Wiley Chapter 4
A password system on a computer network is an example of which type of information security control?
Access
Which of the following is not a social engineering technique?
Careless Internet surfing
Which of the following would be an example of a SCADA attack?
Computer viruses are introduced into the electrical company's systems resulting in a shutdown of the power plant.
Which type of remote software attack does not require user action?
Denial-of service attack
The Houston Astros contacted the _________ to investigate a security breach in 2014.
FBI
Backup and recovery procedures are recommended only to safeguard against hardware/software failures.
False
Low level employees pose the greatest threat to information security.
False
The emergence of the Internet has decreased the threats to information security.
False
Computer programs like CAPTCHA are used to counter:
Hackers using key loggers
Which of the following employees typically poses the most significant threat to information security?
IS employees
Which of the following factors that make information resources more vulnerable to attack can be most easily remedied?
Lack of management control
Which of the following statements is true?
Multifactor authentication systems are more reliable and more expensive than single-factor.
_________ can be used to create strong passwords that are easy to remember.
Passphrases
Which if the following is not a common risk mitigation strategy?
Risk analysis
Implementing controls to prevent threats from occurring and developing a recovery plan should the threats occur are two broad functions of:
Risk mitigation
Which of the following can be classified as unintentional threats to information systems caused by human errors?
Selecting a weak password
An unintentional attack in which the perpetrator uses social skills to trick or manipulate a legitimate employee into providing confidential company information is known as:
Social engineering
_________ is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords.
Social engineering
________ is an encryption standard used for secure transactions such as credit card processing and online banking.
TLS
If you have copied a software package (computer program) from a friend without paying for it, you are guilty of software piracy.
True
Risk management identifies, controls, and minimizes the impact of threats to the organization's information security.
True
You should regularly delete any spyware that might be residing on your computer, because it may be dangerous.
True
Access controls consist of ________, which confirms user identity, and _________, which determines user access levels.
authentication; authorization
Making and distributing information goods to which you do not own the _________ is referred to as _________.
copyright; piracy
The threats to information security are ________, and the greatest threat is ________.
increasing; human
Intellectual property is NOT protected under _________ laws.
privacy
Whereas phishing attacks are ________, denial of service attacks are ________.
remote attacks requiring user action; remote attacks requiring no user action
Which type of alien software uses your computer to send emails that look like they came from you to all the people in your address book?
spamware
A(n) _________ to an information resource is any danger to which a system may be exposed.
threat
Buying health insurance is an example of risk ________, whereas going without is an example of risk _________.
transference; acceptance
An information resource's _________ is the possibility that the system will be harmed by a threat.
vulnerability
An information system's _________ is the likelihood that the system or resource will be compromised by a ________ that will result in its ________ to further attacks.
vulnerability; threat; exposure