chapter 8 quiz
UTM
Comprehensive security management products, with tools for firewalls, VPNs, intrusion detection systems, and more, are called ________ systems.
collecting physical evidence on the computer.
Computer forensics tasks include all of the following except:
SSL, TLS, and S-HTTP.
Currently, the protocols used for secure information transfer over the Internet are:
uses third-party CAs to validate a user's identity.
A digital certificate system:
enforce a security policy on data exchanged between its network and the Internet.
A firewall allows the organization to:
can use a person's voice as a unique, measurable trait.
Biometric authentication:
may be accessible by anyone who has access to the same network.
Electronic data are more susceptible to destruction, fraud, error, and misuse because information systems concentrate data in computer files that:
bogus wireless network access points that look legitimate to users.
Evil twins are:
fault-tolerant computer systems.
For 100 percent availability, online transaction processing requires:
causing other people's computers to become "zombie" PCs following a master computer.
Hackers create a botnet by:
They issue patches.
How do software vendors correct flaws in their software after it has been distributed?
Trojan horse
In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, a small program called Mitglieder was downloaded to the user's machine. The program enabled outsiders to infiltrate the user's machine. What type of malware is this an example of?
deep-packet inspection
In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.
Symmetric key encryption
In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key
vulnerable to many more kinds of threats
Large amounts of data stored in electronic form are ________ than the same data in manual form.
only those viruses already known when the software is written.
Most antivirus software is effective against:
redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.
Pharming involves:
spoofing.
Phishing is a form of:
spoofing.
Redirecting a Web link to a different address is a form of:
may hinder employee productivity.
Rigorous password systems:
MSSPs.
Smaller firms may outsource some or many security functions to:
unauthorized access; errors; spyware.
Specific security challenges that threaten clients in a client/server environment include:
hacking; vandalism; denial of service attacks.
Specific security challenges that threaten corporate servers in a client/server environment include:
tapping; sniffing; message alteration; radiation.
Specific security challenges that threaten the communications lines in a client/server environment include:
) security policy.
Statements ranking information risks and identifying security goals are included in a(n):
requires financial institutions to ensure the security of customer data.
The Gramm-Leach-Bliley Act:
outlines medical security and privacy rules.
The HIPAA Act of 1996:
it was designed to be easily accessible.
The Internet poses specific security problems because:
imposes responsibility on companies and management to safeguard the accuracy of financial information.
The Sarbanes-Oxley Act:
recovery-oriented computing.
The development and use of methods to make computer systems resume their activities more
e-mail.
The most common type of electronic evidence is:
social engineering.
Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called:
DDoS
Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n) ________ attack.
A file deleted from a hard disk
Which of the following is a type of ambient data?
Illegally accessing stored electronic communication
Which of the following is not an example of a computer used as a target of crime?
) Breaching the confidentiality of protected computerized data
Which of the following is not an example of a computer used as an instrument of crime?
WPA2
Which of the following specifications replaces WEP with a stronger security standard that features changing encryption keys?
VoIP is more secure than the switched voice network.
Which of the following statements about the Internet security is not true?
Employees
You have been hired as a security consultant for a law firm. Which of the following constitutes the greatest source of security threats to the firm?
$750
Your company, an online clothing store, has calculated that a loss of Internet connectivity for 5 hours results in a potential loss of $1,000 to $2,000 and that there is a 50% chance of this occurring. What is the annual expected loss from this exposure?
Data security
________ controls ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage.
Controls
________ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards.
"Security"
________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.
Intrusion detection systems
________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.
SSIDs
identify the access points in a Wi-Fi network.
Identity theft
is a crime in which an imposter obtains key pieces of personal information to impersonate someone else.
cyberwarfare
A foreign country attempting to access government networks in order to disable a national power grid would be an example of:
spyware.
A keylogger is a type of:
war driving.
A practice in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic is referred to as:
click fraud.
A salesperson clicks repeatedly on the online ads of a competitor's in order to drive the competitor's advertising costs up. This is an example of:
application controls.
All of the following are types of information systems general controls except:
gadget that displays passcodes.
An authentication token is a(n):
setting up a fake medical Web site that asks users for confidential information.
An example of phishing is:
worm.
An independent computer program that copies itself from one computer to another over a network is called a:
risk assessment.
Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n):
can be classified as input controls, processing controls, and output controls.
Application controls:
