Chapter 12
A digital signature is ____________. A. created by hashing a document and then encrypting the hash with the signer's private key B. created by hashing a document and then encrypting the hash with the signer's public key C. created by hashing a document and then encrypting the hash with the signer's symmetric key D. none of the above
A
Most websites provide information about what data is being collected, how it will be used, and why it is being collected. Websites provide this information in order to satisfy which GAPP principle? A. Notice B. Collection C. Use, retention, and disposal D. Choice and consent
A
Software that protects confidentiality by screening outgoing documents to identify and block transmission of sensitive information is called: A. Data Loss Prevention (DLP) B. Digital Watermark C. None of these are correct D. Information Rights Management (IRM)
A
Which of the following Generally Accepted Privacy Principles addresses the "right to be forgotten"? A. Use, retention, and disposal B. Choice and consent C. Access D. Collection
A
Which statement is true? A. Encryption is necessary to protect confidentiality and privacy. B. Encryption is sufficient to protect confidentiality and privacy.
A
_____ provides assurance that someone cannot enter into a digital transaction and then subsequently deny they had done so and refuse to fulfill their side of the contract. A. Digital signature B. Public key infrastructure C. Digital certificate D. Certificate authority
A
Which of the following statements is(are) true? (Check all that apply.) A. Encryption is reversible, but hashing is not. B. Encryption produces a file similar in size to the plaintext file, but hashing produces a short fixed-length file. C. Hashing produces a file similar in size to the plaintext file, but encryption produces a short fixed-length file. D. Hashing is reversible, but encryption is not.
A, B
Which of the following statements is(are) true? (Check all that apply.) A. Blockchain uses hashing. B. A nonce is a random number. C. A blockchain is a distributed ledger. D. Blockchains eliminate the need for audits.
A, B, C
Which of the following actions can reduce the risk of becoming a victim of identity theft? (Check all that apply.) A. Immediately cancel any lost or stolen credit cards B. Respond to e-mails from the IRS that ask you for your social security number C. Carry your social security with you at all times D. Do not place outgoing e-mail containing checks or personal information in your mailbox for pickup
A, D
If you want to e-mail a document to a friend so that your friend can be certain that the document came from you, you should encrypt the document using: A. your friend's private key. B. your private key. C. your public key D. your friend's public key.
B
One of the 10 Generally Accepted Privacy Principles concerns security. According to GAPP, what is the nature of the relationship between security and privacy? A. Privacy is a necessary, but not sufficient, precondition to effective security. B. Security is a necessary, but not sufficient, precondition to protect privacy. C. Privacy is both necessary and sufficient to effective security. D. Security is both necessary and sufficient to protect privacy.
B
Replacing sensitive personal information with fake data is called A. nonrepudiation. B. data masking. C. encryption. D. information rights management.
B
The GDPR gives people the right to request that organizations delete personal information that they have collected. This is referred to as the "right to be forgotten." Which GAPP principle most clearly relates to that right? A. Disclosure to third parties B. Use, retention, and disposal C. Access D. Quality
B
Using your private key to encrypt a hash of a document creates a __________. A. cookie. B. digital signature. C. digital certificate. D. digital watermark.
B
Which of the following can be used to prevent unauthorized changes to completed business transactions? A. Tokenization B. Blockchain C. Digital watermarks D. PKI
B
Which of the following can organizations use to protect the privacy of a customer's personal information when giving programmers a realistic data set with which to test a new application? A. data loss prevention B. data masking C. digital signature D. digital watermark
B
Which of the following statements is true? A. Encryption is sufficient to protect confidentiality and privacy. B. Cookies are text files that only store information. They cannot perform any actions. C. The controls for protecting confidentiality are not effective for protecting privacy. D. All of the above are true.
B
Which of the following statements is true? A. Hashing is reversible, but encryption is not. B. Encryption is reversible, but hashing is not. C. Neither hashing nor encryption is reversible. D. Encryption and hashing are both reversible (can be decoded).
B
Which type of encryption is faster? A. Asymmetric B. Symmetric
B
Which of the following statements is(are) true? (Check all that apply.) A. Symmetric encryption systems use two keys (public and private). B. Asymmetric encryption systems use two keys (public and private) C. Symmetric encryption is faster than asymmetric encryption. D. Asymmetric encryption is faster than symmetric encryption.
B, C
Which of the following government regulations mandates that almost every company in the U.S. must take specific actions to protect privacy or face fines for failure to comply? (Check all that apply.) A. GAPP B. CCPA C. COSO D. GDPR
B, D
A website has a checkbox that states, "Click here if you do NOT want the AJAX company to share your information with third parties and send you offers that you might be interested in" is following the choice and consent practice known as A. right to be forgotten. B. opt-in. C. opt-out.
