MIS Final Exam ch 12 – Flashcards
Unlock all answers in this set
Unlock answersquestion
1) A(n) ________ is a measure that individuals or organizations take to block a threat from obtaining an asset.
answer
safeguard
question
2) Which of the following types of security loss is WikiLeaks an example of? A) unauthorized data disclosure
answer
unauthorized data disclosure
question
3) A person calls the Stark residence and pretends to represent a credit card company. He asks Mrs. Stark to confirm her credit card number. This is an example of ________.
answer
pretexting
question
4) A ________ pretends to be a legitimate company and sends emails requesting confidential data.
answer
phisher
question
5) Mark receives an email from his bank asking him to update and verify his credit card details. He replies to the mail with all the requested details. Mark later learns that the mail was not actually sent by his bank and that the information he had shared has been misused. Mark is a victim of ________.
answer
phising
question
6) Which of the following is a synonym for phishing?
answer
email spoofing
question
________ is a technique for intercepting computer communications.
answer
Sniffing
question
________ take computers with wireless connections through an area and search for unprotected wireless networks.
answer
Drive-by sniffers
question
Breaking into computers, servers, or networks to steal proprietary and confidential data is referred to as ________.
answer
hacking
question
Which of the following occurs when millions of bogus service requests flood a Web server and prevent it from servicing legitimate requests?
answer
DOS attack
question
________ occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones.
answer
Usurpation
question
A(n) ________ is a sophisticated, possibly long-running, computer hack that is perpetrated by large, well-funded organizations like governments.
answer
Advanced Persistent Threat (APT)
question
Which of the following statements is true of the financial losses due to computer security threats?
answer
The financial losses faced by companies due to human error are enormous.
question
A(n) ________ is a computer program that senses when another computer is attempting to scan a disk or access a computer.
answer
intrusion detection system
question
Which of the following is considered a personal security safeguard?
answer
send no valuable data via email or IM
question
During which of the following computer crimes does a password cracker try every possible combination of characters?
answer
brute force attack
question
________ are small files that browsers store on users' computers when they visit Web sites.
answer
Cookies
question
Which of the following is a human safeguard against security threats?
answer
procedure design
question
Which of the following is a technical safeguard against security threats?
answer
identification and authorization
question
Which of the following is a data safeguard against security threats?
answer
physical security
question
Backup and physical security are ________ against computer security threats.
answer
data safeguards
question
A user name ________ a user.
answer
identifies
question
A password ________ a user.
answer
autheticates
question
Users of smart cards are required to enter a ________ to be authenticated.
answer
personal identification number
question
A ________ has a microchip that is loaded with identifying data
answer
smart card
question
Which of the following uses an individual's personal physical characteristics such as fingerprints, facial features, and retinal scans for verification purposes?
answer
biometric authentication
question
________ is the process of transforming clear text into coded, unintelligible text for secure storage or communication.
answer
encryption
question
Which of the following statements is true of symmetric encryption?
answer
With symmetric encryption, the same key is used for both encoding and decoding.
question
The most secure communications over the Internet use a protocol called ________.
answer
HTTPS
question
With HTTPS, data are encrypted using a protocol called the ________.
answer
Secure Socket Layer (SSL)
question
With HTTPS, data are encrypted using the Secure Socket Layer (SSL) protocol, which is also known as ________.
answer
Transport Layer Security (TLS
question
A(n) ________ sits outside an organizational network and is the first device that Internet traffic encounters.
answer
perimeter firewall
question
________ determine whether to pass each part of a message by examining its source address, destination addresses, and other such data.
answer
Packet-filtering firewalls
question
________ includes viruses, worms, Trojan horses, spyware, and adware.
answer
Malware
question
Which of the following refers to viruses that masquerade as useful programs?
answer
Trojan horses
question
Adware and spyware are similar to each other in that they both ________.
answer
are installed without a user's permission
question
Which of the following is an example of a data safeguard against security threats?
answer
backup and recovery
question
Organizations should protect sensitive data by storing it in ________ form.
answer
encrypted
question
The procedure of entrusting a party with a copy of an encryption key that can be used in case the actual key is lost or destroyed is called ________.
answer
key escrow
question
Which of the following statements is true about position sensitivity?
answer
Documenting position sensitivity enables security personnel to prioritize their activities.
question
The enforcement of security procedures and policies consists of three interdependent factors:
answer
responsibility, accountability, and compliance
question
In terms of password management, when an account is created, users should ________.
answer
immediately change the password they are given to a password of their own
question
Typically, a help-desk information system has answers to questions that only a true user would know. Which of the following statements is true of this information?
answer
It helps authenticate a user
question
Activity log analyses constitute an important ________ function.
answer
security monitoring