BCIS 5311 - Quiz Chapter 8
A Trojan horse:
is software that appears to be benign but does something other than expected.
All of the following are specific security challenges that threaten corporate servers in a client/server environment except:
sniffing
All of the following have contributed to an increase in software flaws except:
the increase in the number of computer hackers in the world.
An authentication system in which a user must provide two types of identification, such as a bank card and PIN, is called:
two-factor authentication.
Public key encryption uses one key.
False
Phishing is a form of spoofing.
True
The HIPAA Act of 1996:
outlines medical security and privacy rules.
According to the 2020 Identity Fraud Study by Javelin Strategy & Research, how much did consumers lose to identity fraud in 2019?
$16.9 billion
According to Accenture and Ponemon Institute's Ninth Annual Cost of Cyber Crime Study, the average annualized cost of cybercrime in 2018 for benchmarked organizations was approximately:
13 million
Which of the following statements about passwords is not true?
Authentication cannot be established by the use of a password.
Which of the following statements about wireless security is not true?
Bluetooth is the only wireless technology that is not susceptible to hacking by eavesdroppers
Which of the following refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards?
Controls
Which of the following focuses primarily on the technical issues of keeping systems up and running?
Disaster recovery planning
A computer virus replicates more quickly than a computer worm.
False
Digital resiliency focuses solely on the resiliency of the IT function.
False
Malicious software programs referred to as spyware include a variety of threats such as computer viruses, worms, and Trojan horses.
False
Which of the following statements about botnets is not true?
It is not possible to make a smartphone part of a botnet.
Which of the following statements about Internet security vulnerabilities is not true?
Large public networks, such as the Internet, are less vulnerable than internal networks.
Which of the following specifically makes malware distribution and hacker attacks to disable websites a federal crime?
National Information Infrastructure Protection Act
A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic.
True
Authentication refers to verifying that people are who they claim to be.
True
Biometric authentication uses systems that read and interpret individual human traits.
True
DoS attacks flood a network server with thousands of requests for service.
True
The Mirai botnet infected numerous IoT devices and then used them to launch a DDoS attack
True
All of the following are types of information systems general controls except:
application controls
All of the following are currently being used as human traits that can be profiled by biometric authentication except:
body odor
The intentional defacement or destruction of a website is called:
cybervandalism
Which of the following techniques stops data packets originating outside the organization, inspects them, and uses a proxy to pass packet information to the other side of an organization's firewall?
Application proxy filtering
In cloud computing, accountability and responsibility for protection of sensitive data resides with the company owning the data.
True
Which of the following is the most recent specification of the security standard developed for Wi-Fi?
WPA3
When a hacker discovers a security hole in software that is unknown to the software's creator, it is an example of:
a zero-day vulnerability.
Which of the following defines acceptable uses of a firm's information resources and computing equipment?
An AUP
An analysis of an information system that rates the likelihood of a security incident occurring and its cost would be included in which of the following?
Risk assessment
Which of the following statements about blockchain is not true?
The data represented in a blockchain is maintained in a central database.
A NAT conceals the IP addresses of the organization's internal host computer(s) to prevent sniffer programs outside the firewall from ascertaining them and using that information to penetrate internal systems.
True
A computer worm is a program that can copy itself to other computers on the network.
True
Which of the following is an example of a keylogger?
Zeus
All of the following are specific security challenges that threaten corporate systems in a client/server environment except:
radiation
Fault tolerant information systems create an environment designed to provide continuous, uninterrupted services by using:
redundant hardware, software, and power supplies.
Blockchain refers to a technology that:
uses a chain of digital "blocks" that contain records of transactions.
A digital certificate system:
uses third party CAs to validate a user's identity.
________ controls formalize standards, rules, procedures, and control disciplines to ensure that the organization's general and application controls are properly executed and enforced.
Administrative
Dyn suffered which of the following types of attacks?
`DDoS
When hackers gain access to a database containing your personal private information, this is an example of:
identity theft
Most computer viruses deliver a:
payload
Which of the following is not an example of a computer used as a target of crime?
Illegally accessing stored electronic communication
Two-factor authentication utilizes a(n):
a multistep process of authentication.
Mobile devices typically feature state-of-the-art encryption and security features, making them highly secure tools for businesses, and therefore do not require any special protections.
False
Most IoT devices support sophisticated security approaches.
False
Packet filtering catches most types of network attacks.
False
Smartphones are not vulnerable to malicious software or penetration from outsiders.
False
Legislation requiring private or governmental entities to notify individuals of security breaches involving personally identifiable information has been enacted in all 50 states.
True
Zero defects cannot be achieved in larger software programs because fully testing programs that contain thousands of choices and millions of paths would require thousands of years.
True
Which of the following refers to eavesdroppers driving by buildings or parking outside and trying to intercept wireless network traffic?
War driving
A foreign country attempting to access government networks in order to disable a national power grid is an example of:
cyberwarfare
All of the following are specific security challenges that threaten the communications lines in a client/server environment except:
phishing
Currently, the protocols used for secure information transfer over the Internet are:
SSL, TLS, and S-HTTP.
