Chapter 4

d

A DMZ is located ______________. a. outside the company's firewalls b. on the Internet c. inside the company's firewalls d. between two firewalls

c

A password system on a computer network is an example of which type of information security control? a. physical b. communication c. access

c

Access controls consist of ______, which confirms user identity, and ______, which determines user access levels. a. authorization; privileges b. access; privileges c. authentication; authorization d. passwords; privileges

a

An unintentional attack in which the perpetrator uses social skills to trick or manipulate a legitimate employee into providing confidential company information is known as: a. social engineering. b. trespassing. c. identity theft. d. information extortion

b

Bob is using public key encryption to send a message to Ted. Bob encrypts the message with Ted's _____ key, and Ted decrypts the message using his _____ key. a. public, public b. public, private c. private, private d. private, public e. None of these

b

Buying health insurance is an example of risk ______, whereas going without is an example of risk ______. a. transference; limitation b. transference; acceptance c. limitation; acceptance d. limitation; transference

b

Computer programs like CAPTCHA are used to counter: a. hackers using screen scrapers. b. hackers using keyloggers. c. malware. d. websites leaving cookies on the local machine.

b

Dumpster diving is: a. never illegal because it is not considered trespassing. b. typically committed for the purpose of identity theft. c. always illegal because individuals own the material in the dumpster. d. always legal because the dumpster is not owned by private citizens. e. always illegal because it is considered trespassing.

a

Implementing controls to prevent threats from occurring and developing a recovery plan should the threats occur are two broad functions of: a. risk mitigation. b. risk acknowledgement. c. risk acceptance. d. All of these

d

Making and distributing information goods to which you do not own the _______ is referred to as _______. a. intellectual property; piracy b. copyright; appropriation c. intellectual property; theft d. copyright; piracy

c

Precisely targeted attacks, usually in the form of personal messages from a known social contact, are referred to as a. spam. b. malware. c. spear phishing. d. social engineering.

d

The threats to information security are _____, and the greatest threat is _____. a. staying about the same; software b. decreasing; technological c. increasing; technological d. increasing; human e. decreasing; human

a

Unintentional threats to information systems include all of the following except: a. Malicious software b. Lack of user experience c. Tornados d. Power outage e. Tailgating

a

Which of the following can be classified as unintentional threats to information systems caused by human errors? a. Selecting a weak password b. Revealing your password c. Leaking company data to others d. Both selecting a weak password and revealing your password e. None of these

b

Which of the following employees typically poses the most significant threat to information security? a. Consultants b. IS employees c. Janitors d. Contract labour

e

Which of the following factors that make information resources more vulnerable to attack can be most easily remedied? a. interconnected/dependent business environments b. larger and cheaper storage c. organized cyber crime d. decrease skill level of hackers e. lack of management control f. none - all factors are exogenous

d

Which of the following is not a characteristic of strong passwords? a. They are not a recognizable word. b. They are not a recognizable string of numbers c. They contain special characters. d. They tend to be short so they are easy to remember. e. They are difficult to guess.

a

Which of the following statements concerning firewalls is not true? a. Firewalls filter messages the same way as anti-malware systems do. b. Firewalls are sometimes located inside an organization's private network. c. Firewalls prevent unauthorized Internet users from accessing private networks. d. Firewalls filter network traffic according to categories of activities that are likely to cause problems. e. Firewalls examine every message that enters or leaves an organization's network.

a

Which of the following statements concerning the difficulties in protecting information resources is not correct? a. Rapid technological changes ensure that controls are effective for years. b. Employees typically do not follow security procedures when the procedures are inconvenient. c. Computer networks can be located outside the organization. d. Computing resources are typically decentralized. e. Computer crimes often remain undetected for a long period of time.

c

Which of the following would be an example of a SCADA attack? a. Bank accounts are hacked into after Internet purchases. b. Social Security numbers are deleted from a company's database. c. Computer viruses are introduced into the electrical company's systems resulting in a shutdown of the power plant. d. Email accounts are hacked and kinky messages are sent to all of the user's contacts.

b

Which type of remote software attack does not require user action? a. phishing attack b. denial-of-service attack c. virus d. worm

b

___ can be used to create strong passwords that are easy to remember. a. Mnemonics b. Passphrases c. Birthdates d. Numbers