cs440 final (ch 1-5)

Which of the following acts gave sweeping new powers both to domestic law enforcement and international intelligence agencies, including increasing the ability of law enforcement agencies to search telephone, email, medical, financial, and other records?

USA PATRIOT act

The Foreign Intelligence Surveillance Act:

allows surveillance, without court order, within the United States for up to a year unless the "surveillance will acquire the contents of any communication to which a U.S. person is a party."

In the case of United States v. New York Central & Hudson River Railroad Co., the U.S. Supreme Court established that:

an employer can be held responsible for the acts of its employees even if the employees act in a manner contrary to their employer's directions

Which entity is a computing society founded in 1947 with more than 97,000 student and professional members in more than 100 countries, and it publishes over 50 journals and 30 newsletters?

association for computing machinery

Although the Constitution does not contain the word privacy, the U.S. Supreme Court has ruled that the concept of privacy is protected by which of the following?

bill of rights

In a for-profit organization, the primary objective of which of the following is to oversee the organization's business activities and management for the benefit of shareholders, employees, customers, suppliers, and the community?

board of directors

Spammers can defeat the registration process of free email services by launching a coordinated attack that can sign up for thousands of untraceable email accounts. What is this type of attack known as?

bot attack

Which term is used to describe the failure to act as a reasonable person would act?

breach of the duty of care

The Foreign Corrupt Practices Act (FCPA) makes it a crime to do which of the following?

bribe a foreign official

A business policy that permits employees to use their own mobile devices to access company computing resources and applications is known as which of the following?

bring your own device (BYOD)

Which of the following is a trade group that is funded through dues based on member companies' software revenues and through settlements from companies that commit software piracy?

business software alliance (BSA)

which of the following is a trade group that represents he world's largest software and hardware manufacturers

business software alliance (BSA)

A statement that highlights an organization's key ethical issues and identifies the overarching values and principles that are important to the organization and its decision making is known as which of the following?

code of ethics

Which of the following helps ensure that employees abide by the law, follow necessary regulations, and behave in an ethical manner?

code of ethics

Before the IT security group can begin an eradication effort, it must:

collect and log all possible criminal evidence from the system

Under which act did the Federal Communications Commission respond to appeals from the Department of Justice by requiring providers of Internet phone services and broadband services to ensure that their equipment accommodated the use of law enforcement wiretaps?

communications assistance for law enforcement act

which of the following positions provides an organization with vision and leadership in the area of business conduct

corporate ethics officer

which of the following identifies the concept that an organization should act ethically by taking accountability for the impact of its actions on the environment, the community, and the welfare of its employees

corporate social responsibility

In the context of tenets of the The European Union Data Protection Directive, which of the following terms refers to an individual's right to challenge the accuracy of the data and provide the corrected data?

correction

A type of computer crime perpetrator whose primary motive is to achieve financial gain is known as which of the following?

cybercriminal

The intimidation of government or civilian population by using information technology to disable critical national infrastructure in order to achieve political, religious, or ideological goals is known as which of the following?

cyberterrorism

during which step of the decision-making process should one be extremely careful not to make assumptions about the situation

develop problem statement

Which of the following is the most critical step in the decision-making process?

development of a problem statement

What type of attack keeps the target so busy responding to a stream of automated requests that legitimate users cannot get in?

distributed denial-of-service

In malpractice lawsuits, many courts have ruled that IT workers are not liable for malpractice because they:

do not meet the legal definition of a professional

What term refers to the obligation to protect people against any unreasonable harm or risk?

duty of care

Title I of the which of the following acts extends the protections offered under the Wiretap Act to electronic communications, such as fax and messages sent over the Internet?

electronic communications privacy act

Which act prohibits unauthorized access to stored wire and electronic communications, such as the contents of email inboxes, instant messages, message boards, and social networking sites?

electronic communications privacy act

a code of ethics cannot gain company-wide acceptance unless it is fully endorsed by the organization's leadership and developed with which of the following

employee participation

companies that develop and maintain strong employee relations

enjoy lower turnover rates

A set of beliefs about right and wrong behavior within a society is known as which of the following?

