Chapter 10 MIS250
________ refers to an attack in which computers in a botnet are directed to flood a single website server with rapid-fire page requests, causing it to slow down or crash. A) Distributed denial of service B) Social engineering C) Keylogging D) Phishing
A
A(n) ________ lists out and rates the vulnerabilities of an organization. A) risk matrix B) incidence response plan C) public key encryption scheme D) social engineering plan
A
Which of the following is an example of intellectual property owned by an IT firm? A) software code B) real estate C) office stationery D) legal documents
A
Organizations use a(n) ________ to categorize a security threat, determine its cause, preserve any evidence, and get systems back online so they can resume business. A) risk matrix B) incidence response plan C) vulnerability assessment scheme D) total quality management program
B
The term ________ refers to a collection of computers that have been compromised by malware, often through some vulnerability in their software or operating system. A) honeypot B) botnet C) Trojan horse D) black swan
B
Which of the following authentication strategies is the most difficult to forge, crack, or copy and is hence used for physical security? A) password B) RFID chip C) fingerprint scanner D) credit card
C
________ refers to a system of moral principles that human beings use to judge right and wrong, and to develop rules of conduct. A) Religion B) Ethics C) Creativity D) Theology
B
Which of the following technologies is most likely to be used by organizations as an authentication strategy? A) intelligent character recognition B) optical mark recognition C) voice pattern recognition D) blood group recognition
C
________ is a widely accepted ethical system that considers the greatest good for the greatest number and considers the consequences of an action, weighing its positive effects against its harmful ones. A) Structuralism B) Individualism C) Utilitarianism D) Libertarianism
C
A drawback of online anonymity is that it ________. A) protects whistleblowers and oppressive governments B) increases inhibitions in online communication C) increases accountability of users D) protects spammers and imposters
D
Which of the following is an accurate definition of malware? A) software for end-user applications such as word processors and ERP software B) software used to test a hardware or software package C) software used to track and prevent malicious attacks on systems D) software designed to attack computer systems
D
________ is one way of recovering systems in an incidence response plan. A) Prosecuting the offender for a security risk B) Reevaluating the risk matrix C) Restricting system access D) Restoring from media known to be good
D
Phishing attacks tend to start with an email luring users to click on a link.
True
Trade secrets, software, patents, and copyrighted works comprise intellectual property.
True
________ is the art of manipulating people into breaking normal security procedures or divulging confidential information. A) Password munging B) Shouldersurfing C) Social engineering D) Astroturfing
C
79) Which of the following technologies serves as a biometric identifier for physical security? A) iris configuration B) RFID chip C) credit card D) user ID-password combination
A
A ________ is a gateway service that permits users to log in once, with one specific user ID and password, to gain access to multiple software applications. A) Single sign-on B) Canonical account C) Pre-shared key D) Shadow password
A
Botnets function with the use of ________. A) malware B) middleware C) application software D) firmware
A
Evelyn Birch is a freelance content writer whose desktop computer has been infected with a software program that installed itself without her knowledge. The program monitors the websites she visits, her email communications, etc. Data gathered from the monitoring activity is sent to a remotely located hacker. Which of the following is most likely to have infected Evelyn's computer? A) spyware B) web crawler C) black swan D) firewall
A
For which of the following purposes are botnets most likely to be used? A) capturing Internet users' sensitive information B) attracting different types of malware to track their origins C) encrypting critical information to protect it from loss or corruption D) tracking and eliminating computer worms and viruses
A
Lora Jones is a security expert hired by a Manhattan-based law firm to perform a formal risk assessment of the firm's data assets. Which of the following steps should she undertake first in order to assess the firm's readiness to face any potential security breaches? A) understanding which information assets need protection B) evaluating controls and filling in security gaps C) predicting future risks and devising strategies to prevent them D) recovering existing assets from damage
A
Under which of the following circumstances is information privacy most difficult to achieve? A) when information is stored on highly interconnected systems B) when information is mainly on paper C) when information is maintained on isolated systems D) when information is converted to code form using mathematical equations
A
Which of the following administrative security controls is most likely to be adopted by a company which handles high-level sensitive information? A) prohibiting downloading data to USB drives B) restricting employee access to official mails C) prohibiting public access to the company's website D) prohibiting entry of employees into shared workspaces
A
Which of the following is a drawback of digital rights management encountered by users today? A) DRM systems prevent legitimate duplication of digital content in the event of hardware failure. B) DRM systems do not function efficiently across geographical borders. C) DRM systems often violate intellectual property rights of creators of IP. D) DRM systems do not consistently manage the different formats of digital content.
