ITS Final Exam (Chapter 10)
________ targeted at networks is designed to spread by itself without the need for an infected host file to be shared. Question options: A) Spyware B) Adware C) Spam D) A worm E) A logic bomb
A worm
People who break into computer systems with the intention of doing damage or committing a crime are called ________. Question options: A) worms B) white hats C) bots D) crackers E) cyber spies
crackers
Some violations of state and federal computer crime laws are punishable by fines and by not more than one year in prison. Such violations are charged as ________. Question options: A) larcenies B) misdemeanors C) indictments D) embezzlements E) felonies
Misdemeanors
________ refers to offering stolen proprietary software for free over the Internet. Question options: A) Warez peddling B) Bot herding C) Spam filtering D) Viral marketing E) Spear phishing
Warez peddling
________ contains spyware that collects information about a person's Web surfing behavior in order to customize Web site banner advertisements. Question options: A) A cookie B) Adware C) A honeypot D) Firmware E) Malware
Adware
Controls that are used to assess whether anything went wrong, such as unauthorized access attempts, are called ________ controls. Question options: A) preventive B) adaptive C) protective D) detective E) corrective
Detective
With ________, employees may be identified by fingerprints, retinal patterns in the eye, facial features, or other bodily characteristics before being granted access to use a computer or to enter a facility. Question options: A) passwords B) CAPTCHAs C) biometrics D) smart cards E) ECHELONs
Biometrics
Which of the following types of plans describes how a business resumes operation after a disaster? Question options: A) emergency operation plan B) virtual private network plan C) business unit plan D) internal operations plan E) business continuity plan
Business continuity plan
In ________, an attacker accesses the network, intercepts data from it, and even uses network services and/or sends attack instructions to it without having to enter the home, office, or organization that owns the network. Question options: A) cybersquatting B) hacktivism C) viral marketing D) drive-by hacking E) denial-of-service
Drive-by hacking
A ________ is nothing more than an empty warehouse with all necessary connections for power and communication but nothing else. Question options: A) firewall B) collocation facility C) botnet D) cold backup site E) buying center
Cold backup site
Some data centers rent server space to multiple customers and provide necessary infrastructure in terms of power, backups, connectivity, and security. Such data centers are called ________. Question options: A) virtual private networks B) offshore networks C) control centers D) hot backup sites E) collocation facilities
Collocation Facilities
________ refers to the use of a computer to communicate obscene, vulgar, or threatening content that causes a reasonable person to endure distress. Question options: A) Cyberharassment B) Hacktivism C) Spam filtering D) Bot herding E) Viral marketing
Cyberharassment
A mass cyber attack occurred in a country when it took severe actions against a group of citizens who protested against the country's religious policies. The attack involved a denial-of-service in which selected sites were bombarded with traffic to force them offline. This is an example of ________. Question options: A) cyberterrorism B) cyberforensics C) logic bombing D) cyberbullying E) cybersquatting
Cyberterrorism
Computers that are located in homes, schools, and businesses are infected with viruses or worms to create armies of zombie computers to execute ________ attacks. Question options: A) malware B) digital marketing C) denial-of-service D) product-as-service E) adware
Denial-of-service
Which of the following is the most accurate definition of a botnet? Question options: A) a small text file passed to a Web browser on a user's computer by a Web server B) spider software used by a search algorithm to crawl various Web sites to return a query C) a fraudulent e-mail attack that targets a specific person or organization by personalizing the message D) destructive software robots working together on a collection of zombie computers via the Internet E) a common platform used by search engines to index the contents of a Web site
Destructive software robots working together on a collection of zombie computers via the internet
Which of the following is one of the main federal laws against computer crimes in the United States? Question options: A) Electronic Communications Privacy Act of 1986 B) Satellite Act of 1962 C) Trade Expansions Act of 1962 D) United States Information and Educational Exchange Act E) Central Intelligence Agency Act
Electronic Communications Privacy Act of 1986
(T/F) A honeypot is a computer, data, or network site that is used to penetrate other networks and computer systems to snoop or to cause damage.
False
(T/F) A hot backup site is an empty warehouse with all necessary connections for power and communication.
False
(T/F) An account management policy explains technical controls on all organizational computer systems, such as access limitations, audit-control software, firewalls, and so on.
False
(T/F) Information dissemination refers to the use of Web sites to provide information for recruiting new members as well as utilizing more interactive Internet technologies.
False
(T/F) Insuring all the systems and information processing tasks is an essential part of risk acceptance strategy.
False
(T/F) Logic bombs are variations of a worm that can reproduce themselves to disrupt the normal functioning of a computer.
False
(T/F) Ransomware is a type of adware.
False
(T/F) Secure Sockets Layer is a popular private key decryption method used on the Internet.
False
(T/F) Spyware is electronic junk mail or junk newsgroup postings usually posted for the purpose of advertising some product and/or service.
