MIS Chapter 8

Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called
pharming.
phishing.
sniffing.
snooping
social engineering.

social engineering.

A foreign country attempting to access government networks in order to disable a national power grid would be an example of
denial-of-service attacks.
cyberwarfare.
cyberterrorism.
evil twins.
phishing.

cyberwarfare.

Comprehensive security management products, with tools for firewalls, VPNs, intrusion detection systems, and more, are called ________ systems.
NSP
PKI
MSSP
DPI
UTM

UTM

Which of the following statements about the Internet security is not true?
A corporate network without access to the Internet is more secure than one that provides access.
Instant messaging can provide hackers access to an otherwise secure network.
VoIP i

VoIP is more secure than the switched voice network.

Which of the following is not an example of a computer used as an instrument of crime?
theft of trade secrets
unauthorized copying of software
schemes to defraud
intentionally attempting to intercept electronic communication
breaching the confidentiality

breaching the confidentiality of protected computerized data

Large amounts of data stored in electronic form are ________ than the same data in manual form.
prone to more errors
vulnerable to many more kinds of threats
more critical to most businesses
more secure
less vulnerable to damage

vulnerable to many more kinds of threats

In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?
public key encryption
symmetric key encryption
distributed encryption
SSL/TLS
private key encryption

symmetric key encryption

The HIPAA Act of 1996
requires financial institutions to ensure the security of customer data.
identifies computer abuse as a crime and defines abusive activities.
outlines medical security and privacy rules.
specifies best practices in information system

outlines medical security and privacy rules.

Which of the following is not an example of a computer used as a target of crime?
illegally accessing stored electronic communication
knowingly accessing a protected computer to commit fraud
accessing a computer system without authority
threatening to cau

illegally accessing stored electronic communication

Which of the following specifications replaces WEP with a stronger security standard that features changing encryption keys?
AUP
UTM
WPA2
VPN
TLS

WPA2

Hackers create a botnet by:
infecting corporate servers with
"zombie" Trojan horses that allow undetected access through a back door.
pharming multiple computers.
using Web search bots to infect other computers.
causing other people's computers to become

causing other people's computers to become "zombie" PCs following a master computer.

Biometric authentication
only uses biographical details for identification.
is used widely in Europe for security applications.
can use a person's voice as a unique, measurable trait.
is inexpensive.
only uses physical measurements for identification.

can use a person's voice as a unique, measurable trait.

________ controls ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage.
Input
Administrative
Software
Data security
Implementation

Data security

Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n) ________ attack.
phishing
botnet
SQL injection
DoS
DDoS

DDoS

You have been hired as a security consultant for a law firm. Which of the following constitutes the greatest source for network security breaches to the firm?
wireless network
employees
software quality
lack of data encryption
authentication procedures

employees

An authentication system in which a user must provide two types of identification, such as a bank card and PIN, is called
two-factor authentication.
smart card authentication.
biometric authentication.
symmetric key authorization.
token authentication.

two-factor authentication.

Statements ranking information risks and identifying security goals are included in a(n)
AUP.
risk assessment.
business continuity plan.
security policy.
business impact analysis.

security policy.

Application controls
monitor the use of system software and prevent unauthorized access to software and programs.
can be classified as input controls, processing controls, and output controls.
include software controls, computer operations controls, and i

can be classified as input controls, processing controls, and output controls.

Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n)
AUP.
security policy.
business impact analysis.
business continuity plan.
risk assessment.

risk assessment.

In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.
deep-packet inspection
stateful inspection
application proxy filtering
unified threat man

deep-packet inspection

________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.
Packet filtering technologies
Intrusion detection systems
Application proxy fi

Intrusion detection systems

________ is malware that logs and transmits everything a user types.
A sniffer
A keylogger
A Trojan horse
A worm
Spyware

A keylogger

________ identify the access points in a Wi-Fi network.
NICs
SSIDs
UTMs
Mac addresses
URLs

SSIDs

A salesperson clicks repeatedly on the online ads of a competitor's in order to drive the competitor's advertising costs up. This is an example of
pharming.
evil twins.
click fraud.
spoofing.
phishing.

click fraud.

The Internet poses specific security problems because
it changes so rapidly.
Internet data is not run over secure lines.
Internet standards are universal.
there is no formal controlling body.
it was designed to be easily accessible.

it was designed to be easily accessible.

Rigorous password systems
are often disregarded by employees.
are one of the most effective security tools.
are costly to implement.
may hinder employee productivity.

may hinder employee productivity.

________ is malware that hijacks a user's computer and demands payment in return for giving back access.
Ransomware
Spyware
A Trojan horse
A virus
An evil twin

Ransomware

Which of the following is a virus that uses flaws in Windows software to take over a computer remotely?
Sasser
ILOVEYOU
Conficker
Melissa
Zeus Trojan

Conficker

Social networking sites have become a new conduit for malware because
they are especially vulnerable to social engineering.
they allow users to post software code.
they are used by so many people.
they allow users to post media and image files.
they have

they allow users to post software code.

