Chapter 8
according to the 2018 identity fraud study by Javelin strategy and research how much did consumers lose to identify fraud in 2017
$17 Billion
which of the following statements about wireless security is not true
Bluetooth is only wireless technology that is not susceptible to hacking
A salesperson clicks repeatedly on the online ads of a competitor's in order to drive the competitor's advertising costs up. This is an example of:
Click Fraud
Which of the following is a virus that uses flaws in windows software to take over a computer remotely
Conficker
Which of the following specifically makes malware distrbution and hacker attacks to disable websites a federal crime
National Information Infrastructure Protection Act
CryptoLocker is an example of which of the following?
Ransomware
_______ identify the access points in a Wi-Fi network
SSIDs
A statement ranking information risks and identifying security goals would be included in which of the following
Security policy
Phishing is a form of spoofing
True
Symmetric encryption uses on key
True
Comprehensive security management products, with tools for firewalls, VPNs, intrusion detection systems, and more, are called ________ systems
UTM
Which of the following is a type of ambient data
a file deleted from a hard disk
Which of the following defines acceptable uses of a firm's information resources and computing equipment
an AUP
Pharming involves:
redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.
All of the following are specific security challenges that threaten corporate servers in a client/server environment except
sniffing
In public key encryption, the keys are mathematically related so that data encrypted with one key can be decrypted suing only the other key
true
an authentication system in which a user must provide two types of identification, such as a bank card and PIN is called
two-factor authentication
Blockchain refers to a technology that
uses a distributed ledger system of transaction
WPA2 is more effective way to secure a wireless network than WEP because is
uses much longer encryption keys
a digital certificate system
uses third-party CAs to validate a user's identity.
Your company, an online discount stationers, has calculated that a loss of Internet connectivity for 3 hours results in a potential loss of $2,000 to $3,000 and that there is a 50% chance of this occurring each year. What is the annual expected loss from this exposure? $1,500 $500 $2,500 $1,000 $1,250
$1,250
According to Ponemon Institute's 2017 annual cost of cyber crime study, the average annualized cost of cybercrime for benchmarked companies in seven different countries was approximately
$11.7 million
________ is spyware that logs and transmit everything a user types
A keylogger
_______ controls formalize standards, rules, procedures, and control disciplines to ensure that the organization's general and application controls are properly executed and enforced
Administrative
All of the following are types of information systems general controls except
Application controls
Implementations controls
Audit the systems development process at various points to ensure that the process is properly controlled and managed
Which of the following refers to all methods, policies, and organizational procedures that ensure the safety of the organizations assets, the accuracy and reliability of its accounting records, and operational adherence to management standards
Controls
Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n) ________ attack.
DDoS
In controlling network traffic to minimize slow downs, a technology called ________ is used to examine data files and sort low priority data from high- priority data
Deep packet inspection
A computer virus replicates more quickly than a computer worm
False
Malicious software programs refereed to as spyware include a variety of threats such as computer viruses, worms, and trojan horses
False
Most IoT devices support sophisticated security approaches
False
Organizations can use existing network security software to secure mobile devices
False
Packet filtering catches most types of network attacks.
False
Smartphones do not have the same security flaws as other internet-connected devices
False
Smartphones typically feature state-of-the-art encryption and security features, making them highly secure tools for businesses.
False
Wireless networks are more difficult for hackers to gain access to because radio frequency bands are difficult to scan
False
which of the following is not an example of a computer used as target of crime
Illegally accessing stored electronic communication
_________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors
Intrusion detection systems
Which of the following statements about botnets is not true
It is not possible to make a smartphone part of a botnet
HIPPA Act of 1996
Outlines medical security and privacy rules
An employee clicks in a link in an email from what looks like a fellow employee and is taken to a fraudulent web site which asks for personal info is an example of
Spear phishing
In which method of encryption is a single encryption key sent tot he receiver so both sender and receiver share the same key
Symmetric key encryption
A computer worm is a program that can copy itself to other computers on the network
True
A firewall is a combination of hardware and software that controls the flow of incoming and outgoing networkk traffic
True
An acceptable use policy defines the acceptable use of the firm's information resources and computing equipment
True
Application proxy filtering examines the application content of packets
True
As described in the chapter case, losing smartphones is a common cause of data breaches
True
Biometric authentication use systems that read and interpret individual human traits
True
Dos attacks flood a network server with thousands of requests for service
True
SSL is a protocol used to establish a secure connection between two computers.
True
Sniffers enable hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files, and confidential reports.
True
The term cracker is used to identify a hacker with criminal or malicious intent
True
Zero defects cannot be achieved in a larger software programs because fully testing programs that contain thousands of choices and millions of paths would require thousands of years
True
in cloud computing, accountability and responsibility for protection of sensitive data resides with the company owning the data
True
which of the following is the single greatest cause of network security breaches
User lack of knowledge
Which of the following refers to eavesdroppers driving by buildings or parking outside trying to intercept wireless network traffic
War driving
Which of the following statements about Internet security is not true
Wi-Fi networks are vulnerable to security breaches
When a hacker discovers a security hole in software that is unknown to the software vendor, it is an example of
Zero-day vulnerability
Which of the following is an example of a keylogger
Zeus
two-factor authentication utilizes a
a multistep process of authentication
Which of the following techniques stops data packets originating out side the organization inspects them, and passes the packets to the other side of an organizations firewall
application proxy filtering
Which of the following statements about passwords is not true
authentication cannot be established by the sue of a password
All of the following are currently being used as traits that can be profiled by biometric
body odor
Evil twins are
bogus wireless network access points that look legitimate to users.
computer forensics tasks include all of the following except
collecting physical evidence on the computer
The international defacement or destruction of a website is called
cybervandalism
A foreign country attempting to access government networks in order to disable a national power grid is an example of
cyberwarfare
Which of the following focuses primarily on the technical issues of keeping systems up and running
disaster recovery planning
A firewall allows the organization to
enforce a security policy on data exchanged between its networks and the internet
When hackers gain access to aa database containing your personal private information, this is an example of
identity theft
the Sarbanes-Oxley act
imposes responsibility on companies and their management to safeguard the accuracy of financial infromation
A trojan horse
is software that appears to be benign but does something other than expected
Most computer viruses deliver a:
payload
________ is malware that hijacks a users computer and demands payment in return for giving back access
ransomware
Gramm-Leach-Bliley Act
requires financial institutions to ensure the security and confidentiality of customer data
All of the following have contributed to an increase in software flaws except
the increase in the number of computer hackers in the world
As described in the chapter case, which of the following did hackers use to gain access to the Democratic National Committee network
Phishing emails
All of the following are specific challenges that threaten the communications lines in a client/server environment except
Phising
All of the following are specific security challenges that threaten corporate system in a client/server environment except
Radiation
Fault tolerant information systems offer 100 percent availability because they use
Redundant hardware, software, and power supplies
An analysis of an information system that rates the likelihood of security incident occurring and its cost would be included in which of the following
Risk assesment
Currently, the protocols used for secure information transfer over the Internet are:
SSS, TLS and S-HTTP
Which of the following refers to policies, procedures and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems
Security
