C724 : Unit 7 - Test Review
Organizations must implement procedures to defend themselves against risks from vulnerabilities and threats to their daily operations. Which of the following is NOT a procedure that would be helpful in protecting organizations against risks and vulnerabilities?
Identify potential markets for the organization.
What is the best way for individuals to safeguard their computers against malware?
Install the latest anti-malware and antivirus programs.
Which of the following is an international law or agreement created to combat increasing piracy software and digital goods?
World Intellectual Property Organization (WIPO) Copyright Treaty - an international treaty developed to combat increasing piracy of software and digital goods, allowing organizations to more easily seek out and prosecute violators of their copyright.
As a student taking a course at a university, which of the following legislation must your university follow when dealing with your personal information?
Family Educational Rights and Privacy Act (FERPA) of 1974.
Organizations must follow procedures to store or transfer their financial information as outlined in which of the following legislation?
Financial Services Modernization Act (aka Gramm-Leach-Bliley Act) of 1999 - requires organizations and individuals to adhere to rules and procedures for storing and transferring financial information.
Criminals use which method to steal personal information by redirecting users to a legitimate, official-looking website?
Pharming
Criminals use which method to send legitimate-looking emails to innocent victims, which direct them to a Website where they are asked to input personal information such as user logon and password?
Phishing
Which of the following action is considered ethical, social, and legally acceptable?
A small business owner installs Microsoft Office suite on all the computers in his office.
Organizations are constantly encountering cyber-attacks from intruders. For instance, in late 2013, the security system of Target Stores, Inc., was compromised by which of the following type of attacker?
Black Hat - a computer hacker who acts with a criminal intent.
(Select all that apply). What are some of the actions that savvy users do to protect their privacy?
Delete cookies from the computer periodically. Enable popup blockers.
Organizations need to include redundancy in their business disaster recovery plan by creating duplicate facilities. Which of the following sites offer offsite office space that allow recovery within minutes to hours?
Hot Sites
The Virtue ethical model focuses on which of the following?
Human Behaviors - the Virtue Ethical Model values human behaviors that allow us to act in aspirational ways, such as compassion, trustworthiness, honesty, generosity, kindness, autonomy, courage, and obedience.
As the owner of a small business, which of the following would allow your clients to sue you in court for any mismanagement?
Liability
A disaster recovery plan (DRP) is a document of procedures to do what?
Recover and protect business operations.
One way to reduce the possibility of fraud and abuse of data resources is to apply which concept of information security, which ensures that personnel's responsibilities and duties are separated from their access?
Separation of Duties
What is the safest way to access a public Wi-Fi?
Use a Virtual Private Network
Geographic Information Systems (GIS) provide cities, states, municipalities, and even the public, with information such as property tax delinquencies, value of our houses, and addresses of sexual predators. Which of the following statements is FALSE?
The privacy of sexual predators is not violated because it is public information.
Which of the following must be enforced to protect the organization's corporate data resources and to control access to the information assets?
Authentication and Authorization
[True/False] Implementing devices in our computer systems to help in identity and approved equipment verification is a defensive method of technological measures.
False - This is a proactive method.
[True/False] The process of turning information into an unreadable format to prevent unauthorized access is known as decryption.
False - it is called encryption.
In order to keep company computers secure, users must agree to an _______________ policy stipulated by the organization in order to access a company network or the Internet.
Acceptable Use
Which of the following category of generalized ethical issues refers to creation of barriers to access?
Accessibility
Consult legal counsel and retain documentation of all stolen information.
Accountability - the application of responsibility, or an obligation to accept responsibility. You accepted the responsibility of a student, and you thereby are accountable for your actions as a student.
Which of the following actions is the hardest, but most desirable in individuals and businesses?
Actions that are both legal and ethical.
Evil twins and pharming are two different examples of phishing. What's the best example of pharming and where it can occur?
Airports or coffee shops, where criminals redirect users to a website that looks official and legitimate.
Security policies are output from an organization's risk assessment process, which cover an organization's need for various levels of security. Auditing is an example of a security policies control. Which of the following is FALSE regarding auditing?
Auditing can only be used by the accounting department.
Which of the following is a U.S. law stipulating what a website operator must include in a privacy policy?
Children's Online Privacy and Protection Act (COPPA) - also requires them to obtain parental permission from children under the age of 13 before collecting any information.
Software companies such as Microsoft frequently develop system updates. What should individuals do with these system updates?
Configure your computer system to receive these updates automatically.
If your identity has been stolen, what should you do?
Consult legal counsel and retain documentation of all stolen information.
Which of the following actions will help us protect our computer against failure?
Create automatic backups on cloud storage.