Smaller firms may outsource some or many security functions to
ISPs.
PKIs.
MISs.
MSSPs.
CAs.

MSSPs.

The communications lines in a client/server environment are specifically vulnerable to
malware.
vandalism.
tapping.
errors.
software failure.

tapping.

Your company, an online discount stationers, has calculated that a loss of Internet connectivity for 3 hours results in a potential loss of $2,000 to $3,000 and that there is a 50% chance of this occurring each year. What is the annual expected loss from

$1,250

For 100-percent availability, online transaction processing requires
fault-tolerant computer systems.
a digital certificate system.
high-capacity storage.
a multi-tier server network.
dedicated phone lines.

fault-tolerant computer systems.

A practice in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic is referred to as
sniffing.
drive-by tapping.
war driving.
snooping.
cybervandalism.

war driving.

The Sarbanes-Oxley Act
requires financial institutions to ensure the security of customer data.
identifies computer abuse as a crime and defines abusive activities.
imposes responsibility on companies and management to safeguard the accuracy of financial

imposes responsibility on companies and management to safeguard the accuracy of financial information.

Electronic data are more susceptible to destruction, fraud, error, and misuse because information systems concentrate data in computer files that
can be opened with easily available software.
are easily decrypted.
are unprotected by up-to-date security sy

may be accessible by anyone who has access to the same network.

Evil twins are
bogus wireless network access points that look legitimate to users.
computers that fraudulently access a Web site or network using the IP address and identification of an authorized computer.
Trojan horses that appears to the user to be a l

bogus wireless network access points that look legitimate to users.

Client software in a client/server environment is specifically vulnerable to
unauthorized access.
radiation.
vandalism.
fraud.
DoS attacks.

unauthorized access.

In a client/server environment, corporate servers are specifically vulnerable to
malware.
tapping.
sniffing.
radiation.
unauthorized access.

malware.

How do software vendors correct flaws in their software after it has been distributed?
They issue bug fixes.
They don't; users purchase software at their own risk.
They release updated versions of the software.
They issue patches.
They re-release the soft

They issue patches.

The most common type of electronic evidence is
instant messages.
voice-mail.
e-mail.
spreadsheets.
VOIP data.

e-mail.

The Gramm-Leach-Bliley Act
identifies computer abuse as a crime and defines abusive activities.
outlines medical security and privacy rules.
imposes responsibility on companies and management to safeguard the accuracy of financial information.
requires fi

requires financial institutions to ensure the security of customer data.

________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone else.
Spoofing
Social engineering
Evil twins
Identity theft
Pharming

Identity theft

________ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards.
"SSID standards

Controls

All of the following are types of information systems general controls except
administrative controls
software controls.
physical hardware controls.
computer operations controls.
application controls.

application controls.

Most antivirus software is effective against
any virus except those in wireless communications applications.
only those viruses already known when the software is written.
only those viruses active on the Internet and through e-mail.
only viruses that are

only those viruses already known when the software is written.

The intentional defacement or destruction of a Web site is called
phishing.
cyberwarfare.
cybervandalism.
spoofing.
pharming.

cybervandalism.

Currently, the protocols used for secure information transfer over the Internet are
S-HTTP and CA.
TCP/IP and SSL.
S-HTTP and SHTML.
SSL, TLS, and S-HTTP.
HTTP and TCP/IP.

SSL, TLS, and S-HTTP.

________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.
"Security"
"Identity management"
"Benchmarking"
"Algorithms"
"Controls

Security

Computer forensics tasks include all of the following except
securely storing recovered electronic data.
collecting physical evidence on the computer.
presenting collected evidence in a court of law.
finding significant information in a large volume of el

collecting physical evidence on the computer.

A firewall allows the organization to
check the accuracy of all transactions between its network and the Internet.
create access rules for a network.
check the content of all incoming and outgoing e-mail messages.
enforce a security policy on data exchang

enforce a security policy on data exchanged between its network and the Internet.

A digital certificate system
protects a user's identity by substituting a certificate in place of identifiable traits.
is used primarily by individuals for personal correspondence.
uses third-party CAs to validate a user's identity.
uses digital signature

uses third-party CAs to validate a user's identity.

Pharming involves
redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.
using e-mails for threats or harassment.
setting up fake Wi-Fi access points that look as if they are legitimate public ne

redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.

An authentication token is a(n)
electronic marker attached to a digital authorization file.
type of smart card.
gadget that displays passcodes.
device the size of a credit card that contains access permission data.

gadget that displays passcodes.

A Trojan horse
is a type of sniffer used to infiltrate corporate networks.
is malware named for a breed of fast-moving Near-Eastern horses.
is software that appears to be benign but does something other than expected.
installs spyware on users' computers.

is software that appears to be benign but does something other than expected.

Which of the following is a type of ambient data?
a set of raw data from an environmental sensor
data that has been recorded over
a file deleted from a hard disk
a file that contains an application's user settings
computer log containing recent system err

a file deleted from a hard disk