Chapter 8: Securing Information Systems
9) Which of the following statements about Internet security is not true? A) The use of P2P networks can expose a corporate computer to outsiders. B) A corporate network without access to the Internet is more secure than one that provides access. C) VoIP is more secure than the switched voice network. D) Instant messaging can provide hackers access to an otherwise secure network. E) Most VoIP traffic is not encrypted.
C. VoIP is morer secure than the switched voice network.
2) __________ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards. A) "Legacy systems" B) "SSID standards" C) "Vulnerabilities" D) "Controls" E) "Authentication"
D. "Controls"
21) Evil twins are: A) Trojan horses that appear to the user to be a legitimate commercial software application. B) email messages that mimic the email messages of a legitimate business. C) fraudulent websites that mimic a legitimate business's website. D) bogus wireless network access points that look legitimate to users. E) viruses that affect smartphones.
D. Bogus wireless network access points the look legitimate to users.
11) A salesperson clicks repeatedly on the online ads of a competitor's in order to drive the competitor's advertising costs up. This is an example of: A) phishing. B) pharming. C) spoofing. D) click fraud. E) sniffing.
D. Click Fraud
50) The most common type of electronic evidence is: A) voice-mail. B) spreadsheets. C) instant messages. D) email. E) e-commerce transactions over the Internet.
D. Email
47) The HIPAA Act of 1996: A) requires financial institutions to ensure the security of customer data. B) specifies best practices in information systems security and control. C) imposes responsibility on companies and management to safeguard the accuracy of financial information. D) outlines medical security and privacy rules. E) requires that companies retain electronic records for at least 10 years.
D. Outlines medical security and privacy rules.
32) ________ identify the access points in a Wi-Fi network. A) NICs B) Mac addresses C) URLs D) SSIDs E) CAs
D. SSIDs
14) A keylogger is a type of: A) worm. B) Trojan horse. C) virus. D) spyware. E) SQL injection attack.
D. Spyware
6) Specific security challenges that threaten clients in a client/server environment include: A) tapping, sniffing, message alteration, and radiation. B) hacking, vandalism, and denial of service attacks. C) theft, copying, alteration of data, and hardware or software failure. D) unauthorized access, errors, and spyware. E) vandalism, message alteration, and errors.
D. unauthorized access, errors, and spyware
25) According to Ponemon Institute's 2014 Annual Cost of Cyber Crime Study, the average annualized cost of cybercrime for companies in the United States was approximately: A) $1.27 million. B) $12.7 million. C) $127 million. D) $1.27 billion. E) $12.7 billion.
B. $12.7 Million
26) Which of the following is a type of ambient data? A) Computer log containing recent system errors B) A file deleted from a hard disk C) A file that contains an application's user settings D) A set of raw data from an environmental sensor E) An email file
B. A file deleted from a hard disk
20) An example of phishing is: A) flooding a web server with thousands of requests for service. B) setting up a fake medical website that asks users for confidential information. C) a program that records the keystrokes on a computer. D) sending bulk email that asks for financial aid under a false pretext. E) malware that displays annoying pop-up messages.
B. Setting up a fake medical website that asks users for confidential information.
24) Tricking employees into revealing their passwords by pretending to be a legitimate member of a company is called: A) sniffing. B) social engineering. C) phishing. D) pharming. E) click fraud.
B. Social Engineering
13) Redirecting a web link to a different address is a form of: A) snooping. B) spoofing. C) sniffing. D) war driving. E) SQL injection attack.
B. Spoofing
23) Which of the following is the single greatest cause of network security breaches? A) Viruses B) User lack of knowledge C) Trojan horses D) Cyberwarfare E) Bugs
B. User lack of knowledge
7) Specific security challenges that threaten corporate servers in a client/server environment include: A) tapping, sniffing, message alteration, and radiation. B) hacking, vandalism, and denial of service attacks. C) theft, copying, alteration of data, and hardware or software failure. D) unauthorized access, errors, and spyware. E) vandalism, message alteration, and errors.
B. hacking, vandalizm. and denial of service attacks.
52) Computer forensics tasks include all of the following except: A) presenting collected evidence in a court of law. B) securely storing recovered electronic data. C) collecting physical evidence on the computer. D) finding significant information in a large volume of electronic data. E) recovering data from computers while preserving evidential integrity.
C. Collecting physical evidence on the computer.
33) A foreign country attempting to access government networks in order to disable a national power grid would be an example of: A) phishing. B) denial-of-service attacks. C) cyberwarfare. D) ransomware. E) injection attack.
C. Cyberwarfare
17) Which of the following is not an example of a computer used as a target of crime? A) Knowingly accessing a protected computer to commit fraud B) Accessing a computer system without authority C) Illegally accessing stored electronic communication D) Threatening to cause damage to a protected computer E) Breaching the confidentiality of protected computerized data
C. Illegally accessing store electronic communication
49) The Sarbanes-Oxley Act: A) requires financial institutions to ensure the security of customer data. B) specifies best practices in information systems security and control. C) imposes responsibility on companies and management to safeguard the accuracy of financial information. D) outlines medical security and privacy rules. E) requires that companies retain electronic records for at least 10 years.
