MIS chapter 12

6 July 2024
4.9 (147 reviews)
60 test answers

Unlock all answers in this set

Unlock answers (56)
question
1) A ________ is a person or organization that seeks to obtain data or other assets illegally, without the owner's permission and often without the owner's knowledge. A) target B) vulnerability C) threat D) warning
answer
C
question
2) Which of the following is considered a threat caused by human error? A) An employee inadvertently installs an old database on top of the current one. B) An employee intentionally destroys data and system components. C) A virus and worm writer infects computer systems. D) A hacker breaks into a system to steal for financial gain.
answer
A
question
3) Which of the following is considered a computer crime? A) accidentally deleting customer records B) poorly written programs resulting in data losses C) loss of data as a result of flooding D) hacking of information systems
answer
D
question
4) ________ occurs when someone deceives by pretending to be someone else. A) Hacking B) Baiting C) Sniffing D) Pretexting
answer
D
question
5) When referring to security threats, pretexting, sniffing, spoofing, and phishing are all examples of ________. A) unauthorized data disclosure B) incorrect data modification C) faulty services D) loss of infrastructure
answer
A
question
6) A ________ pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, Social Security numbers, account passwords, and so forth. A) hacker B) phisher C) safeguard D) sniffer
answer
B
question
7) Email spoofing is a synonym for ________. A) hacking B) phishing C) usurping D) sniffing
answer
B
question
8) ________ is a technique for intercepting computer communications, either through a physical connection to a network or, in the case of wireless networks, with no physical connection. A) Spoofing B) Phishing C) Sniffing D) Pretexting
answer
C
question
9) ________ take computers with wireless connections through an area and search for unprotected wireless networks and then monitor and intercept wireless traffic at will. A) Drive-by spoofers B) Pretexters C) Drive-by sniffers D) Phishers
answer
C
question
10) Which of the following is an example of a sniffing technique? A) IP spoofing B) caches C) ad blockers D) adware
answer
D
question
11) ________ occurs when a person breaks into a network to steal data such as customer lists, product inventory data, employee data, and other proprietary and confidential data. A) Pretexting B) Phishing C) Hacking D) Spoofing
answer
C
question
12) Which of the following is most likely to be the result of hacking? A) certain Web sites being blocked from viewing for security reasons B) small amounts of spam in your inbox C) an unexplained reduction in your account balance D) pop-up ads appearing frequently
answer
C
question
13) ________ occurs through human error when employees do not follow proper procedures or when procedures have not been well designed. A) Unauthorized data disclosure B) Incorrect data modification C) Denial of service D) Loss of infrastructure
answer
B
question
14) ________ occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones that shut down legitimate applications and substitute their own processing to spy, steal and manipulate data, or other purposes. A) Hacking B) Spoofing C) Phishing D) Usurpation
answer
D
question
15) Which of the following usually happens in a malicious denial-of-service attack? A) A hacker monitors and intercepts wireless traffic at will. B) A hacker floods a Web server with millions of bogus service requests. C) A hacker uses another site's IP address to masquerade as that other site. D) A phisher pretends to be a legitimate company and requests confidential data.
answer
B
question
16) ________ present the largest risk for an organization's infrastructure loss. A) Employees B) Natural disasters C) Hackers D) Competitors
answer
B
question
17) A(n) ________ is a computer program that senses when another computer is attempting to scan the disk or otherwise access a computer. A) IDS B) botnet C) antivirus D) firewall
answer
A
question
18) Nonword passwords are vulnerable to a ________ attack, in which the password cracker tries every possible combination of characters. A) denial-of-service B) side channel C) brute force D) obfuscation
answer
C
question
19) ________ are small files that your browser stores on your computer when you visit Web sites and enable you to access Web sites without having to sign in every time. A) Cookies B) Registers C) Pop-ups D) Public keys
answer
A
question
20) Employees resent physical searches when arriving at and departing from work. Which aspect of computer security described in the NIST Handbook is reflected here? A) Computer security is an integral element of sound management. B) Computer security should be cost-effective. C) Computer security is constrained by societal factors. D) Computer security should be periodically reassessed.