ethics

standards or codes of behavior expected of an individual by a group (nation, organization, profession) to which an individual belongs is known as which of the following

ethics

Which act bars the export of data to countries that do not have data privacy protection standards comparable to those of its member countries?

european union data protection directive

in which step of the decision-making process should the decision makers consider laws, guidelines, policies, and principles that might apply to the decision?

evaluate and choose alternative

Discovery is part of the pretrial phase of a lawsuit in which each party can obtain which of the following from the other party by various means?

evidence

In computing, a term for any sort of general attack on an information system that takes advantage of a particular system vulnerability is known as which of the following?

exploit

Which act allows consumers to request and obtain a free credit report each year from each of the three primary credit reporting companies?

fair and accurate credit transactions act

Which act outlines who may access a user's credit information, how users can find out what is in their file, how to dispute inaccurate data, and how long data is retained?

fair credit reporting act

Established in 1980, The Organization for Economic Co-operation and Development's created which of the following, which are often held up as the model of ethical treatment of consumer data?

fair information practices

Which act presumes that a student's records are private and not available to the public without the consent of the student?

family educational rights and privacy act

A hardware or software device that serves as a barrier between a company and the outside world and limits access to the company's network based on the organization's Internet usage policy is known as which of the following?

firewall

The most common computer security precaution taken by businesses is the installation of which of the following?

firewall

In Doe v. Holder, the courts ruled that the NSL gag provision violates which act?

first amendment

In 2008, which act granted expanded authority to collect, without court-approved warrants, international communications as they flow through U.S. telecom network equipment and facilities?

foreign intelligence surveillance act amendments acts

A discrepancy between employee's own values and an organization's actions:

fosters poor performance

Which act protects citizens from unreasonable government searches and is often invoked to protect the privacy of government employees?

fourth amendment

The crime of obtaining goods, services, or property through deception or trickery is known as which of the following?

fraud

Which act enables the public to gain access to certain government records?

freedom of information act

Which act requires that financial institutions must provide a privacy notice to each consumer that explains what data about the consumer is gathered, with whom that data is shared, how the data is used, and how the data is protected?

gramm-leach-biley act

The posting of thousands of State Department documents on the Wikileaks Web site is an example of which of the following?

inappropriate sharing of information

based on 2013 national business ethics survey, the percentage of employees who said they reported misconduct in the workplace when they saw it is characterized by which of the following statements

increased by more than 10 percentage points from 2007 to 2009

To extend to all people the same respect and consideration that you expect from them is considered which of the following character traits?

integrity

A software and/or hardware that monitors system and network resources and activities, and notifies network security personnel when it identifies network traffic that attempts to circumvent the security measures of a networked computer environment is known as which of the following?

intrusion detection system

Which of the following is true about certification?

it can be applied to products

in the legal system, compliance usually refers to behavior that is in accordance with which of the following

legislation

A well-implemented ethics and compliance program and a strong ethical culture can lead to:

less pressure on employees to misbehave

What type of viruses have become a common and easily created form of malware that are created using applications such as Visual Basic or VBScript?

macro viruses

Many organizations outsource their network security operations to a company that monitors, manages, and maintains computer and network security for them. This type of company is known as which of the following?

managed security service provider

Which of the following occurs when a party fails to perform certain express or implied obligations, which impairs or destroys the essence of the contract?

material breach of contract

A vendor certification

may focus too narrowly on the technical details of the vendor's technology

Which of the following is defined as the misstatement or incomplete statement of a material fact?

misrepresentation

One's personal beliefs about right and wrong are known as which of the following?

morals

Often a successful attack on an information system is due to poor system design or implementation. Once such a vulnerability is discovered, software developers quickly create and issue which of the following, in order to eliminate the problem?

patch

The act of fraudulently using email to try to get the recipient to reveal personal data is known as which of the following?

