is ch 7, ch 8 multiple choice
________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alternation, theft, or physical damage to information systems. A) "Security" B) "Controls" C) "Benchmarking" D) "Algorithms"
A) "Security"
Approximately how many new threats from malware were detected by Internet security firms in 2012? A) 400 thousand B) 4 million C) 40 million D) 400 million
A) 400 thousand
Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n) ________ attack. A) DDoS B) DoS C) SQL injection D) phishing
A) DDoS
Which digital cellular standard is used widely throughout the world except the United States? A) GSM B) CDMA C) WLAN D) LTD
A) GSM
Which protocol is the Internet based on? A) TCP/IP B) FTP C) packet-switching D) HTTP
A) TCP/IP
In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, a small program called Mitglieder was downloaded to the user's machine. The program enabled outsiders to infiltrate the user's machine. What type of malware is this an example of? A) Trojan horse B) virus C) worm D) spyware
A) Trojan horse
To use the analog telephone system for sending digital data, you must also use A) a modem. B) a router. C) DSL. D) twisted wire
A) a modem.
All of the following are physical components of an RFID system except A) bar code. B) antenna. C) radio transmitters. D) tags.
A) bar code.
The total amount of digital information that can be transmitted through any telecommunications medium is measured in A) bps. B) Hertz. C) baud. D) gigaflops.
A) bps.
Application controls A) can be classified as input controls, processing controls, and output controls. B) govern the design, security, and use of computer programs and the security of data files in general throughout the organization. C) apply to all computerized applications and consist of a combination of hardware, software, and manual procedures that create an overall control environment. D) include software controls, computer operations controls, and implementation controls.
A) can be classified as input controls, processing controls, and output controls.
In TCP/IP, IP is responsible for A) disassembling and reassembling of packets during transmission. B) establishing an Internet connection between two computers. C) moving packets over the network. D) sequencing the transfer of packets.
A) disassembling and reassembling of packets during transmission
A(n) ________ system is used to identify and authorize different categories of system users and specify which portions of the organization's systems each user can access. A) identity management B) AUP C) authentication D) firewall
A) identity management
A VPN A) is an encrypted private network configured within a public network. B) is more expensive than a dedicated network. C) provides secure, encrypted communications using Telnet. D) is an Internet-based service for delivering voice communications.
A) is an encrypted private network configured within a public network.
The Internet poses specific security problems because A) it was designed to be easily accessible. B) Internet data is not run over secure lines. C) Internet standards are universal. D) it changes so rapidly.
A) it was designed to be easily accessible.
Digital subscriber lines A) operate over existing telephone lines to carry voice, data, and video. B) operate over coaxial lines to deliver Internet access. C) are very-high-speed data lines typically leased from long-distance telephone companies. D) have up to twenty-four 64-Kbps channels
A) operate over existing telephone lines to carry voice, data, and video.
Which type of network treats all processors equally, and allows peripheral devices to be shared without going to a separate server? A) peer-to-peer B) wireless C) LAN D) Windows domain network
A) peer-to-peer
A firewall allows the organization to A) prevent unauthorized communication both into and out of the network. B) monitor network hot spots for signs of intruders. C) prevent known spyware and malware from entering the system. D) all of the above
A) prevent unauthorized communication both into and out of the network.
Pharming involves A) redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser. B) pretending to be a legitimate business's representative in order to garner information about a security system. C) setting up fake Web sites to ask users for confidential information. D) using e-mails for threats or harassment.
A) redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.
The Gramm-Leach-Bliley Act A) requires financial institutions to ensure the security of customer data. B) specifies best practices in information systems security and control. C) imposes responsibility on companies and management to safeguard the accuracy of financial information. D) outlines medical security and privacy rules.
A) requires financial institutions to ensure the security of customer data.
In which technique are network communications analyzed to see whether packets are part of an ongoing dialogue between a sender and a receiver? A) stateful inspection B) intrusion detection system C) application proxy filtering D) packet filtering
A) stateful inspection
All of the following are methods of ensuring software quality except for A) systems analysis. B) walkthroughs. C) software testing. D) internal corporate back-end system
A) systems analysis.
The concept of a future Web in which it is commonplace for everyday objects to be connected, controlled or monitored over the Internet is called A) the Web of things. B) the Semantic Web. C) Internet2. D) a 3-D Web
A) the Web of things.
The child domain of the root is the A) top-level domain. B) second-level domain. C) host name. D) domain extension
A) top-level domain.
Which process is used to protect transmitted data in a VPN? A) tunneling B) PPP C) VOIP D) packet-switching
A) tunneling
Together, a protocol prefix, a domain name, a directory path, and a document name, are called a(n) A) uniform resource locator. B) IP address. C) third-level domain. D) root domain.
A) uniform resource locator.
A digital certificate system A) uses third-party CAs to validate a user's identity. B) uses digital signatures to validate a user's identity. C) uses tokens to validate a user's identity. D) is used primarily by individuals for personal correspondence.
A) uses third-party CAs to validate a user's identity.
An independent computer program that copies itself from one computer to another over a network is called a A) worm. B) Trojan horse. C) bug. D) pest.
A) worm.
