Chapter 8 example #20349

11 November 2022
4.7 (53 reviews)
80 test answers

Unlock all answers in this set

Unlock answers (76)
question
Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called pharming. phishing. sniffing. snooping social engineering.
answer
social engineering.
question
A foreign country attempting to access government networks in order to disable a national power grid would be an example of denial-of-service attacks. cyberwarfare. cyberterrorism. evil twins. phishing.
answer
cyberwarfare.
question
Organizations can use existing network security software to secure mobile devices. True False
answer
False
question
Packet filtering catches most types of network attacks. True False
answer
False
question
Comprehensive security management products, with tools for firewalls, VPNs, intrusion detection systems, and more, are called ________ systems. NSP PKI MSSP DPI UTM
answer
UTM
question
Which of the following statements about the Internet security is not true? A corporate network without access to the Internet is more secure than one that provides access. Instant messaging can provide hackers access to an otherwise secure network. VoIP is more secure than the switched voice network. The use of P2P networks can expose a corporate computer to outsiders. Smartphones have the same security weaknesses as other Internet devices.
answer
VoIP is more secure than the switched voice network.
question
Which of the following is not an example of a computer used as an instrument of crime? theft of trade secrets unauthorized copying of software schemes to defraud intentionally attempting to intercept electronic communication breaching the confidentiality of protected computerized data
answer
breaching the confidentiality of protected computerized data
question
Large amounts of data stored in electronic form are ________ than the same data in manual form. prone to more errors vulnerable to many more kinds of threats more critical to most businesses more secure less vulnerable to damage
answer
vulnerable to many more kinds of threats
question
Biometric authentication is the use of personal, biographic details such as the high school you attended and the first street you lived on to provide identification. True False
answer
False
question
In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key? public key encryption symmetric key encryption distributed encryption SSL/TLS private key encryption
answer
symmetric key encryption
question
The HIPAA Act of 1996 requires financial institutions to ensure the security of customer data. identifies computer abuse as a crime and defines abusive activities. outlines medical security and privacy rules. specifies best practices in information systems security and control. imposes responsibility on companies and management to safeguard the accuracy of financial information.
answer
outlines medical security and privacy rules.
question
Sniffers enable hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files, and confidential reports. True False
answer
True
question
Which of the following is not an example of a computer used as a target of crime? illegally accessing stored electronic communication knowingly accessing a protected computer to commit fraud accessing a computer system without authority threatening to cause damage to a protected computer breaching the confidentiality of protected computerized data
answer
illegally accessing stored electronic communication
question
You can test software before it is even written by conducting a walkthrough. True False
answer
True
question
One form of spoofing involves forging the return address on an e-mail so that the e-mail message appears to come from someone other than the sender. True False
answer
True
question
DoS attacks are used to destroy information and access restricted areas of a company's information system. True False
answer
False
question
Which of the following specifications replaces WEP with a stronger security standard that features changing encryption keys? AUP UTM WPA2 VPN TLS
answer
WPA2
question
SSL is a protocol used to establish a secure connection between two computers. True False
answer
True
question
Smartphones typically feature state-of-the-art encryption and security features, making them highly secure tools for businesses. True False
answer
False
question
Hackers create a botnet by: infecting corporate servers with "zombie" Trojan horses that allow undetected access through a back door. pharming multiple computers. using Web search bots to infect other computers. causing other people's computers to become "zombie" PCs following a master computer. infecting Web search bots with malware.
answer
causing other people's computers to become "zombie" PCs following a master computer.
question
Smartphones have the same security flaws as other Internet-connected devices. True False
answer
True
question
An acceptable use policy defines the acceptable level of access to information assets for different users. True False
answer
False
question
Biometric authentication only uses biographical details for identification. is used widely in Europe for security applications. can use a person's voice as a unique, measurable trait. is inexpensive. only uses physical measurements for identification.
answer
can use a person's voice as a unique, measurable trait.
question
________ controls ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage. Input Administrative Software Data security Implementation
answer
Data security
question
Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n) ________ attack. phishing botnet SQL injection DoS DDoS
answer
DDoS
question
You have been hired as a security consultant for a law firm. Which of the following constitutes the greatest source for network security breaches to the firm? wireless network employees software quality lack of data encryption authentication procedures
answer
employees
question
Zero defects cannot be achieved in larger software programs because fully testing programs that contain thousands of choices and millions of paths would require thousands of years. True False
answer
True
question
An authentication system in which a user must provide two types of identification, such as a bank card and PIN, is called two-factor authentication. smart card authentication. biometric authentication. symmetric key authorization. token authentication.
answer
two-factor authentication.
