Chapter 8
Which of the following best describes general controls?
General controls govern the design, security, and use of computer programs and the security of data files in general throughout the organization's information technology infrastructure.
__________ outlines medical security and privacy rules and procedures for simplifying the administration of health care billing and automating the transfer of health care data among health care providers, payers, and plans.
HIPAA
Which of the following statements best defines an acceptable use policy (AUP)?
It defines acceptable uses of the firm's information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet, and it specifies consequences for noncompliance.
________ is a more secure form of encryption that uses two keys, one shared and one totally private.
Public key encryption
What type of malicious software records every keystroke made on a computer?
Spyware
Mafiaboy successfully launched a ________ attack.
denial-of-service attacks (DoS)
Business continuity planning __________.
focuses on how the company can restore business operations after a disaster strikes
Which of the following best describes a firewall?
A combination of hardware and software that controls the flow of incoming and outgoing network traffic
__________ defines acceptable uses of the firm's information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet, and it specifies consequences for noncompliance.
An acceptable use policy (AUP)
Which type of software did the technician advise Caroline to install?
Anti-malware software
Which of the following best describes application controls?
Application controls include both automated and manual procedures that ensure that only authorized data are completely and accurately processed.
__________ is/are a combination of hardware and software that controls the flow of incoming and outgoing network traffic.
A firewall
__________ consists of statements ranking information risks, identifying acceptable security goals, and identifying mechanisms for achieving these goals.
A security policy
Which type of software prevents and detects malicious software programs including computer viruses, computer worms, Trojan horses, spyware, and adware?
Anti-malware software
Which of the following processes is being illustrated in this scenario?
Biometric authentication
__________ uses systems that read and interpret individual human traits, such as fingerprints, irises, and voices, in order to grant or deny access.
Biometric authentication
Which of the following focuses on how the company can restore business operations after a disaster strikes?
Business continuity planning
Which of the following scenarios illustrates denial of service (DoS), a type of security loss?
Computer worms infiltrating a network with so much artificial traffic that legitimate traffic cannot get through
Which of the following is a defining characteristic of a drive-by download?
Downloads are unintentional
__________ consist(s) of malware that comes with a downloaded file that a user intentionally or unintentionally requests.
Drive-by downloads
Which of the following best describes HIPAA?
HIPAA outlines medical security and privacy rules and procedures for simplifying the administration of health care billing and automating the transfer of health care data among health care providers, payers, and plans.
Which of the following encryption methods is being exemplified in this scenario?
Public key encryption
After the CEO of a large company in the United States was convicted for embezzlement, its chief financial officer secretly changed the company's financial data to keep their investor's sentiments positive. This lasted for only four weeks, and did not seem to affect the competitiveness of the other firms in the company's industry. Which U.S. government regulation would protect investors from this chief financial officer's actions?
Sarbanes-Oxley Act
__________ refers to software that covertly gathers information about a user through an Internet connection without the user's knowledge.
Spyware
Which of the following best describes the Gramm-Leach-Bliley Act?
The Gramm-Leach-Bliley Act requires financial institutions to ensure the security and confidentiality of customer data. Data must be stored on a secure medium, and special security measures must be enforced to protect such data on storage media and during transmittal.
__________ imposes responsibility on companies and their management to protect investors by safeguarding the accuracy and integrity of financial information that is used internally and released externally.
The Sarbanes-Oxley Act
Which of the following options describes an information systems' greatest vulnerability?
Through interconnected communication networks, the potential for unauthorized access or damage is spread through each device on a network.
The malware used by the individual is referred to as a __________.
Trojan horse
Which of the following malware appears to be a legitimate, benign program but carries a destructive payload and gives the creator unauthorized access?
Trojan horse
When processing takes place in the cloud, ________.
accountability and responsibility for protection of sensitive data still reside with the company owning that data
After the Anthem data breach in 2015, a local hospital created a new position for a chief information security officer (CISO) that would be responsible for a security policy that ________.
consists of statements ranking information risks, identifying acceptable security goals, and identifying mechanisms for achieving these goals.
The greatest security issue for cloud computing involves ________.
determining which company owns the data
If you operate a business today, you need to make security and the ________ a top priority.
methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its records, and operational adherence to management standards
The scenario in which a computer crime begins with the perpetrator pretending to be a bank representative, sends an email asking the victim to click on a link to confirm a username and password for the account is an example of ________.
phishing
The scenario where a perpetrator creates a web site that looks identical to a particular bank's web site for the purpose of inducing victims to enter otherwise private information (like usernames and passwords) is an example of ________.
spoofing