C. Imposes responsibility on companies and management to safeguard the accuracy of financial information.
18) Which of the following is not an example of a computer used as an instrument of crime? A) Theft of trade secrets B) Intentionally attempting to intercept electronic communication C) Unauthorized copying of software D) Breaching the confidentiality of protected computerized data E) Illegally accessing stored electronic communications
C. Unauthorized copying of software
27) According to the 2015 Identity Fraud Study by Javelin Strategy & Research, how much did consumers lose to identity fraud in 2014? A) $1.6 million B) $16 million C) $160 million D) $1.6 billion E) $16 billion
E. $16 Billion
3) Which of the following statements about wireless security is not true? A) SSIDs are broadcast multiple times and can be picked up fairly easily by sniffer programs. B) Radio frequency bands are easy to scan. C) An intruder who has associated with an access point by using the correct SSID is capable of accessing other resources on the network. D) Intruders can force a user's NIC to associate with a rogue access point. E) Bluetooth is the only wireless technology that is not susceptible to hacking by eavesdroppers.
E. Bluetooth is the only wireless technology that is not susceptible to hacking by eavesdroppers.
15) Which of the following statements about botnets is not true? A) Eighty percent of the world's malware is delivered by botnets. B) Botnets are often used to perpetrate DDoS attacks. C) Ninety percent of the world's spam is delivered by botnets. D) Botnets are often used for click fraud. E) It is not possible to make a smartphone part of a botnet.
E. It is not possible to make a smartphone part of a botnet.
29) All of the following countries are popular sources of malware attacks except: A) the Netherlands. B) the United Kingdom. C) the United States. D) Germany. E) Mexico.
E. Mexico
28) Which of the following specifically makes malware distribution and hacker attacks to disable websites a federal crime? A) Computer Fraud and Abuse Act B) Economic Espionage Act C) Electronic Communications Privacy Act D) Data Security and Breach Notification Act E) National Information Infrastructure Protection Act
E. National Information Infrastructure Protection Act
4) Most computer viruses deliver a: A) worm. B) Trojan horse. C) driveby download. D) keylogger. E) payload.
E. Payload
8) CryptoLocker is an example of which of the following? A) Trojan Horse B) SQL injection attack C) Sniffer D) Evil twin E) Ransomware
E. Ransomware
34) All of the following have contributed to an increase in software flaws except: A) the growing complexity of software programs. B) the growing size of software programs. C) demands for timely delivery to markets. D) the inability to fully test programs. E) the increase in malicious intruders seeking system access.
E. The increase in malicious intruders seeking system access.
37) Viruses cannot be spread through email.
FALSE
38) The term cracker is used to identify a hacker whose specialty is breaking open security systems.
FALSE
39) Wireless networks are more difficult to penetrate because radio frequency bands are hard to scan.
FALSE
40) Computer worms spread much more rapidly than computer viruses.
FALSE
43) DoS attacks are used to destroy information and access restricted areas of a company's information system.
FALSE
35) Smartphones have the same security flaws as other Internet-connected devices.
TRUE
36) According to IT security experts, mobile devices pose greater security risks than larger computers.
TRUE
41) One form of spoofing involves forging the return address on an email so that the email message appears to come from someone other than the sender.
TRUE
42) Sniffers enable hackers to steal proprietary information from anywhere on a network, including email messages, company files, and confidential reports.
TRUE
44) Zero defects cannot be achieved in larger software programs because fully testing programs that contain thousands of choices and millions of paths would require thousands of years.
TRUE
45) Zeus is an example of a Trojan horse.
TRUE
46) Malicious software programs referred to as malware include a variety of threats such as computer viruses, worms, and Trojan horses.
TRUE
1) __________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems. A) "Security" B) "Controls" C) "Benchmarking" D) "Algorithms" E) "Authentication"
A. "Security"
51) All of the following are types of information systems general controls except: A) application controls. B) implementation controls. C) physical hardware controls. D) administrative controls. E) data security controls.
A. Application Controls
16) Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n) ________ attack. A) DDoS B) DoS C) SQL injection D) phishing E) ransomware
A. DDoS
31) ________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone else. A) Identity theft B) Spoofing C) Social engineering D) Evil twins E) Cybervandalism
A. Identity Theft
22) Pharming involves: A) redirecting users to a fraudulent website even when the user has typed in the correct address in the web browser. B) pretending to be a legitimate business's representative in order to garner information about a security system. C) setting up fake websites to ask users for confidential information. D) using emails for threats or harassment. E) malware that displays annoying pop-up messages.
A. Redirecting users to a fraudulent website even when the user has typed in the correct address in the web browser.
48) The Gramm-Leach-Bliley Act: A) requires financial institutions to ensure the security of customer data. B) specifies best practices in information systems security and control. C) imposes responsibility on companies and management to safeguard the accuracy of financial information. D) outlines medical security and privacy rules. E) requires that companies retain electronic records for at least 10 years.
A. Requires financial institutions to ensure the security of customer data.
12) Conficker (also known as Downadup or Downup) is an example of which of the following? A) SQL injection attack B) Browser parasite C) Worm D) Ransomware E) Script virus
A. SQLInjection Attack
19) Phishing is a form of: A) spoofing. B) logging. C) sniffing. D) war driving. E) ransomware.
A. Spoofing
30) A practice in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic is referred to as: A) war driving. B) sniffing. C) cybervandalism. D) driveby tapping. E) driveby downloading.
A. War Driving
10) An independent computer program that copies itself from one computer to another over a network is called a: A) worm. B) Trojan horse. C) bug. D) pest. E) sniffer.
A. Worm
5) Specific security challenges that threaten the communications lines in a client/server environment include: A) tapping, sniffing, message alteration, and radiation. B) hacking, vandalism, and denial of service attacks. C) theft, copying, alteration of data, and hardware or software failure. D) unauthorized access, errors, and spyware. E) errors, vandalism, and malware.
A. tapping, sniffing, message alteration, and radiation