A
Which of the following is a reason why employers adopt surveillance technologies to track online communications? A) to increase employee productivity B) to enable efficient data mining C) to prevent data redundancy D) to facilitate faster communication
A
Which of the following is an accurate definition of a computer virus? A) It is a software program that can damage files or other programs. B) It is a software program that attracts potentially malicious attacks to study their origin. C) It is a software program that masks the browsing history and preferences of Internet users. D) It is a software program that inspects incoming or outgoing traffic to a computer network.
A
Which of the following is an element of privacy? A) the right to be left alone B) the right to view, correct, and edit private, protected information C) the right to withhold taxes D) the right to demand information
A
Which of the following is potentially a negative impact of surveillance in online communications? A) lowered productivity of employees B) compromised company security C) increased levels of confidentiality D) increased pressure on corporate email systems
A
Which of the following is true of phishing? A) It is the process of stealing personal data from a victim by convincing him to disclose information. B) It is useful in monitoring the web traffic into and out of an unsecured computer network. C) It involves the use of several thousand computers to launch malicious attacks that can cripple websites. D) It uses small pieces of code inserted into a browser that track an Internet user's activity and transmit the data to third parties.
A
Which of the following precautions need to be taken in order to create a secure password? A) Personal information should not be used in passwords. B) Consistently similar character types should be used. C) A single, memorable password should be used for all logins. D) Passwords should rarely be changed.
A
Which of the following principles is consistent with the utilitarian ethical framework? A) First, do no harm B) Thou shalt not kill C) Protect free speech D) Liberté, égalité, fraternité
A
Which of the following statements is true of encryption? A) It is a powerful technical control that protects sensitive data. B) It helps recover encoded files through an image processor even if the user forgets the password. C) It allows application of notification laws when an organization loses sensitive information. D) It increases the level of risk assessments when it is used for backup data.
A
Which of the following statements is true of natural laws and rights? A) Natural laws and rights do not consider the actual consequences of an action when judging its morality. B) Natural laws and rights is an ethical framework that takes into account the effects of an action, weighing its good effects against its harmful ones. C) Natural laws and rights involve judging what action would create the greatest good for the greatest number of people. D) Natural laws and rights is a framework based on the central tenet that states, "The needs of the many outweigh the needs of the few."
A
What does the Family Educational Rights and Privacy Act (FERPA) stipulate? A) protecting privacy rights of European students outside the continent B) establishing privacy rights over educational records C) prohibiting educational institutes from sending misleading or deceptive commercial emails to prospective students D) permitting transfer of private data to third parties to contribute toward educational processes
B
What of the following is a drawback of cloud computing? A) It delivers computing as a product rather than a service. B) Data protection laws are not uniform across countries. C) Resources are difficult to share because information is maintained on a protected server. D) It provides computation that requires end-user knowledge of the physical location and configuration of the system that delivers services.
B
Which of the following authentication strategies is the easiest to compromise or crack? A) iris configuration B) reliance on user knowledge C) fingerprint analysis D) voice pattern recognition
B
Which of the following is a feature of public key encryption? A) It uses a single point key to encrypt and decrypt data. B) It uses a pair of keys, one to encrypt the data and the other to decrypt data. C) It uses multiple numbers of keys accessible to all members of an organization. D) It uses a duplication process to replicate keys.
B
Which of the following is a reason why humans are soft targets for social engineering? A) need for anonymity B) respect for authority C) need for privacy D) desire to be disconnected from others
B
Which of the following is a technical control that helps secure information flow in an organization? A) The information system enforces approved authorizations for access to the system. B) The information system enforces the organization's policy about human review. C) The information system automatically disables accounts after a time period defined by the organization. D) The information system defines the information to be encrypted or stored offline in a secure location.