False
(T/F) The term dumpster diving refers to the task of modifying the operating system to remove manufacturer or carrier restrictions in order to run applications other than those from the official store.
False
Which of the following is a part of a computer system designed to detect intrusion and to prevent unauthorized access to or from a private network? Question options: A) botnet B) honeypot C) spam filter D) firewall E) cookie
Firewall
Which of the following terms refers to a computer, data, or network site that is designed to be enticing to crackers so as to detect, deflect, or counteract illegal activity? Question options: A) botnet B) bot herder C) firewall D) honeypot E) zombie computer
Honeypot
________ refers to precautions taken to keep all aspects of information systems safe from destruction, manipulation, or unauthorized use or access. Question options: A) Information systems security B) Information systems planning C) Information systems resource D) Information systems audit E) Information systems distribution
Information systems security
Which of the following examples can be considered as a violation for a copyright? Question options: A) music by an existing band B) Amazon's one-click buying C) mobile phones D) Apple's multitouch technology E) tablets
Music by an existing band
Independent citizens or supporters of a country that perpetrate attacks on perceived or real enemies are called ________. Question options: A) bot herders B) online predators C) patriot hackers D) hacktivists E) ethical hackers
Patriot Hackers
Robert receives an e-mail which says that he has won an online lottery worth $50 billion. Robert has his doubts as he does not remember buying a lottery ticket. He finds out that it is a spam e-mail intended to obtain his bank account details and credit card number. Which of the following is evident here? Question options: A) a worm B) hacktivism C) phishing D) a logic bomb E) tunneling
Phishing
An organization takes active countermeasures to protect its systems, such as installing firewalls. This approach is known as ________. Question options: A) risk rescheduling B) risk elimination C) risk acceptance D) risk transference E) risk reduction
Risk reduction
Which of the following laws makes it mandatory for organizations to demonstrate that there are controls in place to prevent misuse and detect any potential problems? Question options: A) U.S.A. Patriot Act B) Electronic Communications Privacy Act of 1986 C) Trade Expansion Act of 1962 D) Central Intelligence Agency Act E) Sarbanes-Oxley Act
Sarbanes-Oxley Act
When using Yahoo Messenger, Roger gets an unsolicited advertisement from a company. The advertisement contains a link to connect to the merchant's Web site. Which of the following is the most suitable way of describing this type of advertisement? Question options: A) adware B) Internet hoax C) cyber squatting D) cookie E) spam
Spam
________ is a more sophisticated fraudulent e-mail attack that targets a specific person or organization by personalizing the message in order to make the message appear as if it is from a trusted source. Question options: A) Spear phishing B) Cyber tunneling C) Hacking D) Logic bombing E) Viral marketing
Spear phishing
________ refers to any software that covertly gathers information about a user through an Internet connection without the user's knowledge. Question options: A) Spyware B) Web filter C) Spam D) Bot herder E) Cookie
Spyware
Which of the following U.S. laws amended the Computer Fraud and Abuse Act to allow investigators to easily access voice-related communications? Question options: A) the Patriot Act B) the Non-Detention Act C) the Video Privacy Protection Act D) the Espionage Act E) the Clery Act
The Patriot Act
Which of the following is the most accurate definition of a computer crime? Question options: A) the act of using a computer to commit an illegal act B) the act of stealing a computer and related hardware C) the act of providing personal information to Web sites when shopping D) the act of using someone's computer to check e-mail E) the act of using someone's computer to browse the Internet
The act of using a computer to commit an illegal act
(T/F) A firewall is a part of a computer system designed to detect intrusion and prevent unauthorized access to or from a private network.
True
(T/F) A virtual private network is also called a secure tunnel.
True
(T/F) Control objectives for information and related technology (COBIT) is a set of best practices that helps organizations to maximize the benefits from their IS infrastructure and establish appropriate controls.
True
(T/F) Cyberwar refers to an organized attempt by a country's military to disrupt or destroy the information and communication systems of another country.
True
(T/F) Making false accusations that damage the reputation of the victim on blogs, Web sites, chat rooms, or e-commerce sites is a form of cyberstalking.
True
(T/F) Patriot hackers are independent citizens or supporters of a country that perpetrate attacks on perceived or real enemies.
True
(T/F) Recovery point objectives are used to specify how current the backup data should be.
True
(T/F) Spam filters are used to reduce the amount of spam processed by central e-mail servers.
True
(T/F) The term shoulder surfing refers to looking over one's shoulder while the person is keying in access information.
True
(T/F) The term social engineering refers to misrepresenting oneself to trick others into revealing information.
True
Employees steal time on company computers to do personal business. This is an example of ________. Question options: A) functional inconvenience B) cyberstalking C) unauthorized access D) hacking E) vandalism
Unathorized access