phishing

A clear, concise statement of an issue that needs to be addressed is known as which of the following?

problem statement

Which of the following states the principles and core values that are essential to the work of a particular occupational group?

professional code of ethics

Professionals who breach the duty of care are liable for injuries that their negligence

professional standard of breach

Which of the following statements best describes a reason why organizations pursue corporate social responsibility (CSR) goals and promote a work environment in which employees are encouraged to act ethically when making business decisions?

to gain the goodwill of the community

Information used in a business, generally unknown to the public, that the company has taken strong measures to keep confidential is known as which of the following?

trade secret

In the decision-making process of implementing the decision, what plan must be defined to explain to people how they will move from the old way of doing things to the new way?

transition

A device that records the originating number of incoming calls for a particular phone number is known as which of the following?

trap and trace

in an environment where employees are encouraged to do "whatever it takes" to get the job done, employees may feel pressure to act in which of the following ways

unethically

The goal of the standards set by the Foreign Corrupt Practices Act (FCPA) is to prevent companies from:

using slush funds or other means to disguise payments to officials

The fundamental problem with trying to detect a rootkit is that the operating system cannot be trusted to provide which of the following?

valid test results

What term is used to describe a habit of unacceptable behavior?

vice

Which of the following terms best describes a habit that inclines people to do what is acceptable?

virtue

A piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner is known as which of the following?

virus

An antivirus software scans for a specific sequence of bytes that indicates the presence of specific malware. This sequence of bytes is known as which of the following?

virus signature

Under what circumstance might a gift be considered a bribe?

when the gift has not been declared

Which of the following is an effort by an employee to attract attention to a negligent, illegal, unethical, abusive, or dangerous act by a company that threatens the public interest?

whistle-blowing

The Health Insurance Portability and Accountability Act requires healthcare providers to obtain which of the following from patients prior to disclosing any information in their medical records?

written consent

Penalties for violating the Foreign Corrupt Practices Act (FCPA) are severe-corporations face a fine of up to how much per violation?

$2 million

Which of the following steps in the decision-making process gathers and analyzes facts and also identifies stakeholders affected by the decision?

Develop a problem statement

Which term distinguishes the person who uses a hardware or software product from the IT workers who develop, install, service, and support the product?

IT users

A survey by the Fawcett Society on the use of computing resources at work found that:

20% of men admit to viewing porn while at work

A network attack in which an intruder gains access to a network and stays there, undetected, with the intention of stealing data over a long period of time is known as which of the following?

APT

the piracy rate is nearly 80% across which continent

Africa

The goodwill that is created by which of the following can make it easier for corporations to conduct their business?

CSR activities

Malware that stops you from using your computer or accessing your data until you meet certain demands is known as which of the following?

ransomware

one of the most common ethical problems for members of the IT profession when a potential employee lies on a resume and claims competence in an IT skill that is in high demand. This act is known as which of the following?

resume inflation

In 1972, which organization recommended that publicly held organizations establish audit committees?

securities and exchange commission (SEC)

Many organizations use software to provide a comprehensive display of all key performance indicators related to an organization's security defenses, including threats, exposures, policy compliance, and incident alerts. What is this type of software known as?

security dashboard

Which of the following activities describes when an organization reviews how well it is meeting its ethical and social responsibility goals, and communicates its new goals for the upcoming year?

social audit

Which trade group protects the intellectual property of member companies and advocates a legal and regulatory environment that benefits the software industry?

software & information industry association (SIIA)

Which of the following is defined as not doing something that a reasonable person would do or doing something that a reasonable person would not do?

software piracy

What exploit is characterized as the abuse of email systems to send unsolicited email to large numbers of people?

spam

Someone who stands to gain or lose, depending on how a situation is resolved is known as which of the following?

stakeholder

At which level is licensing generally administered?

state

A rapid increase in the appointment of corporate ethics officers typically follows:

the revelation of a major business scandal

To prove fraud in a court of law, prosecutors must demonstrate that

the wrongdoer made a false representation of material fact