CIS Chapter 8
is software that appears to be benign but does something other than expected.
A Trojan horse
uses third-party CAs to validate a user's identity.
A digital certificate system
enforce a security policy on data exchanged between its network and the Internet.
A firewall allows the organization to
cyberwarfare.
A foreign country attempting to access government networks in order to disable a national power grid would be an example of
war driving.
A practice in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic is referred to as
click fraud.
A salesperson clicks repeatedly on the online ads of a competitor's in order to drive the competitor's advertising costs up. This is an example of
application controls.
All of the following are types of information systems general controls except
two-factor authentication.
An authentication system in which a user must provide two types of identification, such as a bank card and PIN, is called
gadget that displays passcodes.
An authentication token is a(n)
risk assessment.
Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n)
can be classified as input controls, processing controls, and output controls.
Application controls
can use a person's voice as a unique, measurable trait.
Biometric authentication
unauthorized access.
Client software in a client/server environment is specifically vulnerable to
UTM
Comprehensive security management products, with tools for firewalls, VPNs, intrusion detection systems, and more, are called ________ systems.
collecting physical evidence on the computer.
Computer forensics tasks include all of the following except
SSL, TLS, and S-HTTP.
Currently, the protocols used for secure information transfer over the Internet are
may be accessible by anyone who has access to the same network.
Electronic data are more susceptible to destruction, fraud, error, and misuse because information systems concentrate data in computer files that
bogus wireless network access points that look legitimate to users.
Evil twins are
fault-tolerant computer systems.
For 100-percent availability, online transaction processing requires
causing other people's computers to become "zombie" PCs following a master computer.
Hackers create a botnet by
They issue patches.
How do software vendors correct flaws in their software after it has been distributed?
malware.
In a client/server environment, corporate servers are specifically vulnerable to
deep-packet inspection
In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.
symmetric key encryption
In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?
vulnerable to many more kinds of threats
Large amounts of data stored in electronic form are ________ than the same data in manual form.
only those viruses already known when the software is written.
Most antivirus software is effective against
redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.
Pharming involves
may hinder employee productivity.
Rigorous password systems
MSSPs.
Smaller firms may outsource some or many security functions to
they allow users to post software code.
Social networking sites have become a new conduit for malware because
security policy.
Statements ranking information risks and identifying security goals are included in a(n)
requires financial institutions to ensure the security of customer data.
The Gramm-Leach-Bliley Act
outlines medical security and privacy rules.
The HIPAA Act of 1996
it was designed to be easily accessible.
The Internet poses specific security problems because
imposes responsibility on companies and management to safeguard the accuracy of financial information.
The Sarbanes-Oxley Act
tapping.
The communications lines in a client/server environment are specifically vulnerable to
cybervandalism.
The intentional defacement or destruction of a Web site is called
e-mail.
The most common type of electronic evidence is
social engineering.
Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called
DDoS
Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n) ________ attack.
a file deleted from a hard disk
Which of the following is a type of ambient data?
Conficker
Which of the following is a virus that uses flaws in Windows software to take over a computer remotely?
illegally accessing stored electronic communication
Which of the following is not an example of a computer used as a target of crime?
breaching the confidentiality of protected computerized data
Which of the following is not an example of a computer used as an instrument of crime?
WPA2
Which of the following specifications replaces WEP with a stronger security standard that features changing encryption keys?
VoIP is more secure than the switched voice network.
Which of the following statements about the Internet security is not true?
employees
You have been hired as a security consultant for a law firm. Which of the following constitutes the greatest source for network security breaches to the firm?
$1,250
Your company, an online discount stationers, has calculated that a loss of Internet connectivity for 3 hours results in a potential loss of $2,000 to $3,000 and that there is a 50% chance of this occurring each year. What is the annual expected loss from this exposure?
Data security
________ controls ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage.
SSIDs
________ identify the access points in a Wi-Fi network.
Identity theft
________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone else.
Ransomware
________ is malware that hijacks a user's computer and demands payment in return for giving back access.
A keylogger
________ is malware that logs and transmits everything a user types.
"Controls"
________ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards.
"Security"
________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.
Intrusion detection systems
________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.