MIS Chapter 8 Quiz
Computer forensics tasks include all of the following except:
collecting physical evidence on the computer.
A foreign country attempting to access government networks in order to disable a national power grid is an example of:
cyberwarfare
An authentication token is a(n):
gadget that displays passcodes
The Sarbanes-Oxley Act:
imposes responsibility on companies and management to safeguard the accuracy of financial information.
A Trojan horse:
is software that appears to be benign but does something other than expected.
The HIPAA Act of 1996:
outlines medical security and privacy rules.
Pharming involves:
redirecting users to a fraudulent website even when the user has typed in the correct address in the web browser.
Your company, an online discount pet supply store, has calculated that a loss of Internet connectivity for 3 hours results in a potential loss of $2,000 to $3,000 and that there is a 50% chance of this occurring each year. What is the annual expected loss from this exposure?
$1,250
________ is malware that logs and transmits everything a user types.
A keylogger
Which of the following statements about passwords is not true? A) Authentication cannot be established by the use of a password. B) Password systems that are too rigorous may hinder employee productivity. C) Passwords can be stolen through social engineering. D) A user's actions with respect to passwords can compromise security. E) Passwords can be sniffed when being transmitted over a network.
A) Authentication cannot be established by the use of a password
All of the following are types of information systems general controls except: A) application controls B) computer operations controls. C) hardware controls. D) software controls. E) administrative controls.
A) application controls.
A firewall allows the organization to: A) prevent unauthorized communication into and out of its network. B) check the accuracy of all transactions between its network and the Internet. C) create an enterprise system on the Internet. D) check the content of all incoming and outgoing email messages. E) create access rules for a network.
A) prevent unauthorized communication into and out of its network.
The Gramm-Leach-Bliley Act: A) requires financial institutions to ensure the security of customer data. B) specifies best practices in information systems security and control. C) imposes responsibility on companies and management to safeguard the accuracy of financial information. D) outlines medical security and privacy rules. E) identifies computer abuse as a crime and defines abusive activities.
A) requires financial institutions to ensure the security of customer data.
Which of the following is a type of ambient data? A) Computer log containing recent system errors B) A file deleted from a hard disk C) A file that contains an application's user settings D) A set of raw data from an environmental sensor E) Data stored on a portable storage device
B) A file deleted from a hard disk
Which of the following statements about blockchain is not true? A) Once recorded, a blockchain transaction cannot be changed. B) The data represented in a blockchain is maintained in a central database. C) The records in a blockchain are secured through cryptography. D) Each block in a blockchain is connected to all the blocks before and after it. E) Blockchain is vulnerable in some of the same ways as conventional, centralized record-keeping systems.
B) The data represented in a blockchain is maintained in a central database.
All of the following are specific security challenges that threaten corporate servers in a client/server environment except:
sniffing
Tricking employees into revealing their passwords by pretending to be a legitimate member of a company is called:
social engineering.
An analysis of an information system that rates the likelihood of a security incident occurring and its cost would be included in which of the following? A) Security policy B) AUP C) Risk assessment D) Business impact analysis E) Business continuity plan
C) Risk assessment
An authentication system in which a user must provide two types of identification, such as a bank card and PIN, is called:
two-factor authentication.
Which of the following focuses primarily on the technical issues of keeping systems up and running?
Disaster recovery planning
Which of the following techniques stops data packets originating outside the organization, inspects them, and uses a proxy to pass packet information to the other side of an organization's firewall? A) NAT B) Packet filtering C) Two-factor authentication D) Stateful inspection E) Application proxy filtering
E) Application proxy filtering
A digital certificate system:
uses third-party CAs to validate a user's identity.
Which of the following statements about wireless security is not true? A) LANs using the 802.11 standard can be easily penetrated by outsiders. B) Wi-Fi networks are susceptible to hacking by eavesdroppers. C) War driving involves eavesdroppers driving by buildings or parking outside and trying to intercept a wireless network. D) Intruders can force a user's NIC to associate with a rogue access point. E) Bluetooth is the only wireless technology that is not susceptible to hacking by eavesdroppers.
E) Bluetooth is the only wireless technology that is not susceptible to hacking by eavesdroppers.
Which of the following specifically makes malware distribution and hacker attacks to disable websites a federal crime? A) Computer Fraud and Abuse Act B) Economic Espionage Act C) Electronic Communications Privacy Act D) Data Security and Breach Notification Act E) National Information Infrastructure Protection Act
E) National Information Infrastructure Protection Act
A salesperson clicks repeatedly on the online ads of a competitor in order to drive the competitor's advertising costs up. This is an example of: A) phishing. B) pharming. C) spoofing. D) evil twins. E) click fraud
E) click fraud.
Most computer viruses deliver a: A) worm. B) Trojan horse. C) drive-by download. D) keylogger. E) payload.
E) payload
All of the following have contributed to an increase in software flaws except: A) the growing complexity of software programs. B) the growing size of software programs. C) demands for timely delivery to markets. D) the inability to fully test programs. E) the increase in the number of computer hackers in the world.
E) the increase in the number of computer hackers in the world.
Biometric authentication is the use of personal, biographic details such as the high school you attended and the first street you lived on to provide identification.
False
DoS attacks are used to destroy information and access restricted areas of a company's information system.
False
T/F: A computer virus replicates more quickly than a computer worm.
False
T/F: An acceptable use policy defines the acceptable level of access to information assets for different users.
False
T/F: Malicious software programs referred to as spyware include a variety of threats such as computer viruses, worms, and Trojan horses.
False
T/F: Mobile devices typically feature state-of-the-art encryption and security features, making them highly secure tools for businesses, and therefore do not require any special protections.
False
T/F: Apple's iOS is the mobile platform targeted by most hackers.
False (Android)
T/F: S-HTTP is a protocol used to establish a secure connection between two computers.
False (SSL and TLS)
________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone else.
Identity theft
________ is malware that hijacks a user's computer and demands payment in return for giving back access.
Ransomware
________ identify the access points in a Wi-Fi network.
SSIDs
Which of the following refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems?
Security
Authentication refers to verifying that a person is who he or she claims to be.
True
NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.
True
One form of spoofing involves forging the return address on an e-mail so that the e-mail message appears to come from someone other than the sender.
True
Smartphones have the same security flaws as other Internet-connected devices.
True
Sniffers enable hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files, and confidential reports.
True
T/F: Phishing is a form of spoofing.
True
Viruses can be spread through e-mail.
True
Comprehensive security management products, with tools for firewalls, VPNs, intrusion detection systems, and more, are called ________ systems. A) DPI B) MSSP C) NSP D) PKI E) UTM
UTM (unified threat management)
Which of the following is the single greatest cause of network security breaches?
User lack of knowledge
Which of the following statements about Internet security is not true?
VoIP is more secure than the switched voice network
Which of the following is an example of a keylogger?
Zeus
All of the following are currently being used as traits that can be profiled by biometric authentication except:
body odor.
