IS 130 Ch 4
cybercrime.
A man posing online as a prince from Nigeria has managed to gain access to over US$200,000 by telling people that he will send them inheritances once they send him a fee. This is an example of _____________
firewall
A(n) _________ is a system that prevents a specific type of information from moving between untrusted networks and private networks.
DMZ
A(n) _________ is located between two firewalls.
threat
A(n) __________ to an information resource is any danger to which a system may be exposed.
VPN
Betty telecommutes to her job, and the main office is located 1,500 miles from her house. Her company deals with highly sensitive information and is paid well by its clients based, in part, on the promise that they secure client information with a number of different measures. Betty needs access to this client information, however, on a daily basis. What should she use to access the company network on which it is stored?
True
Blacklisting allows everything to run unless it is on the list. A. True B. False
a human error; unintentional
Careless Internet surfing is _________ and is an _________ mistake.
cybercrime.
Carlos works with a group of people who use computer networks to target known software security weaknesses. This group is participating in
worm
Compared to a virus, a _________ spreads by itself without another program.
True
Cybercrime is typically nonviolent but lucrative. A. True B. False
Trojan horse
Eileen is a rogue programmer who has hacked into a key government information system. She has created a special code that she can insert into the system. When she chooses to activate the code, it will automatically send copies of all classified emails to The New York Times and the Washington Post. Eileen has planned which type of attack?
phishing.
Identity theft is the main purpose of _________
True
If a hacker enters a building with an official-looking ID badge. This is considered social engineering. A. True B. False
limitation
If you limit your risk by implementing controls that minimize the impact of the threat, you have implemented a risk _________ strategy.
public; private
In public-key encryption, the _________ key is used for locking and the _________ key is used for unlocking.
trusted
In terms of location, a ________ network is located inside a company rather than outside the company.
countermeasures
Information security controls are also called _________
Marilynn
Jonathan was just hired as a mail clerk at AddOn Inc. Ashley is a janitor at the company. Javier is a floor manager. Marilynn is the CIO. Based on human error, which person presents the GREATEST threat to the company's information security?
a human error.
Losing the password to a computer is synonymous with
a social engineering attack.
Malcom is on call at the systems help desk today. He receives a call from someone who says they are in the sales department and their password is not granting them access to the system. The person on the phone asks Malcom to please give them a working password so that they can finish updating client files before a big conference next week. It is likely that this is
analysis
Marlee is currently estimating the probability that each patient's records will be compromised in an online attack. She is in the risk ________ stage of risk management.
True
Merchants suffer most, if not all, of the financial damages in fraudulent transactions. A. True B. False
Use CAPTCHAs to identify users.
Mike's company has been hit by multiple keylogging attacks in recent months. What should he do to help prevent any future attacks?
False
Once a copyright and patent is established, it applies to all countries in the world. A. True B. False
exposure
The _________ of an information resource is the harm, loss, or damage that can result if a threat compromises that resource.
trade secret
The business plan that Edward just wrote for his new company is an example of a ________.
knows
Typing in your password to access a system is an example of something the user _________.
concrete actions
Unlike risk analysis, risk mitigation involves __________
Calculate the value of what needs protection.
What is the first step in any risk analysis process?
To reduce risk to acceptable levels
What is the goal of risk management?
competitive intelligence.
When a person studies the Web sites and press releases of other companies, attends trade shows, and does similar work, he or she is participating in
between two firewalls
Where is a DMZ located?
Selecting a weak password
Which of the following can be classified as unintentional threats to information systems caused by human errors?
Cost
Which of the following is NOT an advantage of VPN?
The Internet now enables millions of computers and computer networks to communicate freely and seamlessly with one another.
Which of the following is TRUE about how today's interconnected, interdependent, wirelessly networked business environment contributes to the vulnerability of organizational information resources?
human error
Which of the following represents the major category of unintentional threats?
spamware
Which type of alien software uses your computer to send emails that look like they came from you to all the people in your address book?
biometrics; password
While both are types of authentication, __________ is a form of authentication that the user is, whereas _________ is a form of authentication that the user knows.
A presentation on viruses, phishing attacks, and denial-of-service attacks
You are preparing papers for a security conference in which you discuss remote attacks. Which of the following presentations should you give?
piracy; illegal
You purchased a copy of Microsoft Office and give a copy to a friend so he/she doesn't have to buy it too. This is _________ and is _________.
tailgating; shoulder surfing
_________ involves the physical entry of an attacker into a company's building; _________ involves the virtual entry of an attacker into a company's information system using valid authentication.
Cyberterrorism
_________ refers to malicious acts in which attackers use a target's computer systems to cause physical, real-world harm or severe disruption, often to carry out a political agenda.
Identity theft
_____________ is the deliberate assumption of another person's identity, usually to gain access to his or her financial information or to frame him or her for a crime.