B
Which of the following is an accurate definition of a keylogger? A) a process which helps a user increase productivity by deleting spam emails before they reach him B) a monitoring software that records a user's keystrokes C) software that prevents fraudsters from hacking into email accounts D) a program that controls permissions for web traffic into and out of a computer network
B
Which of the following is an accurate definition of digital rights management? A) It deals with provisions that protect the privacy and security of individually identifiable health information. B) It refers to technologies that intellectual property owners use to control access to their digital content. C) It prohibits businesses from sending misleading or deceptive commercial emails, but denies recipients any legal digital recourse on their own. D) It establishes privacy rights over educational records.
B
Which of the following is an accurate definition of multifactor authentication? A) the process of assessing authentication of reports and manuals to prevent duplication B) the process of combining two or more authentication strategies C) the process of assessing authentication of multiple groups using a single strategy D) the process of assigning unique authentication information to copyrighted content in order to prevent resale
B
Which of the following is an accurate definition of scareware? A) It is a kind of anti-spam process which relies on the human desire to use malware. B) It is a kind of social engineering used to persuade people that a computer is infected when it is not. C) It is a type of software that prevents users from downloading malware by displaying warnings. D) It is software which provides a shield against spam and mirrors it back into the network.
B
Which of the following is true of public key encryption? A) The encryption formulas used for creating the keys are simple in nature and identical at both ends. B) The encryption key is widely shared with everyone, while the decryption key is known only to the recipient. C) The private key is used for encryption and is known only to the sender, while the public key is freely distributed among everyone and is used for decryption. D) The public key encryption scheme uses a single key to encrypt data that can later be decrypted by using the encrypted data as the key.
B
Which of the following laws establishes requirements that govern how personally identifiable information on individuals is collected, used, and disseminated by federal agencies? A) the CAN-SPAM Act B) the Privacy Act of 1974 C) the State Security Breach Notification Laws D) the Gramm-Leach-Bliley Act
B
Which of the following principles is consistent with the natural laws and rights ethical framework? A) First, do no harm B) Thou shalt not kill C) The greatest good for the greatest number D) The needs of the many outweigh the needs of the few
B
Which of the following systems are used to combat spam? A) conversational programming systems B) intrusion prevention systems C) executive information systems D) expert systems
B
________ are used to monitor email, web surfing, and other online communications in organizations. A) Proxy servers B) Surveillance technologies C) Trojan horses D) Subnetworks
B
________ help(s) in determining the cause of a security threat in an incidence response plan. A) Reevaluating the risk matrix B) Investigating system logs C) Taking systems offline D) Restricting system access
B
________ is a type of intellectual property theft that involves reproducing the words of another and passing them off as one's own original work, without crediting the source. A) Shadowing B) Plagiarism C) Incitement D) Embezzlement
B
Which of the following administrative control actions helps enforce approved authorizations for access to systems in an organization? A) The organization requires appropriate approvals for requests to establish accounts. B) The organization defines the security policy that determines what events require human review. C) The organization defines the information to be encrypted or stored offline in a secure location. D) The organization separates duties of individuals as necessary to prevent malevolent activity without collusion.
C
Which of the following functions does a firewall perform? A) It ensures security by using multiple authentication strategies for employees. B) It attracts malicious attacks to study their properties and origins. C) It defines which IP addresses or domain names should be blocked. D) It encodes sensitive data to ensure safe transmission across unsecured networks.
C
A cognitive obstacle to strong passwords is the limited capacity of human memory.
True
A computer which is infected with malware and is added to a group's growing botnet is known as a zombie.
True
A drawback of using proxy servers for online anonymity is the need to rely on the company that operates the proxy servers and its promise to protect its customers' identities.
True
Liability is a powerful driver for surveillance as employers are held responsible for employees' offensive emails or web-surfing habits.
True
The downside of using surveillance techniques at work is that it pits management against staff.
True
The incidence response plan is used by organizational staff to categorize threats, determine the cause, preserve evidence, and get the systems back online.