question
Statements ranking information risks and identifying security goals are included in a(n) AUP. risk assessment. business continuity plan. security policy. business impact analysis.
answer
security policy.
question
Application controls monitor the use of system software and prevent unauthorized access to software and programs. can be classified as input controls, processing controls, and output controls. include software controls, computer operations controls, and implementation controls. govern the design, security, and use of computer programs and the security of data files in general throughout the organization. apply to all computerized applications and consist of a combination of hardware, software, and manual procedures that create an overall control environment.
answer
can be classified as input controls, processing controls, and output controls.
question
Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n) AUP. security policy. business impact analysis. business continuity plan. risk assessment.
answer
risk assessment.
question
In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data. deep-packet inspection stateful inspection application proxy filtering unified threat management high availability computing
answer
deep-packet inspection
question
________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors. Packet filtering technologies Intrusion detection systems Application proxy filtering technologies Stateful inspections Firewalls
answer
Intrusion detection systems
question
________ is malware that logs and transmits everything a user types. A sniffer A keylogger A Trojan horse A worm Spyware
answer
A keylogger
question
Wireless networks are more difficult for hackers to gain access too because radio frequency bands are difficult to scan. True False
answer
False
question
________ identify the access points in a Wi-Fi network. NICs SSIDs UTMs Mac addresses URLs
answer
SSIDs
question
A salesperson clicks repeatedly on the online ads of a competitor's in order to drive the competitor's advertising costs up. This is an example of pharming. evil twins. click fraud. spoofing. phishing.
answer
click fraud.
question
The Internet poses specific security problems because it changes so rapidly. Internet data is not run over secure lines. Internet standards are universal. there is no formal controlling body. it was designed to be easily accessible.
answer
it was designed to be easily accessible.
question
Rigorous password systems are often disregarded by employees. are one of the most effective security tools. are costly to implement. may hinder employee productivity.
answer
may hinder employee productivity.
question
________ is malware that hijacks a user's computer and demands payment in return for giving back access. Ransomware Spyware A Trojan horse A virus An evil twin
answer
Ransomware
question
Which of the following is a virus that uses flaws in Windows software to take over a computer remotely? Sasser ILOVEYOU Conficker Melissa Zeus Trojan
answer
Conficker
question
Social networking sites have become a new conduit for malware because they are especially vulnerable to social engineering. they allow users to post software code. they are used by so many people. they allow users to post media and image files. they have poor user authentication.
answer
they allow users to post software code.
question
When errors are discovered in software programs, the sources of the errors are found and eliminated through a process called debugging. True False
answer
True
question
Smaller firms may outsource some or many security functions to ISPs. PKIs. MISs. MSSPs. CAs.
answer
MSSPs.
question
The communications lines in a client/server environment are specifically vulnerable to malware. vandalism. tapping. errors. software failure.
answer
tapping.
question
Your company, an online discount stationers, has calculated that a loss of Internet connectivity for 3 hours results in a potential loss of $2,000 to $3,000 and that there is a 50% chance of this occurring each year. What is the annual expected loss from this exposure? $1,500 $500 $2,500 $1,000 $1,250
answer
$1,250
question
The term cracker is used to identify a hacker whose specialty is breaking open security systems. True False
answer
False
question
For 100-percent availability, online transaction processing requires fault-tolerant computer systems. a digital certificate system. high-capacity storage. a multi-tier server network. dedicated phone lines.
answer
fault-tolerant computer systems.
question
A practice in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic is referred to as sniffing. drive-by tapping. war driving. snooping. cybervandalism.
answer
war driving.
question
Malicious software programs referred to as spyware include a variety of threats such as computer viruses, worms, and Trojan horses. True False
answer
False
question
The Sarbanes-Oxley Act requires financial institutions to ensure the security of customer data. identifies computer abuse as a crime and defines abusive activities. imposes responsibility on companies and management to safeguard the accuracy of financial information. outlines medical security and privacy rules. specifies best practices in information systems security and control.
answer
imposes responsibility on companies and management to safeguard the accuracy of financial information.
question
In 2013, Panda Security reported approximately 30 million new kinds of malware strains. True False
answer
True
question
Electronic data are more susceptible to destruction, fraud, error, and misuse because information systems concentrate data in computer files that can be opened with easily available software. are easily decrypted. are unprotected by up-to-date security systems. are rarely validated. may be accessible by anyone who has access to the same network.
answer
may be accessible by anyone who has access to the same network.
question
Evil twins are bogus wireless network access points that look legitimate to users. computers that fraudulently access a Web site or network using the IP address and identification of an authorized computer. Trojan horses that appears to the user to be a legitimate commercial software application. fraudulent Web sites that mimic a legitimate business's Web site. e-mail messages that mimic the e-mail messages of a legitimate business.
