chapter 8
The Sarbanes-Oxley Act:
imposes responsibility on companies and management to safeguard the accuracy of financial information.
The HIPAA Act of 1996:
outlines medical security and privacy rules.
________ is malware that hijacks a user's computer and demands payment in return for giving back access.
ransomware
The Gramm-Leach-Bliley Act:
requires financial institutions to ensure the security of customer data
Tricking employees into revealing their passwords by pretending to be a legitimate member of a company is called:
social engineering
All of the following have contributed to an increase in software flaws except:
the increase in malicious intruders seeking system access.
Public key encryption uses two keys.
true
An authentication system in which a user must provide two types of identification, such as a bank card and PIN, is called:
two-factor authentication.
A digital certificate system:
uses third-party CAs to validate a user's identity.
Your company, an online discount pet supply store, has calculated that a loss of Internet connectivity for 3 hours results in a potential loss of $2,000 to $3,000 and that there is a 50% chance of this occurring each year. What is the annual expected loss from this exposure?
1250
________ is malware that logs and transmits everything a user types.
A keylogger
Which of the following statements about passwords is not true?
Authentication cannot be established by the use of a password.
Organizations can use existing network security software to secure mobile devices.
False
________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone else.
Identity Theft
Which of the following refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems?
Security
Which of the following is the single greatest cause of network security breaches?
User lack of knowledge
All of the following are currently being used as traits that can be profiled by biometric authentication except:
body odor
Evil twins are:
bogus wireless network access points that look legitimate to users.
Which of the following refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards?
controls
In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.
deep packet inspection
A computer virus replicates more quickly than a computer worm.
false
Which of the following focuses primarily on the technical issues of keeping systems up and running?
Disaster recovery planning
Application controls:
can be classified as input controls, processing controls, and output controls.
A salesperson clicks repeatedly on the online ads of a competitor in order to drive the competitor's advertising costs up. This is an example of:
click fraud
Computer forensics tasks include all of the following except:
collecting physical evidence on the computer.
The intentional defacement or destruction of a website is called:
cybervandalism
A foreign country attempting to access government networks in order to disable a national power grid is an example of:
cyberwarfare
controls ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage.
data security
Which of the following is the most common type of electronic evidence
A firewall allows the organization to:
enforce a security policy on data exchanged between its network and the Internet.
Biometric authentication is the use of personal, biographic details such as the high school you attended and the first street you lived on to provide identification.
false
Malicious software programs referred to as spyware include a variety of threats such as computer viruses, worms, and Trojan horses.
false
Smartphones typically feature state-of-the-art encryption and security features, making them highly secure tools for businesses.
false
The Apple iOS platform is the mobile platform most frequently targeted by hackers.
false
Wireless networks are more difficult for hackers to gain access too because radio frequency bands are difficult to scan.
false
A Trojan horse:
is software that appears to be benign but does something other than expected.
Pharming involves:
redirecting users to a fraudulent website even when the user has typed in the correct address in the web browser.
An analysis of an information system that rates the likelihood of a security incident occurring and its cost would be included in which of the following?
risk assessment
Authentication refers to verifying that a person is who he or she claims to be.
true
One form of spoofing involves forging the return address on an e-mail so that the e-mail message appears to come from someone other than the sender.
true
Smartphones have the same security flaws as other Internet-connected devices.
true
Target has had to pay out over $100 million to U.S. banks, credit card companies and consumers as a result of a data breach in 2013.
true
Viruses can be spread through e-mail.
true
When errors are discovered in software programs, the sources of the errors are found and eliminated through a process called debugging.
true
Zero defects cannot be achieved in larger software programs because fully testing programs that contain thousands of choices and millions of paths would require thousands of years.
true