True
The single sign-on is a gateway service that permits users to log in once with a single user ID and password to gain access to multiple software applications.
True
When a person tries to judge what action would create the greatest good for the greatest number, he or she is using a utilitarian scheme.
True
Which of the following is a drawback of using a proxy server to ensure online anonymity? A) the parasitic and unauthorized use of hundreds of computer systems owned by individuals for masking online identity B) the lack of uniform and binding legislation across different countries that determines the legality of using proxy servers C) the need to rely on the promise of the company that operates the proxy to protect its customers' identities D) the inability to consistently ensure online anonymity, especially when government agencies are among the parties involved
C
Which of the following is an accurate description of the Privacy Act of 1974? A) It prohibits businesses from sending misleading or deceptive commercial emails but denies recipients any legal recourse on their own. B) It stipulates how financial institutions are required to protect the privacy of consumers' personal financial information and notify them of their privacy policies annually. C) It establishes requirements that govern how personally identifiable information on individuals is collected, used, and disseminated by federal agencies. D) It requires organizations to notify state residents if sensitive data are released.
C
Which of the following methods is often used for phishing purposes? A) posting harmless videos on websites B) monitoring a user's keystrokes C) soliciting personal information through emails D) infecting computers with self-replicating programs that slow down the systems
C
Which of the following statements is true of information privacy? A) It is most easily achieved online and is impossible to maintain on paper. B) It is governed by laws that are universal in all countries. C) It refers to the protection of data about individuals. D) It emphasizes the importance of sharing data over protecting personally identifiable information.
C
________ consists of intangible assets which are expressions of the human mind that give the creator of the property the right to its commercial value. A) Immovable property B) Freehold property C) Intellectual property D) Public property
C
________ is an ethical framework that judges the morality of an action based on how well it adheres to broadly accepted rules, regardless of the action's actual consequences. A) Utilitarianism B) Legal positivism C) Natural laws and rights D) Rationalism
C
A ________ is a technical control that inspects a network's incoming and outgoing traffic and either blocks or permits it according to rules the organization establishes. A) botnet B) Trojan horse C) keylogger D) firewall
D
Digital rights management (DRM) offers IP holders the benefit of ________. A) preventing loss of critical organization data B) collaborating online to create open source products C) adding visual appeal to their digital products D) offering technological protection for their products
D
Margaret O'Connor is an upcoming poet from Georgia who recently updated her blog with her piece of writing titled, "Shadows." One of her readers copied her piece onto his own blog and passed it off as his original work. This is an example of ________. A) online identity theft B) embezzlement C) shadowing D) plagiarism
D
The term ________ refers to software that monitors a user's activity on a computer and on the Internet, often installed without the user's knowledge. A) honeypot B) browser C) black swan D) spyware
D
Which of the following is an advantage of online anonymity? A) It increases individuals' accountability and makes them feel responsible for their own actions. B) It helps in the prosecution of spammers, and other cyber criminals. C) It helps people participate in face-to-face meetings where they reveal personal details without fear of disclosure. D) It protects corporate whistleblowers and political activists in oppressive regimes.
D
Which of the following statements is true of honeypots? A) They deny the entry or exit of specific IP addresses, products, Internet domains, and enforce other communication restrictions. B) They are highly restrictive programs that permit communication only with approved entities and/or in an approved manner. C) They traverse available web links in an attempt to discover documents for indexing and retrieval. D) They have specific vulnerabilities that attract different varieties of malware in the wild.
