Chapter 12
Which of the following statements is true of the financial losses due to computer security threats?
The financial losses faced by companies due to human error are enormous.
Which of the following refers to viruses that masquerade as useful programs?
Trojan horses
occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones.
Usurpation
Which of the following statements is true of symmetric encryption?
With symmetric encryption, the same key is used for both encoding and decoding.
The procedure of entrusting a party with a copy of an encryption key that can be used in case the actual key is lost or destroyed is called
key escrow
A(n) ________ is a sophisticated, possibly long-running, computer hack that is perpetrated by large, well-funded organizations like governments.
Advanced Persistent Threat (APT)
are small files that browsers store on users' computers when they visit Web sites.
Cookies
Which of the following occurs when millions of bogus service requests flood a Web server and prevent it from servicing legitimate requests?
DOS attack
Which of the following statements is true about position sensitivity?
Documenting position sensitivity enables security personnel to prioritize their activities.
take computers with wireless connections through an area and search for unprotected wireless networks.
Drive-by sniffers
is the process of transforming clear text into coded, unintelligible text for secure storage or communication.
Encryption
The most secure communications over the Internet use a protocol called
HTTPS
Typically, a help-desk information system has answers to questions that only a true user would know. Which of the following statements is true of this information?
It helps authenticate a user.
includes viruses, worms, Trojan horses, spyware, and adware.
Malware
determine whether to pass each part of a message by examining its source address, destination addresses, and other such data.
Packet-filtering firewalls
With HTTPS, data are encrypted using a protocol called the
Secure Socket Layer (SSL)
is a technique for intercepting computer communications.
Sniffing
With HTTPS, data are encrypted using the Secure Socket Layer (SSL) protocol, which is also known as
Transport Layer Security (TLS)
Adware and spyware are similar to each other in that they both
are installed without a user's permission
A password ________ a user.
authenticates
Which of the following is an example of a data safeguard against security threats?
backup and recovery
Which of the following uses an individual's personal physical characteristics such as fingerprints, facial features, and retinal scans for verification purposes?
biometric authentication
During which of the following computer crimes does a password cracker try every possible combination of characters?
brute force attack
Backup and physical security are ________ against computer security threats.
data safeguards
Which of the following is a synonym for phishing?
email spoofing
Organizations should protect sensitive data by storing it in ________ form.
encrypted
Breaking into computers, servers, or networks to steal proprietary and confidential data is referred to as
hacking
Which of the following is a technical safeguard against security threats?
identification and authorization
A user name ________ a user.
identifies
In terms of password management, when an account is created, users should
immediately change the password they are given to a password of their own
A(n) ________ includes how employees should react to security problems, whom they should contact, the reports they should make, and steps they can take to reduce further loss.
incident-response plan
A(n) ________ is a computer program that senses when another computer is attempting to scan a disk or access a computer.
intrusion detection system
A(n) ________ sits outside an organizational network and is the first device that Internet traffic encounters.
perimeter firewall
Users of smart cards are required to enter a ________ to be authenticated.
personal identification number
A ________ pretends to be a legitimate company and sends emails requesting confidential data.
phisher
Mark receives an email from his bank asking him to update and verify his credit card details. He replies to the mail with all the requested details. Mark later learns that the mail was not actually sent by his bank and that the information he had shared has been misused. Mark is a victim of
phishing
Which of the following is a data safeguard against security threats?
physical security
A person calls the Stark residence and pretends to represent a credit card company. He asks Mrs. Stark to confirm her credit card number. This is an example of
pretexting
Which of the following is a human safeguard against security threats?
procedure design
The enforcement of security procedures and policies consists of three interdependent factors:
responsibility, accountability, and compliance
A(n) ________ is a measure that individuals or organizations take to block a threat from obtaining an asset.
safeguard
Activity log analyses constitute an important ________ function.
security monitoring
Which of the following is considered a personal security safeguard?
send no valuable data via email or IM
A ________ has a microchip that is loaded with identifying data.
smart card
Which of the following types of security loss is WikiLeaks an example of?
unauthorized data disclosure