companies as false targets for computer criminals to attack.
answer
Honeypots
question
Which of the following occurs when millions of bogus service requests flood a Web server and prevent it from servicing legitimate requests?
answer
denial of service
question
Mark receives an email from his bank asking him to update and verify his credit card details. He replies to the email with all the requested details. Mark later learns that the email was not actually sent by his bank and that the information he had shared has been misused. Mark is a victim of________.
answer
phishing
question
As one of the safeguards against security threats, a person should preferably use the same password for different sites so as to avoid confusion. T/F
answer
False
question
The procedure of entrusting a party with a copy of an encryption key that can be used in case the actual key is lost or destroyed is called ______.
answer
key escrow
question
Davian, a professional hacker, trues every possible combination of characters to crack his victim's email password. Using this technique, he can crack a six-character password of either upper- or lowercase letters in about ten minutes. Which of the following techniques is used by Davian to obtain access to his victim's email?
answer
brute force attack
question
Most secure communications over the Internet use a protocol called_________.
answer
https
question
The loss of encryption keys by employees is referred to as key escrow. T/F
answer
False
question
Which of the following statements is true of the financial losses due to computer crimes?
answer
All studies on the costs of computer crimes are based on surveys.
question
There are no standards for tallying costs of computer crime. T/F
answer
True
question
______ occurs when a threat obtains data that is supposed to be protected.
answer
Unauthorized data closure
question
A key is a number used with an encryption algorithm to encrypt data. T/F
answer
True
question
_______ take computers with wireless connections through an area and search for unprotected wireless networks.
answer
Wardrivers
question
A virus is a computer program that replicates itself. T/F
answer
True
question
Thomas is responsible for creating backup copies of information in a system. He also works along with IT personnel to ensure that the backups are valid and that effective recovery procedures exist. Thomas is involved in establishing______.
answer
Data safeguards
question
Breaking into computers, servers, or networks to steal proprietary and confidential data is referred to as __________.
answer
hacking
question
Smart cards are convenient to use because they do not require a personal identification number for authentication. T/F
answer
False
question
Malware definitions are patterns that exist in malware code. T/F
answer
True
question
Existence of accounts that are no longer necessary does not pose a security threat. T/F
answer
False
question
In terms of password management, when an account is created, users should ________.
answer
immediately change the password they are given to a password of their own.
question
______ are all files that browsers store on users' computers when they visit Web sites.
answer
Cookies
question
Which of the following is a symptom for phishing?
answer
email spoofing
question
While making online purchases, a person should buy only from vendors who support https. T/F
answer
True
question
Which of the following is a technical safeguard against security threats?
answer
firewall
question
Which of the following is considered a personal security safeguard?
answer
removing high-value assets from computers
question
Why asymmetric encryption, two different keys are used for encoding and decoding a message. T/F
answer
true
question
Which of the following statements is true of position sensitivity?
answer
it enables security personnel to prioritize their activities in accordance with the possible risk and loss.
question
Which of the following information should be provided by users of smart cards for authentication?
answer
personal identification number
question
To safeguard data against security threats, every information system today requires a user name and a password. In this case, which of the following functions is performed by the user name?
answer
Identification
question
________refers to an organization-wide function that is in charge of developing data policies and enforcing data standards.
answer
Data administration
question
Which of the following statements is true of symmetric encryption?
answer
it uses the same key for both encoding and decoding
question
_______ is a technique for intercepting computer communications
answer
Sniffing
question
Incorrectly increasing a customer's discount is an example of incorrect data modification. T/F
answer
True
question
Backup and recovery against computer security threats are __________.
answer
data safeguards
question
Which of the following is a data safeguard against security threats?
answer
physical security
question
Viruses, worms, and Trojan horses are types of firewalls. T/F
answer
False
question
Packet-filtering firewalls cannot prohibit outsiders from starting a session with any user behind the firewall. T/F
answer
False
question
Incident-response plans should provide centralized reporting of all security incidents. T/F
answer
True
question
Which of the following is a human safeguard against threats?
answer
Procedure design
question
Pretexting occurs when someone deceives by pretending to be someone else.T/F
answer
True
question
Which of the following are the three independent factors that constitute the enforcement of security procedures and policies?
answer
responsibility, accountability, and compliance
question
A_______ is a message that individuals or organizations take to block a threat from obtaining an asset.
answer
safeguard
question
A threat is a person or an organization that seeks to obtain or alter data illegally, without the owners permission or knowledge.T/F
answer
True
question
Financial institutions must invest heavily in security safeguards because they are obvious targets for theft. T/F
answer
True
question
A criticism of biometric authentication is that it provides weak authentication. T/F
answer
False
question
Packet-filtering firewalls are the most sophisticated type of firewall.T/F
answer
False
question
An_______includes how employees should react to security problems, whom they should contact, the reports they should make, and steps they can take to reduce further loss.
answer
incident-response plan
question
_______ is a broad category of software that includes viruses, worms, Trojan horses, spyware, and adware.
answer
Malware
question
Technical safeguards include encryption and usage of passwords. T/F
answer
False
question
In an organization, security sensitivity for each position should be documented. T/F
answer
True
question
An________is a computer program that senses when another computer is attempting to scan a disk or access a computer.
answer
intrusion detection system
question
A help-desk information system has answers to questions that only a true user of an account or system would know. T/F
answer
True
question
______ a site means to take extraordinary measures to reduce a system's vulnerability.
answer
Hardening
question
Malware protection is an example of a technical safeguard. T/F
answer
True
question
A person calls the Stark residence and pretends to represent a credit card company. He asks Mrs. Stark to confirm her credit card number. this is an example of _______.
answer
pretexting
question
Damages to security systems caused by natural disasters are minimal when compared to the damages due to human errors.T/F
answer
False
question
The creation of backup copies of databse contents makes the data move vulnerable to security threats. T/F
answer
False
question
Every information system today should require users to sign on with a user name and a password. In this case, which of the following functions is performed by the user's password?
answer
authentication
question
Spoofing is a technique for intercepting computer communications. T/F
answer
False
question
In a brute force attack, a password cracker trues every possible combination of characters. T/F
answer
True
question
_______ are viruses that masquerade as useful programs like a computer game, an MP3 file, or some other useful innocuous program.
answer
Trojan horses
question
A _______ sits outside an organizational network and is the first device that Internet traffic encounters.
answer
perimeter firewall
question
Advanced persistent threats can be a means to engage in cyber warfare and cyber espionage. T/F
answer
True
question
IP spoofing occurs when an intruder uses another site's IP address to masquerade as that other site. T/F
answer
True
question
A_____ examines the source address, destination address, and other data of a message and determines whether to let that message pass.
answer
packet-filtering firewall
question
Which of the following types of encryption is used by the secure sockets layer protocol?
answer
public key encryption
question
Spyware programs are installed on a user's computer without the user's knowledge. T/F
answer
True
question
Wardrives are those who engage in phishing to obtain unauthorized access to data. T/F
answer
False
question
A user name authenticates a user, and a password identifies that user. T/F
answer
False
question
An _______ is a sophisticated, possibly long-run computer hack that is perpetrated by large, well-funded organizations like governments.
answer
advanced persistent threat
question
A______ is a plastic card that has a microchip loaded with identifying data.
answer
smart card
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New