IS312, 4

Although the incident in the case resulted from a quality assurance error, the attack most closely resembled

A denial of service attack (A worm attack. A virus attack. A spam attack. )

Backup and recovery procedures are recommended only to safeguard against hardware/software failures. F

False

Computer programs like CAPTCHA are used to counter

Hackers using key loggers. ( Malware. Hackers using screen scrappers. Websites leaving cookies on the local machine )

Which of the following factors that make information resources more vulnerable to attack can be most easily remedied?

Lack of management control ( Interconnected/dependent business environments; Larger and cheaper storage; Organized cyber crime; Decrease skill level of hackers; None - all factors are exogenous )

_____ can be used to create strong passwords that are easy to remember.

Passphrases ( Mnemonics Birthdates Numbers )

Implementing controls to prevent threats from occurring and developing a recovery plan should the threats occur are two broad functions of

Risk mitigation. ( Risk acknowledgement. Risk acceptance. All of these.)

An unintentional attack in which the perpetrator uses social skills to trick or manipulate a legitimate employee into providing confidential company information is known as:

Social engineering. ( Trespass. ; Social engineering. ; Identity theft. ; Information extortion.)

An information system's ____ is the likelihood that the system or resource will be compromised by a ____ that will result in its ____ to further attacks.

Vulnerability, threat, exposure (Vulnerability, security, threat; Threat, vulnerability, liability; Threat, vulnerability, exposure)

If you are an employee of a large organization and your Facebook account is hacked, the attackers can obtain access to:

Your personal information and photographs on Facebook. Your personal financial information. Information of all your Facebook friends. Your company's data and resources. All of these.

Which of the following can be classified as unintentional threats to information systems caused by human errors?

a. Selecting a weak password (b. Revealing your password ; c. Leaking company data to others ; d. Both (a) and (b); e. None of these )

Access controls consist of ____, which confirms user identity, and ____, which determines user access levels.

authentication, authorization ( access, privileges authorization, privileges passwords, privileges )

Making and distributing information goods to which you do not own the ___ is referred to as ____.

copyright, piracy ( intellectual property, piracy; copyright, appropriation; intellectual property, theft)

Here is an alternative format: Whereas phishing attacks are ____ , denial of service attacks are ____.

remote attacks requiring user action, remote attacks requiring no user action (remote attacks requiring no user action, attacks by a programmer developing a system ; remote attacks requiring no user action, remote attacks requiring user action ; Distributed remote attacks requiring user action, attacks by a programmer developing a system )

Precisely targeted attacks, usually in the form of personal messages from a known social contact, are referred to as:

spear phishing. (spam, malware, social engineering)

Buying health insurance is an example of risk ____, whereas going without is an example of risk _____.

transference, acceptance ( transference, limitation limitation, acceptance limitation, transference )