D
________ is a process which transforms data using mathematical formulas, so that no one can read the data unless they know the key to unscrambling it. A) Wear leveling B) Write amplification C) Decipherment D) Encryption
D
________ makes it more difficult for a hacker to break into passwords. A) Creating easy to remember passwords B) Reusing the same password in news and games sites through multiple systems C) Maintaining a single, secure password for all accounts D) Creating passwords with symbols, mixed cases, and characters
D
________ refers to an attempt to steal passwords or other sensitive information by persuading the victim to enter the information into a fraudulent website that masquerades as the authentic version. A) Whitelisting B) Keylogging C) Egress filtering D) Phishing
D
A ________ is a self-replicating program that sends copies to other nodes on a computer network and may contain malicious code intended to cause damage. A) honeypot B) worm C) Trojan horse D) cookie
B
A ________ is an intermediary server that receives and analyzes requests from clients and then directs them to their destinations. A) captive portal B) proxy C) firewall D) keylogger
B
A single sign-on is implemented by organizations for the purpose of ________. A) ensuring that unique passwords are used to securely access single software applications any number of times B) reducing the cognitive load associated with multiple passwords C) helping a user sign on through the process of fingerprint identification D) defining which IP addresses and domain names can be accessed from an organization's computers
B
Halcyon, an e-publisher, has recently decided to use an information system that administers the way its customers access its online publications. The system assigns each customer with a unique ID, maintains records of the books purchased by them, encrypts electronic documents for transmission, and includes options to order hard copies of the electronic documents they read online. Which of the following refers to the set of technologies used in this case? A) online identity management (OIM) B) digital rights management (DRM) C) Internet resource management (IRM) D) inventory management (IM)
B
The term ________ refers to a seemingly harmless or useful program that installs malicious code allowing remote access to a computer, as for a botnet. A) honeypot B) Trojan horse C) firewall D) black swan
B
According to the incidence response plan, which of the following would be most useful in containing any damage caused by a security threat? A) preserve evidence of damage done B) reevaluate risk matrix C) restrict system access D) investigate system logs for evidence
C
An incidence response plan is created for the purpose of ________. A) managing discussion forums efficiently B) responding to customers' feedback C) avoiding chaos and missteps D) improving communication modes
C
Enforcing intellectual property laws becomes difficult when ________. A) it is used for commercial purposes B) the protection of intellectual property involves immovable assets C) it is digitized D) it comprises tangible assets
C
In Internet terminology, a worm refers to a(n) ________. A) email program created not for communication but to lure spam B) software program that attracts malicious attacks in order to study their properties and origins C) self-replicating program that sends copies to other nodes on a computer network D) software tool used to inspect incoming and outgoing traffic to a computer network
C
Janet received an email that contained a link to a website that imitated the authentic website of her bank. The email requested her to key in her credit card number, her Social Security number, and her date of birth. She later found that her credit card was fraudulently charged for transactions she never made. It is inferred from this case that Janet is a victim of ________. A) distributed denial of service B) keylogging C) phishing D) cache poisoning
C
One way to identify a threat in an incident response plan is to ________. A) prosecute the offender for security risk B) improve system efficiency C) communicate with a crisis management team D) preserve evidence of security breach
C
The term ________ refers to configured computers with specific vulnerabilities so they can attract different varieties of malware in the wild, study their properties, and find out who started them. A) expert systems B) web crawlers C) honeypots D) server farms
C
What is the first step involved in risk management? A) determining the cause of damage B) evaluating controls and filling in security gaps C) understanding what information assets need protection D) recovering the system from damage
C
What is the step involved in risk management after vulnerabilities of an organization have been examined? A) determination of the source of threats B) assessment of threats C) evaluation of controls that fill in security gaps D) finalization of broadly defined goals
C
When does a computer become a zombie? A) when it becomes immune to botnets B) when it enters a secure site C) when it is infected by malware D) when it is hidden behind a firewall
C
All ethical actions are legal, but not all legal actions are ethical.
False
Biometric identifiers refer to something the user knows, such as a user ID, password, PIN, or answer to a security question.
False
Botnets are computers configured with specific vulnerabilities to attract different varieties of malware in the wild, study their properties, and determine who started them.
False
Digitization of intellectual property (IP) results in better enforcement of IP laws.
False
Honeypots are human-made threats that barrage servers and computers every day with automated attempts to install all types of malware.
False
Laws always result from the pushes and pulls of lobbying efforts, political pressures, and have nothing to do with ethics.
False
Laws cover all ethical principles because they are grounded in ethical principles.
False
Plagiarism refers to borrowing the words of another and crediting the source.
False
Social engineering refers to extracting confidential information from information systems through legal procedures.
False
Using fake names, nicknames, free email, and public computers ensures that one is perfectly
False