IS 130 Ch 4

¡Supera tus tareas y exámenes ahora con Quizwiz!

cybercrime.

A man posing online as a prince from Nigeria has managed to gain access to over US$200,000 by telling people that he will send them inheritances once they send him a fee. This is an example of _____________

firewall

A(n) _________ is a system that prevents a specific type of information from moving between untrusted networks and private networks.

DMZ

A(n) _________ is located between two firewalls.

threat

A(n) __________ to an information resource is any danger to which a system may be exposed.

VPN

Betty telecommutes to her job, and the main office is located 1,500 miles from her house. Her company deals with highly sensitive information and is paid well by its clients based, in part, on the promise that they secure client information with a number of different measures. Betty needs access to this client information, however, on a daily basis. What should she use to access the company network on which it is stored?

True

Blacklisting allows everything to run unless it is on the list. A. True B. False

a human error; unintentional

Careless Internet surfing is _________ and is an _________ mistake.

cybercrime.

Carlos works with a group of people who use computer networks to target known software security weaknesses. This group is participating in

worm

Compared to a virus, a _________ spreads by itself without another program.

True

Cybercrime is typically nonviolent but lucrative. A. True B. False

Trojan horse

Eileen is a rogue programmer who has hacked into a key government information system. She has created a special code that she can insert into the system. When she chooses to activate the code, it will automatically send copies of all classified emails to The New York Times and the Washington Post. Eileen has planned which type of attack?

phishing.

Identity theft is the main purpose of _________

True

If a hacker enters a building with an official-looking ID badge. This is considered social engineering. A. True B. False

limitation

If you limit your risk by implementing controls that minimize the impact of the threat, you have implemented a risk _________ strategy.

public; private

In public-key encryption, the _________ key is used for locking and the _________ key is used for unlocking.

trusted

In terms of location, a ________ network is located inside a company rather than outside the company.

countermeasures

Information security controls are also called _________

Marilynn

Jonathan was just hired as a mail clerk at AddOn Inc. Ashley is a janitor at the company. Javier is a floor manager. Marilynn is the CIO. Based on human error, which person presents the GREATEST threat to the company's information security?

a human error.

Losing the password to a computer is synonymous with

a social engineering attack.

Malcom is on call at the systems help desk today. He receives a call from someone who says they are in the sales department and their password is not granting them access to the system. The person on the phone asks Malcom to please give them a working password so that they can finish updating client files before a big conference next week. It is likely that this is

analysis

Marlee is currently estimating the probability that each patient's records will be compromised in an online attack. She is in the risk ________ stage of risk management.

True

Merchants suffer most, if not all, of the financial damages in fraudulent transactions. A. True B. False

Use CAPTCHAs to identify users.

Mike's company has been hit by multiple keylogging attacks in recent months. What should he do to help prevent any future attacks?

False

Once a copyright and patent is established, it applies to all countries in the world. A. True B. False

exposure

The _________ of an information resource is the harm, loss, or damage that can result if a threat compromises that resource.

trade secret

The business plan that Edward just wrote for his new company is an example of a ________.

knows

Typing in your password to access a system is an example of something the user _________.

concrete actions

Unlike risk analysis, risk mitigation involves __________

Calculate the value of what needs protection.

What is the first step in any risk analysis process?

To reduce risk to acceptable levels

What is the goal of risk management?

competitive intelligence.

When a person studies the Web sites and press releases of other companies, attends trade shows, and does similar work, he or she is participating in

between two firewalls

Where is a DMZ located?

Selecting a weak password

Which of the following can be classified as unintentional threats to information systems caused by human errors?

Cost

Which of the following is NOT an advantage of VPN?

The Internet now enables millions of computers and computer networks to communicate freely and seamlessly with one another.

Which of the following is TRUE about how today's interconnected, interdependent, wirelessly networked business environment contributes to the vulnerability of organizational information resources?

human error

Which of the following represents the major category of unintentional threats?

spamware

Which type of alien software uses your computer to send emails that look like they came from you to all the people in your address book?

biometrics; password

While both are types of authentication, __________ is a form of authentication that the user is, whereas _________ is a form of authentication that the user knows.

A presentation on viruses, phishing attacks, and denial-of-service attacks

You are preparing papers for a security conference in which you discuss remote attacks. Which of the following presentations should you give?

piracy; illegal

You purchased a copy of Microsoft Office and give a copy to a friend so he/she doesn't have to buy it too. This is _________ and is _________.

tailgating; shoulder surfing

_________ involves the physical entry of an attacker into a company's building; _________ involves the virtual entry of an attacker into a company's information system using valid authentication.

Cyberterrorism

_________ refers to malicious acts in which attackers use a target's computer systems to cause physical, real-world harm or severe disruption, often to carry out a political agenda.

Identity theft

_____________ is the deliberate assumption of another person's identity, usually to gain access to his or her financial information or to frame him or her for a crime.


Conjuntos de estudio relacionados

Astronomy: Facts on Earth and Mars

View Set

The Literature of Children Study Guide

View Set