answer
C
question
21) Which of the following is a critical security function of senior management? A) safeguarding computer hardware and software B) delegating responsibility for managing IS security C) establishing the security policy and managing risk D) managing security programs on a real-time basis
answer
C
question
22) Which element of a security policy specifies how an organization will ensure the enforcement of security programs and policies? A) the general statement of the security policy B) the issue-specific policy C) the network policy D) the system-specific policy
answer
A
question
23) A security policy covering the matters related to the personal use of computers at work would be an example of a(n) ________. A) data policy B) issue-specific policy C) system-specific policy D) network security policy
answer
B
question
24) Which of the following is an example of a system-specific security policy? A) limiting the personal use of an organization's computer systems B) deciding what customer data from the order-entry system will be shared with other organizations C) designating a department for managing an organization's IS security D) inspecting an employee's personal email for compliance with company policy
answer
B
question
25) ________ refers to things we do not know, while ________ is the likelihood of an adverse occurrence. A) Risk, indemnity B) Uncertainty, risk C) Assessment, uncertainty D) Vulnerability, risk
answer
B
question
26) Which of the following is the first step in risk management? A) create backup procedures B) reduce the likelihood of a threat C) evaluate the results of the risk management process D) assess the threats and vulnerabilities
answer
D
question
27) Which factor of risk assessment refers to the probability that a given asset will be compromised by a given threat, despite the safeguards? A) likelihood B) uncertainty C) consequence D) vulnerability
answer
A
question
28) Which of the following is an example of an intangible consequence? A) a dip in sales because supplies were not replenished B) a loss of customer goodwill due to an outage C) a drop in production due to plant maintenance D) a financial loss due to high input costs
answer
B
question
29) To obtain a measure of probable loss, companies ________. A) multiply likelihood by the probability of occurrence B) multiply the vulnerability by the probability of occurrence C) multiply likelihood by the cost of the consequences D) multiply residual risk by the cost of the consequences
answer
C
question
30) Which of the following is covered by the Gramm-Leach-Bliley Act of 1999? A) information related to national security B) records maintained by the U.S. government C) consumer financial data stored by financial institutions D) health data collected by doctors and other health-care providers
answer
C
question
31) The Privacy Act of 1974 covers ________. A) records held by private companies B) records held by the U.S. government C) records held by banks and other financial institutions D) records held by non-government agencies
answer
B
question
32) Which of the following was passed to give individuals the right to access their own health data created by doctors and other health-care providers? A) Privacy Act of 1974 B) Sarbanes-Oxley Act C) HIPAA D) Gramm-Leach-Bliley Act
answer
C
question
33) Which of the following is an example of a technical safeguard? A) position definitions B) firewalls C) key escrow D) account management
answer
B
question
34) A(n) ________ card has a microchip in it to hold data. A) ATM B) smart C) biometric D) LAN
answer
B
question
35) Users of smart cards are required to enter a ________ to be authenticated. A) Social Security number B) public key C) personal identification number D) private key
answer
C
question
36) Which of the following is used for biometric authentication? A) smart cards B) facial features C) passwords D) personal identification numbers
answer
B
question
37) Which of the following statements is true for biometric identification? A) It involves the use of a PIN for authentication. B) It provides weak authentication. C) It is a relatively cheap mode of authentication. D) It often faces resistance from users for its invasive nature.
answer
D
question
38) A system called ________ authenticates users without sending their passwords across a computer network. A) Kerberos B) WPA C) pretexting D) WEP
answer
A
question
39) The IEEE 802.11 Committee, the group that develops and maintains wireless standards, first developed a wireless security standard called ________. A) Wireless Fidelity B) Wi-Fi Protected Access C) Wired Equivalent Privacy D) WiMax
answer
C
question
40) ________ is the process of transforming clear text into coded, unintelligible text for secure storage or communication. A) Inscription B) Etching C) Encryption D) Decryption
answer
C
question
41) With ________ encryption, the sender and receiver transmit a message using the same key. A) asymmetric B) coaxial C) symmetric D) collinear
answer
C
question
42) Which of the following observations concerning Secure Socket Layer (SSL) is true? A) It uses only asymmetric encryption. B) It is a useful hybrid of symmetric and asymmetric encryption techniques. C) It works between Levels 2 and 3 of the TCP-OSI architecture. D) It is a stronger version of HTTPS.