C
Able wants to send a file to Baker over the Internet and protect the file so that only Baker can read it and verify that it came from Able. What should Able do? A. Encrypt the file using Able's private key, and then encrypt it again using Baker's private key. B. Encrypt the file using Able's public key, and then encrypt it again using Baker's public key. C. Encrypt the file using Able's private key, and then encrypt it again using Baker's public key. D. Encrypt the file using Able's public key, and then encrypt it again using Baker's private key.
C
Confidentiality focuses on protecting ____________. A. personal information collected from customers B. a company's annual report stored on its website C. merger and acquisition plans D. all of the above
C
How do you verify a digital signature? A. If the signature you create by hashing your copy of the document or file and then encrypting that with the sender's public key matches the digital signature the sender sent to you. B. If the digital signature matches the sender's digital certificate. C. If the hash you obtain by decrypting the digital signature matches the hash you obtain by hashing your copy of that document or file.
C
If you want to e-mail a document to a friend and be assured that only your friend will be able to open the document, you should encrypt the document using: A. your public key. B. your friend's private key. C. your friend's public key. D. your private key.
C
The best place to store your private asymmetric encryption key is: A. Your browser B. Your digital certificate C. None of these are correct D. Your digital signature
C
The organization that issues public and private keys is called a: A. PKI B. VPN C. Certificate authority
C
Which of the following helps protect you from identity theft? A. Encrypt all e-mail that contains personal information B. Shred all paper documents that contain personal information before disposal C. All of the actions listed here help protect you from identity theft D. Monitor your credit reports regularly
C
Which of the following statements about obtaining consent to collect and use a customer's personal information is true? A. The default policy in Europe is opt-out, but in the United States the default is opt-in. B. The default policy in both Europe and the United States is opt-in. C. The default policy in Europe is opt-in, but in the United States the default is opt-out. D. The default policy in both Europe and the United States is opt-out.
C
Which of the following statements is not true? A. Encryption protects the confidentiality of information while it is in storage. B. Encryption does not protect information when it is displayed on a monitor or printed in a report. C. Encryption protects the confidentiality of information while it is in processing. D. Encryption protects the confidentiality of information while it is being sent over the Internet.
C
Which of the following statements is true? A. Asymmetric encryption is faster than symmetric encryption but cannot be used to provide nonrepudiation of contracts. B. Symmetric encryption is faster than asymmetric encryption and can be used to provide nonrepudiation of contracts. C. Symmetric encryption is faster than asymmetric encryption but cannot be used to provide nonrepudiation of contracts. D. Asymmetric encryption is faster than symmetric encryption and can be used to provide nonrepudiation of contracts.
C
Which statement is true? A. Confidentiality is concerned with protecting a customer's personal information. B. Privacy is concerned with protecting an organization's intellectual property. C. Neither statement is true. D. Both statements are true.
C
Software that is embedded in documents or files that contain confidential information to indicate who owns that information is called A. Information Rights Management (IRM) B. None of these are correct C. Data Loss Prevention (DLP) D. Digital Watermark
D
The unauthorized use of someone's personal information is referred to as A. opt-out. B. opt-in. C. data masking. D. identity theft.
D
To decrypt a digital signature, you need to use _______. A. your public key. B. the private key of the person who created the signature. C. your private key. D. the public key of the person who created the signature.
D
Which of following action(s) must an organization take to preserve the confidentiality of sensitive information? A. All of these are correct. B. Create a digital signature of that information C. Implement a blockchain D. Train employees to properly handle information
D
Which of the following can be used to create a digital signature? A. Symmetric encryption system B. Virtual private network C. Blockchain D. Asymmetric encryption system
D
Which of the following factor(s) should be considered when determining the strength of any encryption system? A. Encryption algorithm B. Policies for managing the cryptographic keys C. Key length D. All of these are correct
D
Which of the following statements is true? A. VPNs protect the confidentiality of information while it is in transit over the Internet. B. Encryption limits firewalls' ability to filter traffic. C. A digital certificate contains that entity's public key. D. All of the above are true.
D
Information Rights Management (IRM)
Software that protects confidentiality by controlling the actions (read, copy, print, etc.) that authenticated users can perform on documents or files
Data Loss Prevention (DLP)
Software that protects confidentiality by screening outgoing documents in order to identify and block transmission of sensitive information
Digital watermark
a code embedded in documents or files that contains confidential information
