MIS Chapter 8
the increase in the number of computer hackers in the world.
All of the following have contributed to an increase in software flaws EXCEPT:
Risk assessment
An analysis of an information system that rates the likelihood of a security incident occurring and its cost would be included in which of the following?
uses a distributed ledger system of transactions
Blockchain refers to a technology that:
Ransomware
CryptoLocker is an example of which of the following?
SSL, TLS, and S-HTTP
Currently, the protocols used for secure information transfer over the Internet are:
False
T/F: Packet filtering catches most types of network attacks.
False
T/F: Smartphones typically feature state-of-the-art encryption and security features, making them highly secure tools for businesses.
cybervandalism
The intentional defacement or destruction of a website is called:
a firewall
Two-factor authentication utilizes a(n):
Conficker
Which of the following is a virus that uses flaws in Windows software to take over a computer remotely?
$1,250
Your company, an online discount pet supply store, has calculated that a loss of Internet connectivity for 3 hours results in a potential loss of $2,000 to $3,000 and that there is a 50% chance of this occurring each year. What is the annual expected loss from this exposure?
SSIDs
________ identify the access points in a Wi-Fi network
The Sarbanes-Oxley Act
imposes responsibility on companies and management to safeguard the accuracy of financial information
enforce a security policy on data exchanged between its network and the Internet.
A firewall allows the organization to:
cyberwarfare
A foreign country attempting to access government networks in order to disable a national power grid is an example of:
click fraud
A salesperson clicks repeatedly on the online ads of a competitor in order to drive the competitor's advertising costs up. This is an example of:
Security policy
A statement ranking information risks and identifying security goals would be included in which of the following?
body odor
All of the following are currently being used as traits that can be profiled by biometric authentication EXCEPT:
sniffing
All of the following are specific security challenges that threaten corporate servers in a client/server environment EXCEPT:
radiation
All of the following are specific security challenges that threaten corporate systems in a client/server environment EXCEPT:
phishing
All of the following are specific security challenges that threaten the communications lines in a client/server environment EXCEPT:
application controls
All of the following are types of information systems general controls EXCEPT:
two-factor authentication
An authentication system in which a user must provide two types of identification, such as a bank card and PIN, is called:
spear phishing
An employee clicks on a link in an email from what looks like a fellow employee and is taken to a fraudulent web site which asks for personal information is an example of:
Phishing emails
As described in the chapter case, which of the following did hackers use to gain access to the Democratic National Committee (DNC) network?
Implementation controls
Audit the systems development process at various points to ensure that the process is properly controlled and managed.
collecting physical evidence on the computer
Computer forensics tasks include all of the following EXCEPT:
redundant hardware, software, and power supplies
Fault tolerant information systems offer 100 percent availability because they use:
deep packet inspection
In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.
Symmetric key encryption
In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?
payload
Most computer viruses deliver a:
False
T/F: A computer virus replicates more quickly than a computer worm.
True
T/F: A computer worm is a program that can copy itself to other computers on the network
True
T/F: A computer worm is a program that can copy itself to other computers on the network.
True
T/F: A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic.
True
T/F: An acceptable use policy defines acceptable uses of the firm's information resources and computing equipment
True
T/F: Application proxy filtering examines the application content of packets.
True
T/F: Authentication refers to verifying that people are who they claim to be.
True
T/F: Biometric authentication uses systems that read and interpret individual human traits.
True
T/F: DoS attacks flood a network server with thousands of requests for service.
True
T/F: In cloud computing, accountability and responsibility for protection of sensitive data resides with the company owning the data
True
T/F: In public key encryption, the keys are mathematically related so that data encrypted with one key can be decrypted using only the other key.
False
T/F: Malicious software programs referred to as spyware include a variety of threats such as computer viruses, worms, and Trojan horses
False
T/F: Most IoT devices support sophisticated security approaches.
False
T/F: Organizations can use existing network security software to secure mobile devices.
True
T/F: Phishing is a form of spoofing.
True
T/F: SSL is a protocol used to establish a secure connection between two computers.
False
T/F: Smartphones do not have the same security flaws as other Internet-connected devices.
True
T/F: Sniffers enable hackers to steal proprietary information from anywhere on a network, including email messages, company files, and confidential reports.
True
T/F: Symmetric encryption uses one key.
True
T/F: The term cracker is used to identify a hacker with criminal or malicious intent.
False
T/F: Wireless networks are more difficult for hackers to gain access to because radio frequency bands are difficult to scan
True
T/F: Zero defects cannot be achieved in larger software programs because fully testing programs that contain thousands of choices and millions of paths would require thousands of years.
DDoS
Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n) ________ attack.
uses much longer encryption keys
WPA2 is a more effective way to secure a wireless network than WEP because it:
zero-day vulnerability
When a hacker discovers a security hole in software that is unknown to the software vendor, it is an example of:
identity theft
When hackers gain access to a database containing your personal private information, this is an example of:
An AUP
Which of the following defines acceptable uses of a firm's information resources and computing equipment?
Disaster recovery planning
Which of the following focuses primarily on the technical issues of keeping systems up and running?
Illegally accessing stored electronic communication
Which of the following is NOT an example of a computer used as a target of crime?
A file deleted from a hard disk
Which of the following is a type of ambient data?
User lack of knowledge
Which of the following is the single greatest cause of network security breaches?
Controls
Which of the following refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards?
War driving
Which of the following refers to eavesdroppers driving by buildings or parking outside and trying to intercept wireless network traffic?
Security
Which of the following refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems?
National Information Infrastructure Protection Act
Which of the following specifically makes malware distribution and hacker attacks to disable websites a federal crime?
Wi-Fi networks are not vulnerable to security breaches.
Which of the following statements about Internet security is NOT true?
It is not possible to make a smartphone part of a botnet.
Which of the following statements about botnets is NOT true?
Authentication cannot be established by the use of a password.
Which of the following statements about passwords is NOT true?
Application proxy filtering
Which of the following techniques stops data packets originating outside the organization, inspects them, and passes the packets to the other side of an organization's firewall?
Ransomware
________ is malware that hijacks a user's computer and demands payment in return for giving back access.
A keylogger
________ is spyware that logs and transmits everything a user types.
Intrusion detection systems
________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.
Evil Twins
bogus wireless network access points that look legitimate to users.
The HIPAA Act of 1996
outlines medical security and privacy rules.
Pharming
redirecting users to a fraudulent website even when the user has typed in the correct address in the web browser.
The Gramm-Leach-Bliley Act
requires financial institutions to ensure the security of customer data.
A Trojan horse
software that appears to be benign but does something other than expected.
A digital certificate system
uses third party CAs to validate a user's identity.
A digital certificate system
uses tokens to validate a user's identity