answer
B
question
43) You are transferring funds online through the Web site of a reputed bank. Which of the following displayed in your browser's address bar will let you know that the bank is using the SSL protocol? A) http B) www C) https D) .com
answer
C
question
44) ________ is the term used to denote viruses, worms, Trojan horses, spyware, and adware. A) Malware B) Kerberos C) Usurpation D) Spam
answer
A
question
45) A virus is a computer program that replicates itself. The program code that causes unwanted activity is called the ________. A) payload B) Trojan C) bot herder D) key escrow
answer
A
question
46) ________ are viruses that masquerade as useful programs or files. A) Adware B) Firmware C) Trojan horses D) Payloads
answer
C
question
47) A(n) ________ is a type of virus that propagates using the Internet or other computer networks. A) worm B) sniffer C) Trojan horse D) phisher
answer
A
question
48) What is a major difference between spyware and adware? A) Unlike spyware, adware does not perform malicious acts. B) Unlike spyware, adware steals data from users. C) Unlike spyware, adware is installed with the user's permission. D) Unlike spyware, adware does not observe user behavior.
answer
A
question
49) ________, tiny files that gather demographic information, use a single code to identify users by age, gender, location, likely income, and online activity. A) Cookies B) Adware C) Payloads D) Beacons
answer
D
question
50) The term ________ refers to any type of program that is surreptitiously installed and that takes actions unknown and uncontrolled by the computer's owner or administrator. A) proxy B) payload C) bot D) string
answer
C
question
51) Because encryption keys can be lost or destroyed, a copy of the key should be stored with a trusted third party. This procedure is called ________. A) Kerberos B) spoofing C) brute force D) key escrow
answer
D
question
52) Maintaining the computers that run a DBMS in a locked room is a part of ________. A) malware safeguards B) recovery procedures C) physical security procedures D) data rights and responsibilities
answer
C
question
53) Which of the following statements about human safeguards for employees is true? A) Security screening in an organization is a one-time process and applies only to new employees. B) Users' computer accounts should give users the least possible privilege necessary to perform their jobs. C) Companies can provide user accounts and passwords to employees prior to their security training. D) There are only two main aspects to security enforcement: responsibility and accountability.
answer
B
question
54) When an employee is terminated, IS administrators should receive advance notice so they can ________. A) destroy the employee's records B) plan for new recruitment C) disseminate information D) remove user accounts and passwords
answer
D
question
55) ________ a site means to take extraordinary measures to reduce a system's vulnerability, using special versions of the operating system, and eliminating operating systems features and functions that are not required by the application. A) Leveling B) Hardening C) Authenticating D) Certifying
answer
B
question
56) ________ are the primary means of authentication and are important not just for access to a user's computer, but also for authentication to other networks and servers to which the user may have access. A) Private keys B) User names C) Passwords D) Personal identification numbers
answer
C
question
57) Which of the following systems procedures is specifically the responsibility of operations personnel? A) backing up data on one's personal computer B) using systems to perform job tasks C) backing up system databases D) knowing whom to contact when a security breach occurs
answer
C
question
58) In disaster-preparedness terminology, a ________ is a utility company that can take over another company's processing with no forewarning. A) Web farm B) cold site C) development site D) hot site
answer
D
question
59) Which of the following observations is true of a cold site? A) It is located on the company's premises. B) It is more expensive to lease than a hot site. C) It requires customers to install and manage systems themselves. D) It provides only office space.
answer
C
question
60) Many companies create ________, which are false targets for computer criminals to attack. To an intruder, it would look like a particularly valuable resource, such as an unprotected Web site, but in actuality the only site content is a program that determines the attacker's IP address. A) bot herders B) hot sites C) honeypots D) beacons
answer
C