answer
bogus wireless network access points that look legitimate to users.
question
Client software in a client/server environment is specifically vulnerable to unauthorized access. radiation. vandalism. fraud. DoS attacks.
answer
unauthorized access.
question
In a client/server environment, corporate servers are specifically vulnerable to malware. tapping. sniffing. radiation. unauthorized access.
answer
malware.
question
How do software vendors correct flaws in their software after it has been distributed? They issue bug fixes. They don't; users purchase software at their own risk. They release updated versions of the software. They issue patches. They re-release the software.
answer
They issue patches.
question
The most common type of electronic evidence is instant messages. voice-mail. e-mail. spreadsheets. VOIP data.
answer
e-mail.
question
The Gramm-Leach-Bliley Act identifies computer abuse as a crime and defines abusive activities. outlines medical security and privacy rules. imposes responsibility on companies and management to safeguard the accuracy of financial information. requires financial institutions to ensure the security of customer data. specifies best practices in information systems security and control.
answer
requires financial institutions to ensure the security of customer data.
question
A computer virus replicates more quickly than a computer worm. True False
answer
False
question
________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone else. Spoofing Social engineering Evil twins Identity theft Pharming
answer
Identity theft
question
________ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards. "SSID standards" "Controls" "Vulnerabilities" "Security policy" "Legacy systems"
answer
"Controls"
question
NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs. True False
answer
True
question
All of the following are types of information systems general controls except administrative controls software controls. physical hardware controls. computer operations controls. application controls.
answer
application controls.
question
Most antivirus software is effective against any virus except those in wireless communications applications. only those viruses already known when the software is written. only those viruses active on the Internet and through e-mail. only viruses that are well-known and typically several years old. any virus.
answer
only those viruses already known when the software is written.
question
The intentional defacement or destruction of a Web site is called phishing. cyberwarfare. cybervandalism. spoofing. pharming.
answer
cybervandalism.
question
Currently, the protocols used for secure information transfer over the Internet are S-HTTP and CA. TCP/IP and SSL. S-HTTP and SHTML. SSL, TLS, and S-HTTP. HTTP and TCP/IP.
answer
SSL, TLS, and S-HTTP.
question
Authentication refers to verifying that a person is who he or she claims to be. True False
answer
True
question
________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems. "Security" "Identity management" "Benchmarking" "Algorithms" "Controls"
answer
"Security"
question
Public key encryption uses two keys. True False
answer
True
question
Computer forensics tasks include all of the following except securely storing recovered electronic data. collecting physical evidence on the computer. presenting collected evidence in a court of law. finding significant information in a large volume of electronic data.
answer
collecting physical evidence on the computer.
question
Viruses can be spread through e-mail. True False
answer
True
question
A firewall allows the organization to check the accuracy of all transactions between its network and the Internet. create access rules for a network. check the content of all incoming and outgoing e-mail messages. enforce a security policy on data exchanged between its network and the Internet. create an enterprise system on the Internet.
answer
enforce a security policy on data exchanged between its network and the Internet.
question
As discussed in the chapter opening case, magnetic stripes are an old technology that is vulnerable to counterfeit and theft. True False
answer
True
question
A digital certificate system protects a user's identity by substituting a certificate in place of identifiable traits. is used primarily by individuals for personal correspondence. uses third-party CAs to validate a user's identity. uses digital signatures to validate a user's identity. uses tokens to validate a user's identity.
answer
uses third-party CAs to validate a user's identity.
question
Pharming involves redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser. using e-mails for threats or harassment. setting up fake Wi-Fi access points that look as if they are legitimate public networks. pretending to be a legitimate business's representative in order to garner information about a security system. setting up fake Web sites to ask users for confidential information.
answer
redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.
question
An authentication token is a(n) electronic marker attached to a digital authorization file. type of smart card. gadget that displays passcodes. device the size of a credit card that contains access permission data.
answer
gadget that displays passcodes.
question
A Trojan horse is a type of sniffer used to infiltrate corporate networks. is malware named for a breed of fast-moving Near-Eastern horses. is software that appears to be benign but does something other than expected. installs spyware on users' computers. is a virus that replicates quickly.
answer
is software that appears to be benign but does something other than expected.
question
The dispersed nature of cloud computing makes it difficult to track unauthorized access. True False
answer
True
question
Which of the following is a type of ambient data? a set of raw data from an environmental sensor data that has been recorded over a file deleted from a hard disk a file that contains an application's user settings computer log containing recent system errors
answer
a file deleted from a hard disk