MIS320 Chapter 12 Information Security Management – Flashcards
Unlock all answers in this set
Unlock answersquestion
1) A ________ is a person or an organization that seeks to obtain or alter data or other IS assets illegally, without the owner's permission and often without the owner's knowledge.
answer
C) threat
question
2) Which of the following is considered a threat caused by human error?
answer
A) an employee inadvertently installs an old database on top of the current one
question
3) Which of the following is considered a computer crime?
answer
D) hacking of information systems
question
4) ________ occurs when someone deceives by pretending to be someone else.
answer
D) Pretexting
question
5) When referring to security threats, pretexting, sniffing, spoofing, and phishing are all examples of ________.
answer
A) unauthorized data disclosure
question
6) A ________ pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, Social Security numbers, account passwords, and so forth.
answer
B) phisher
question
7) Email spoofing is a synonym for ________.
answer
B) phishing
question
8) ________ is a technique for intercepting computer communications, either through a physical connection to a network or without a physical connection in the case of wireless networks.
answer
C) Sniffing
question
9) ________ take computers with wireless connections through an area and search for unprotected wireless networks and then monitor and intercept wireless traffic at will.
answer
C) Drive-by sniffers
question
10) Which of the following is an example of a sniffing technique?
answer
D) adware
question
11) ________ occurs when a person breaks into a network to steal data such as customer lists, product inventory data, employee data, and other proprietary and confidential data.
answer
C) Hacking
question
12) Which of the following is most likely to be a result of hacking?
answer
C) an unauthorized transaction from a user's credit card
question
13) ________ occurs through human error when employees do not follow proper procedures or when procedures have not been well designed.
answer
B) Incorrect data modification
question
14) ________ is the type of security loss that involves computer criminals invading a computer system and replacing legitimate programs with their own unauthorized ones that shut down legitimate applications and substitute their own processing to spy, steal, and manipulate data.
answer
D) Usurpation
question
15) Which of the following usually happens in a malicious denial-of-service attack?
answer
B) a hacker floods a Web server with millions of bogus service requests
question
16) ________ present the largest risk for an organization's infrastructure loss.
answer
B) Natural disasters
question
17) Which of the following statements is true about losses due to computer security threats?
answer
B) Some organizations don't report all their computer crime losses, and some won't report such losses at all.
question
18) A(n) ________ is a computer program that senses when another computer is attempting to scan the disk or otherwise access a computer.
answer
A) intrusion detection system
question
19) Nonword passwords are vulnerable to a ________ attack, in which the password cracker tries every possible combination of characters.
answer
C) brute force
question
20) ________ are small files that the browser stores on the user's computer when he/she visits Web sites and enables him/her to access Web sites without having to sign in every time.
answer
A) Cookies
question
21) Removing and disabling ________, which may contain sensitive security data, presents an excellent example of the trade-off between improved security and cost.
answer
C) cookies
question
22) Which of the following is a critical security function that the senior management should address in an organization?
answer
C) establishing the security policy
question
23) In information security, which of the following is true of managing risk?
answer
B) Organizations should implement safeguards that balance the trade-off between risk and cost.
question
24) Which of the following was passed to give individuals the right to access their own health data created by doctors and other healthcare providers?
answer
C) the HIPAA of 1996
question
25) Which of the following is classified as a technical safeguard?
answer
B) firewalls
question
26) A(n) ________ has a microchip in it to hold data.
answer
B) smart card
question
27) Users of smart cards are required to enter a ________ to be authenticated.
answer
C) personal identification number
question
28) Which of the following is used for biometric authentication?
answer
B) facial features
question
29) Which of the following statements is true of biometric identification?
answer
D) It often faces resistance from users for its invasive nature.
question
30) A ________ is a number used to encrypt data.
answer
A) key
question
31) In asymmetric encryption, each site has a ________ for encoding messages.
answer
C) public key
question
32) With ________, the sender and receiver transmit a message using different keys.
answer
A) asymmetric encryption
question
33) Secure Socket Layer is also known as ________.
answer
B) transport layer security
question
34) Which of the following statements is true of the Secure Socket Layer (SSL)?
answer
B) It is used to send sensitive data such as credit card numbers.
question
35) Mark is transferring funds online through the Web site of a reputed bank. Which of the following will be displayed in the address bar of his browser that will let him know that the bank is using the SSL protocol?
answer
C) https
question
36) A ________ examines each part of a message and determines whether to let that part pass.
answer
A) packet-filtering firewall
question
37) Packet-filtering firewalls ________.
answer
A) can filter both inbound and outbound traffic
question
38) ________ is the term used to denote viruses, worms, and Trojan horses.
answer
A) Malware
question
39) A virus is a computer program that replicates itself. The program code that causes unwanted activity is called the ________.
answer
A) payload
question
40) ________ are viruses that masquerade as useful programs or files.
answer
C) Trojan horses
question
41) A ________ is a type of virus that propagates using the Internet or other computer networks.
answer
A) worm
question
42) ________ is similar to spyware but it watches user activity and produces pop-ups.
answer
B) Adware
question
43) Which of the following is likely to be accepted by a poorly designed application, leading to improper disclosure of data?
answer
D) SQL injection
question
44) ________ refers to an organization-wide function that is in charge of developing data policies and enforcing data standards.
answer
A) Data administration
question
45) ________ is a function pertaining to a particular database that develops procedures and practices to control and protect the database.
answer
B) Database administration
question
46) Which of the following statements is true of data administration?
answer
D) It is involved in establishing data safeguards.
question
47) Key escrow is a(n) ________.
answer
B) safety procedure that allows a trusted party to have a copy of the encryption key
question
48) ________ protect databases and other organizational data.
answer
C) Data safeguards
question
49) The computers that run the DBMS and all devices that store database data should reside in locked, controlled-access facilities. This is done to ________.
answer
D) provide physical security
question
50) Which of the following statements is true with regard to human safeguards?
answer
C) Documenting position sensitivity enables security personnel to prioritize their activities based on possible risk.
question
51) ________ involve the people and procedure components of information systems.
answer
C) Human safeguards
question
52) Which of the following statements is true about human safeguards for employees?
answer
B) User accounts should be defined to give users the least possible privilege necessary to perform their jobs.
question
53) When an employee is terminated, IS administrators should receive advance notice so that they can ________.
answer
D) remove the user account and password
question
54) ________ a Web site means to take extraordinary measures to reduce a system's vulnerability, using special versions of the operating system.
answer
B) Hardening
question
55) The process of hardening a Web site is a ________ safeguard.
answer
C) technical
question
56) ________ are the primary means of authentication and are important not just for access to a user's computer, but also for authentication to other networks and servers to which the user may have access.
answer
C) Passwords
question
57) Which of the following systems procedures is specifically the responsibility of operations personnel?
answer
C) creating back up of system databases
question
58) ________ involves accomplishing job tasks during failure.
answer
D) Recovery
question
59) Firewalls produce ________ which include lists of all dropped packets, infiltration attempts, and unauthorized access attempts from within the firewall.
answer
C) activity logs
question
60) ________ are false targets for computer criminals to attack.
answer
Honeypots