Chapter 8 MIS Questions
21) ________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems. A) "Security" B) "Controls" C) "Benchmarking" D) "Algorithms"
A
25) Specific security challenges that threaten the communications lines in a client/server environment include: A) tapping; sniffing; message alteration; radiation. B) hacking; vandalism; denial of service attacks. C) theft, copying, alteration of data; hardware or software failure. D) unauthorized access; errors; spyware.
A
28) The Internet poses specific security problems because: A) it was designed to be easily accessible. B) Internet data is not run over secure lines. C) Internet standards are universal. D) it changes so rapidly.
A
32) In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, a small program called Mitglieder was downloaded to the user's machine. The program enabled outsiders to infiltrate the user's machine. What type of malware is this an example of? A) Trojan horse B) Virus C) Worm D) Spyware
A
36) Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n) ________ attack. A) DDoS B) DoS C) SQL injection D) phishing
A
39) Phishing is a form of: A) spoofing. B) logging. C) sniffing. D) driving.
A
42) Pharming involves: A) redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser. B) pretending to be a legitimate business's representative in order to garner information about a security system. C) setting up fake Web sites to ask users for confidential information. D) using e-mails for threats or harassment.
A
47) The Gramm-Leach-Bliley Act: A) requires financial institutions to ensure the security of customer data. B) specifies best practices in information systems security and control. C) imposes responsibility on companies and management to safeguard the accuracy of financial information. D) outlines medical security and privacy rules.
A
50) Your company, an online clothing store, has calculated that a loss of Internet connectivity for 5 hours results in a potential loss of $1,000 to $2,000 and that there is a 50% chance of this occurring. What is the annual expected loss from this exposure? A) $750 B) $1,000 C) $1,500 D) $3,000
A
66) All of the following are types of information systems general controls except: A) application controls. B) computer applications controls. C) physical hardware controls. D) administrative controls.
A
40) An example of phishing is: A) setting up a bogus Wi-Fi hot spot. B) setting up a fake medical Web site that asks users for confidential information. C) pretending to be a utility company's employee in order to garner information from that company about their security system. D) sending bulk e-mail that asks for financial aid under a false pretext.
B
44) Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called: A) sniffing. B) social engineering. C) phishing. D) pharming.
B
56) Rigorous password systems: A) are one of the most effective security tools. B) may hinder employee productivity. C) are costly to implement. D) are often disregarded by employees.
B
60) Which of the following is a type of ambient data? A) Computer log containing recent system errors B) A file deleted from a hard disk C) A file that contains an application's user settings D) A set of raw data from an environmental sensor
B
64) In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key? A) SSL B) Symmetric key encryption C) Public key encryption D) Private key encryption
B
68) In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data. A) high availability computing B) deep-packet inspection C) application proxy filtering D) stateful inspection
B
52) ________ controls ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage. A) Software B) Administrative C) Data security D) Implementation
C
57) An authentication token is a(n): A) device the size of a credit card that contains access permission data. B) type of smart card. C) gadget that displays passcodes. D) electronic marker attached to a digital authorization file.
C
58) Biometric authentication: A) is inexpensive. B) is used widely in Europe for security applications. C) can use a person's voice as a unique, measurable trait. D) only uses physical measurements for identification.
C
74) Computer forensics tasks include all of the following except: A) presenting collected evidence in a court of law. B) securely storing recovered electronic data. C) collecting physical evidence on the computer. D) finding significant information in a large volume of electronic data.
C
9) Which of the following statements about the Internet security is not true? A) The use of P2P networks can expose a corporate computer to outsiders. B) A corporate network without access to the Internet is more secure than one that provides access. C) VoIP is more secure than the switched voice network. D) Instant messaging can provide hackers access to an otherwise secure network.
C
22) ________ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards. A) "Legacy systems" B) "SSID standards" C) "Vulnerabilities" D) "Controls"
D
26) Specific security challenges that threaten clients in a client/server environment include: A) tapping; sniffing; message alteration; radiation. B) hacking; vandalism; denial of service attacks. C) theft, copying, alteration of data; hardware or software failure. D) unauthorized access; errors; spyware.
D
38) Which of the following is not an example of a computer used as an instrument of crime? A) Theft of trade secrets B) Intentionally attempting to intercept electronic communication C) Unauthorized copying of software D) Breaching the confidentiality of protected computerized data
D
41) Evil twins are: A) Trojan horses that appears to the user to be a legitimate commercial software application. B) e-mail messages that mimic the e-mail messages of a legitimate business. C) fraudulent Web sites that mimic a legitimate business's Web site. D) bogus wireless network access points that look legitimate to users.
D
62) Currently, the protocols used for secure information transfer over the Internet are: A) TCP/IP and SSL. B) S-HTTP and CA. C) HTTP and TCP/IP. D) SSL, TLS, and S-HTTP.
D
75) ________ identify the access points in a Wi-Fi network. A) NICs B) Mac addresses C) URLs D) SSIDs
D
78) Comprehensive security management products, with tools for firewalls, VPNs, intrusion detection systems, and more, are called ________ systems. A) DPI B) MSSP C) NSP D) UTM
D
72) Malicious software programs referred to as spyware include a variety of threats such as computer viruses, worms, and Trojan horses.
False
77) Authorization refers to the ability to know that a person is who he or she claims to be.
False
The term cracker is used to identify a hacker whose specialty is breaking open security systems.
False
Smartphones have the same security flaws as other Internet-connected devices.
True
Zero defects cannot be achieved in larger software programs because fully testing programs that contain thousands of choices and millions of paths would require thousands of years.
True
35) Hackers create a botnet by: A) infecting Web search bots with malware. B) using Web search bots to infect other computers. C) causing other people's computers to become "zombie" PCs following a master computer. D) infecting corporate servers with "zombie" Trojan horses that allow undetected access through a back door.
c
37) Which of the following is not an example of a computer used as a target of crime? A) Knowingly accessing a protected computer to commit fraud B) Accessing a computer system without authority C) Illegally accessing stored electronic communication D) Threatening to cause damage to a protected computer
c
61) ________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors. A) Stateful inspections B) Intrusion detection systems C) Application proxy filtering technologies D) Packet filtering technologies
B
69) The development and use of methods to make computer systems resume their activities more quickly after mishaps is called: A) high-availability computing. B) recovery-oriented computing. C) fault-tolerant computing. D) disaster-recovery planning.
B
27) Specific security challenges that threaten corporate servers in a client/server environment include: A) tapping; sniffing; message alteration; radiation. B) hacking; vandalism; denial of service attacks. C) theft, copying, alteration of data; hardware or software failure. D) unauthorized access; errors; spyware.
B
17) SSL is a protocol used to establish a secure connection between two computers.
True
Computer worms spread much more rapidly than computer viruses.
True
