Chapter 10

1) A(n) ________ is a measure that individuals or organizations take to block a threat from obtaining an asset. A) denial of service B) safeguard C) information silo D) third-party cookie

2) ________ occurs when a threat obtains data that is supposed to be protected. A) Unauthorized data disclosure B) Incorrect data modification C) Faulty service D) Denial of service

4) A ________ pretends to be a legitimate company and sends emails requesting confidential data. A) hacker B) phisher C) wardriver D) sniffer

7) ________ is a technique for intercepting computer communications. A) Spoofing B) Phishing C) Pretexting D) Sniffing

9) Breaking into computers, servers, or networks to steal proprietary and confidential data is referred to as ________. A) pretexting B) spoofing C) hacking D) phishing

10) Which of the following occurs when millions of bogus service requests flood a Web server and prevent it from servicing legitimate requests? A) spoofing B) incorrect data modification C) usurpation D) denial of service

12) A(n) ________ is a sophisticated, possibly long-running computer hack that is perpetrated by large, well-funded organizations like governments. A) advanced persistent threat B) identity threat C) copyright theft D) network sniffer attack

25) A(n) ________ is a computer program that senses when another computer is attempting to scan a disk or access a computer. A) intrusion detection system B) adware C) packet-filtering firewall D) network security system

26) Which of the following is considered a personal security safeguard? A) creating backup of cookies and temporary files B) removing high-value assets from computers C) using a single valid password for all accounts D) conducting transactions using http rather than https

27) Davian, a professional hacker, tries every possible combination of characters to crack his victim's email password. Using this technique, he can crack a six-character password of either upper- or lowercase letters in about five minutes. Which of the following techniques is used by Davian to obtain access to his victim's email? A) denial-of-service attack B) brute force attack C) pretexting D) spoofing

33) Which of the following is a human safeguard against security threats? A) encryption B) firewall C) physical security D) procedure design

34) Which of the following is a technical safeguard against security threats? A) password B) encryption C) compliance D) firewall

35) Which of the following is a data safeguard against security threats? A) application design B) accountability C) physical security D) malware protection

36) Backup and recovery against computer security threats are ________. A) technical safeguards B) data safeguards C) human safeguards D) hardware safeguards

43) To safeguard data against security threats, every information system today requires a user name and a password. In this case, which of the following functions is performed by the user name? A) authentication B) identification C) decryption D) encryption

44) Every information system today should require users to sign on with a user name and a password. In this case, which of the following functions is performed by the user's password? A) authentication B) identification C) decryption D) encryption

47) Which of the following uses an individual's personal physical characteristics such as fingerprints, facial features, and retinal scans for verification purposes? A) credit card B) smart card C) biometric authentication D) symmetric encryption

49) Which of the following statements is true of symmetric encryption? A) It uses the same key for both encoding and decoding. B) It is more difficult and slower than asymmetric encryption. C) It does not require a key to encrypt or decrypt data. D) It uses a special version called public/private key on the Internet for a secure communication.

52) Which of the following types of encryption is used by the secure sockets layer protocol? A) optical encryption B) physical layer encryption C) disk encryption D) public key encryption

53) A(n) ________ sits outside an organizational network and is the first device that Internet traffic encounters. A) internal firewall B) perimeter firewall C) adware D) malware

55) ________ is a broad category of software that includes viruses, worms, Trojan horses, spyware, and adware. A) Malware B) Payload C) Shareware D) Firewall

57) Adware and spyware are similar to each other in that they both ________. A) masquerade as useful programs B) are specifically programmed to spread C) are installed with a user's permission D) reside in the background and observe a user's behavior

75) Thomas is responsible for creating backup copies of information in a system. He also works along with IT personnel to ensure that the backups are valid and that effective recovery procedures exist. Thomas is involved in establishing ________. A) human safeguards B) data safeguards C) technical safeguards D) hardware safeguards

76) ________ refers to an organization-wide function that is in charge of developing data policies and enforcing data standards. A) Database administration B) Data encapsulation C) Data administration D) Database encapsulation

77) The procedure of entrusting a party with a copy of an encryption key that can be used in case the actual key is lost or destroyed is called ________. A) key escrow B) pledged encryption C) insured encryption D) key replication

81) Which of the following statements is true of position sensitivity? A) It is a type of data safeguard. B) It enables security personnel to prioritize their activities in accordance with the possible risk and loss if documented. C) It refers to the specific documentation of highly sensitive jobs. D) It increases the effectiveness of user accounts by giving users the maximum possible privilege needed to perform their job.

82) Which of the following are the three independent factors that constitute the enforcement of security procedures and policies? A) centralized reporting, preparation, and practice B) hiring, screening, and terminating C) separation of duties, provision of maximum privilege, and position sensitivity D) responsibility, accountability, and compliance

83) In terms of password management, when an account is created, users should ________. A) create two passwords and switch back and forth between the two B) immediately change the password they are given to a password of their own C) maintain the same password they are given for all future authentication purposes D) ensure that they do not change their passwords frequently to reduce the risk of password theft

84) ________ a site means to take extraordinary measures to reduce a system's vulnerability. A) Pretexting B) Hacking C) Spoofing D) Hardening

85) ________ are created by companies as false targets for computer criminals to attack. A) Negatives B) Honeypots C) Cookies D) Trojan horses

91) A(n) ________ includes how employees should react to security problems, whom they should contact, the reports they should make, and steps they can take to reduce further loss. A) application design B) activity log C) systems procedure D) incident-response plan