At any point in time, all data must be categorized as being in one of the three states. Data that are not being accessed by the CPU are considered to be in which of the following three states?
Data at Rest - data that are stored on secondary or tertiary storage (e.g., on a hard drive or portable media), and also data that are not being accessed by the CPU.
At any point in time, all data must be categorized as being in one of the three states. Data that are in main memory or RAM are categorized as being in which of the following three states?
Data in Motion - data that is being transferred over a network or are waiting in primary storage to be read or updated.
Which of the following is a set of regulations to protect Internet users from clandestine tracking and unauthorized personal data usage?
European Union's General Data Protection Regulation (GDPR)
We need to intentionally harden our individual security to make it harder for criminals to steal our information assets by removing all paper trails to our important information. ___________________________________________ using a cross-cut shredder will help eliminate this possibility.
Destroying Sensitive Information
Which of the following is NOT a legislation created to protect the integrity and confidentiality of information?
Digital Millennium Copyright Act (DMCA)
(Select all that apply). Organizations need to implement controls that will help them mitigate risks due to technological factors. Which of the following are controls to counteract risks due to the use of computers for business operations?
Disallowing employees to share access with other employees or customers. Adopting email policies and equipment to limit spam and malware on computer systems.
Which of the following is a proactive technological measure that could help protect our privacy?
Email Encryption
How do organizations confirm the identity of their employees before they are allowed access to the corporate data resources?
Employees must be authenticated.
[True/False] Every time we use a computer, we are exposed to the risk of getting a computer virus, even when we scan a photo onto a jump drive using a scanner or a printer.
False
[True/False] Digital goods are adequately protected as intellectual property under the historical copyright laws.
False - Digital goods can be easily and quickly copied and shared over the Internet.
[True/False] Information is a valuable asset and not everyone in the world can be trusted with it. Therefore, we need to protect our valuable information from those with poor intentions. The protection of our information assets is a discipline known as data security.
False - The protection of our information assets is known as Information Security.
Installing the latest antivirus applications onto your computer is one way to protect your computer from __________________________ software which can be used to steal information or spy on users.
Malware
(Select all that apply). If we intentionally harden our individual security, we can make it more difficult for criminals to steal our information assets. Which of the following recommendations will harden our individual security?
Manage the retention and disposal of potentially sensitive information. Randomize behavior.
Which of the following is an international establishment of laws that help to protect fundamental human right to privacy?
Organization for Economic Co-operation and Development (OECD) - an international agency consisting of 34 developed countries. Founded in 1961 to stimulate economic progress and world trade, it has since created an anti-spam task force, wrote papers on best practices for ISPs, and worked on the information economy and the future of the Internet economy.
Which of the following factors deals with the potential loss of business from the dismissal or death of an important key manager?
Organizational Factors
Which of the following concept dictates that personnel should be given access on a need-to-know basis?
Principle of Least Privilege
Organizations must follow procedures to ensure the accuracy, integrity, and security of their financial information as outlined in which of the following legislation?
Public Company Accounting Reform and Investor Act (aka Sarbanes-Oxley Act) of 2002.
Security policies are output from an organization's risk assessment process, which cover an organization's need for various levels of security. Acceptable use policy (AUP) is an example of a security policies control. Which of the following is TRUE regarding AUP?
The AUP specifies acceptable and tolerable uses of an organization's computer systems, equipment, and information assets.
Which of the following factors deals with employee training to mitigate the risks to an organization?
Technological Factors - include: training, careful planning, and intelligent acquisition of technology and services that will help an organization mitigate the risks that they are exposed to.
Which of the following is NOT a benefit for individuals to take information security training?
To understand the concept of safe harbor - this is a framework developed by the U.S. Department and European Commission.
Biometrics is the study and measuring of individual body characteristics, and is often used in computer security. Biometrics falls under which of the following methods?
Unique Identity
Which of the following category of ethical models for ethical behavior approach assesses the consequences and/or outcomes of an action to determine the greatest good or least harm for the greatest number, regardless of the justice or fairness of or to the individual?
Utilitarian Approach - evaluates the consequences and/or outcome of an action to generate the maximum benefits for those involved.
Which of the following ethical models values human behaviors that allow us to act in aspirational ways?
Virtue - ethical approach which values human behaviors that allow us to act in aspirational ways, such as compassion, trustworthiness, honesty, generosity, kindness, autonomy, courage, and obedience.
Organizations need to include redundancy in their business disaster recovery plan by creating duplicate facilities. Which of the following sites offer offsite office space that allow recovery within hours to days?
Warm Sites - offer offsite office space with available systems and service connections, require staffing and updates, allowing recovery within hours to days.