AIS Chapter 9
9-1.3 Which of the following statements is NOT true? a) Encryption protects the confidentiality of information while it is in processing. b)Encryption protects the confidentiality of information while it is in storage. c)Encryption protects the confidentiality of information while it is being sent over the Internet.
a) Encryption protects the confidentiality of information while it is in processing.
9.6 Which of the following Generally Accepted Privacy Principles would an organization violate if it collects and stores your sensitive personal information without your knowledge? a)Choice and consent. b)Notice. c)Collection. d)Management.
a)Choice and consent.
9.9 _____ provides assurance that someone cannot enter into a digital transaction and then subsequently deny they had done so and refuse to fulfill their side of the contract. a)Digital signature. b)Certificate authority. c)Digital certificate. d)Public key infrastructure.
a)Digital signature.
9-3.1 Which type of encryption is faster? a)Symmetric b)Asymmetric
a)Symmetric
9.4 Replacing sensitive personal information with fake data is called a)data masking b)encryption c)information rights management d)nonrepudiation
a)data masking
9.3 Using your private key to encrypt a hash of a document creates a a)digital signature b)digital watermark c)digital certificate d)cookie
a)digital signature
9.8 Which of the following factor(s) should be considered when determining the strength of any encryption system? a)Encryption algorithm. b)All of these are correct. c)Policies for managing the cryptographic keys. d)Key length.
b)All of these are correct.
9-2.3 Which statement is true? a)Encryption is sufficient to protect confidentiality and privacy. b)Encryption is necessary to protect confidentiality and privacy.Encryption is a necessary control for protecting both confidentiality and privacy. However, it is not sufficient because encryption protects information only when it is in transit across the Internet and in storage, but not when it is being processed, displayed on a monitor, or included in a report. Therefore, in addition to encryption, access controls and training are also needed to protect confidentiality and privacy.
b)Encryption is necessary to protect confidentiality and privacy.Encryption is a necessary control for protecting both confidentiality and privacy. However, it is not sufficient because encryption protects information only when it is in transit across the Internet and in storage, but not when it is being processed, displayed on a monitor, or included in a report. Therefore, in addition to encryption, access controls and training are also needed to protect confidentiality and privacy.
9-2.1 If an organization asks customers to agree to let the organization collect and use customers' personal information, it is following the consent practice referred to as: a)Opt-out b)Opt-inIf an organization asks permission to collect and use a customer's personal information, it is obtaining explicit consent from the customer, a practice referred to as opt-in.
b)Opt-inIf an organization asks permission to collect and use a customer's personal information, it is obtaining explicit consent from the customer, a practice referred to as opt-in.
9.2 Which of the following is used to protect the privacy of customers' personal information? a)Cookies b)Tokenization c)Certificate authority d)Digital watermarks
b)Tokenization
9-3.3 If you want to e-mail a document to a friend so that your friend can be certain that the document came from you, you should encrypt the document using: a)your public key. b)your private key.If you encrypt the document with your public key, your friend will not be able to open it because it can only be decrypted with your private key, which only you possess. If you encrypt the document with your private key, anyone can open it using your public key and, when they do, the fact that your public key successfully decrypted the document proves that it came from you. Encrypting the document with your friend's public key protects the document so that only your friend can open it, but it does not prove from whom it came from. Unless you have hacked your friend, you will not have your friend's private key. c)your friend's public key. d)your friend's private key.
b)your private key.If you encrypt the document with your public key, your friend will not be able to open it because it can only be decrypted with your private key, which only you possess. If you encrypt the document with your private key, anyone can open it using your public key and, when they do, the fact that your public key successfully decrypted the document proves that it came from you. Encrypting the document with your friend's public key protects the document so that only your friend can open it, but it does not prove from whom it came from. Unless you have hacked your friend, you will not have your friend's private key.
9-1.2 Software that is embedded in documents or files that contain confidential information to indicate who owns that information is called a)Information Rights Management (IRM) b) Data Loss Prevention (DLP) c) Digital Watermark d)None of the above
c) Digital Watermark
9.5 Which of the following helps protect you from identity theft? a)Encrypt all email that contains personal information b) Shred all paper documents that contain personal information before disposal c)All of the actions listed help protect you from identity theft d)Monitor your credit reports regularly
c)All of the actions listed help protect you from identity theft
9-1.1 Software that protects confidentiality by screening outgoing documents to identify and block transmission of sensitive information is called a)None of these are correct b)Digital Watermark c)Data Loss Prevention (DLP) d)Information Rights Management (IRM)
c)Data Loss Prevention (DLP)
9.10 A website has a checkbox that states, "Click here if you do NOT want the AJAX company to share your information with third parties and send you offers that you might be interested in" is following the choice and consent practice known as a)Hashing b)Opt-in c)Opt-out
c)Opt-out
9.1 Which of following action(s) must an organization take to preserve the confidentiality of sensitive information? a)Purchase fraud insurance. b)All of these are correct. c)Train employees to properly handle information. d)Hire a CISO.
c)Train employees to properly handle information.
9-3.2 If you want to e-mail a document to a friend and be assured that only your friend will be able to open the document, you should encrypt the document using: a)your public key. b)your private key. c)your friend's public key.If you encrypt the document with your public key, your friend will not be able to open it because it can only be decrypted with your private key, which only you possess. If you encrypt the document with your private key, anyone can open it using your public key. Unless you have hacked your friend, you will not have your friend's private key. d)your friend's private key.
c)your friend's public key.If you encrypt the document with your public key, your friend will not be able to open it because it can only be decrypted with your private key, which only you possess. If you encrypt the document with your private key, anyone can open it using your public key. Unless you have hacked your friend, you will not have your friend's private key.
9-2.2 Which statement is true? a)Confidentiality is concerned with protecting a customer's personal information. b)Privacy is concerned with protecting an organization's intellectual property. c)Both statements are true. d)Neither statement is true.Confidentiality is concerned with protecting an organization's intellectual property, including its business processes, new product development, and strategic plans. Privacy is concerned with protecting personal information collected from customers, suppliers, and employees.
d)Neither statement is true.Confidentiality is concerned with protecting an organization's intellectual property, including its business processes, new product development, and strategic plans. Privacy is concerned with protecting personal information collected from customers, suppliers, and employees.
9.7 If the same key is used to both encrypt and decrypt a file, that is an example of what is referred to as a(n) a)public key infrastructure b)asymmetric encryption system c)virtual private network d)symmetric encryption system
d)symmetric encryption system