What service converts IP addresses into more recognizable alphanumeric names? A) HTML B) DNS C) IP D) HTTP
B) DNS
Web browser software requests Web pages from the Internet using which protocol? A) URL B) HTTP C) DNS D) HTML
B) HTTP
Which type of network is used to connect digital devices within a half-mile or 500-meter radius? A) Wi-Fi B) LAN C) WAN D) MAN
B) LAN
A network that spans a city, and sometimes its major suburbs as well, is called a A) CAN. B) MAN. C) LAN. D) WAN.
B) MAN.
What technology allows people to have content pulled from Web sites and fed automatically to their computers? A) FTP B) RSS C) HTTP D) Bluetooth
B) RSS
In a telecommunications network architecture, a protocol is A) a device that handles the switching of voice and data in a local area network. B) a standard set of rules and procedures for control of communications in a network. C) a communications service for microcomputer users. D) the main computer in a telecommunications network.
B) a standard set of rules and procedures for control of communications in a network. C
Electronic evidence on computer storage media that is not visible to the average user is called ________ data. A) defragmented B) ambient C) forensic D) fragmented
B) ambient
Inputting data into a poorly programmed Web form in order to disrupt a company's systems and networks is called A) a Trojan horse. B) an SQL injection attack. C) key logging. D) a DDoS attack.
B) an SQL injection attack.
In the domain name "http://books.azimuth-interactive.com", which element is the second- level domain? A) books B) azimuth-interactive C) com D) none; there is no second-level domain in this name
B) azimuth-interactive
Sniffing is a security challenge that is most likely to occur in which of the following points of a corporate network? A) client computer B) communications lines C) corporate servers D) internal corporate back-end system
B) communications lines
Downtime refers to periods of time in which a A) computer system is malfunctioning. B) computer system is not operational. C) company or organization is not operational. D) computer is not online.
B) computer system is not operational.
IPv6 is being developed in order to A) update the packet transmission protocols for higher bandwidth. B) create more IP addresses. C) allow for different levels of service. D) support Internet2.
B) create more IP addresses.
in controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data. A) high availability computing B) deep-packet inspection C) application proxy filtering D) stateful inspection
B) deep-packet inspection
You have been hired as a security consultant for a law firm. Which of the following constitutes the greatest source of security threats to the firm? A) wireless network B) employees C) authentication procedures D) lack of data encryption
B) employees
Passive RFID tags A) have their own power source. B) have a range of several feet. C) enable data to be rewritten and modified. D) are used in automated toll-collection systems.
B) have a range of several feet.
One or more access points positioned on a ceiling, wall, or other strategic spot in a public place to provide maximum wireless coverage for a specific area are referred to as A) touch points. B) hotspots. C) hot points. D) wireless hubs.
B) hotspots.
How do software vendors correct flaws in their software after it has been distributed? A) issue bug fixes B) issue patches C) re-release software D) issue updated versions
B) issue patches
Which of the following is the greatest threat that employees pose to an organization's information systems? A) forgetting passwords B) lack of knowledge C) entering faulty data D) introducing software errors
B) lack of knowledge
Based on your reading of the examples in the chapter, what would be the best use of RFID for a business? A) logging transactions B) managing the supply chain C) lowering network costs D) enabling client communication
B) managing the supply chain
Rigorous password systems A) are one of the most effective security tools. B) may hinder employee productivity. C) are costly to implement. D) are often disregarded by employees.
B) may hinder employee productivity.
WSNs are designed for A) connecting multiple wireless computing devices. B) monitoring the physical environment. C) increasing the reach of Wi-Fi networks. D) tracking the movement of goods in a supply chain.
B) monitoring the physical environment.
The method of slicing digital messages into parcels, transmitting them along different communication paths, and reassembling them at their destinations is called A) multiplexing. B) packet switching. C) packet
B) packet switching.
The development and use of methods to make computer systems resume their activities more quickly after mishaps is called A) high availability computing. B) recovery oriented computing. C) fault tolerant computing. D) disaster recovery planning.
B) recovery oriented computing.
An example of phishing is A) setting up bogus Wi-Fi hot spots. B) setting up a fake medical Web site that asks users for confidential information. C) pretending to be a utility company's employee in order to garner information from that company about their security system. D) sending bulk e-mail that asks for financial aid under a false pretext.
B) setting up a fake medical Web site that asks users for confidential information.
Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called A) sniffing. B) social engineering. C) phishing. D) pharming.
B) social engineering.
Redirecting a Web link to a different address is a form of A) snooping. B) spoofing. C) sniffing. D) war driving.
B) spoofing
The device that acts as a connection point between computers and can filter and forward data to a specified destination is called a(n) A) hub. B) switch. C) router. D) NIC
B) switch.
In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key? A) SSL B) symmetric key encryption C) public key encryption D) private key encryption
B) symmetric key encryption
The WiMax standard can transmit up to a distance of approximately A) 30 meters. B) 500 meters. C) 30 miles. D) 5 miles.
C) 30 miles.
The most common Web server today, controlling 59 percent of the market, is A) Microsoft IIS. B) WebSTAR. C) Apache HTTP Server. D) Netscape Server
C) Apache HTTP Server.
______ controls ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage. A) Software B) Administrative C) Data security D) Implementation
C) Data security
4G networks are also known as ________ networks. A) GSM B) CDMA C) LTD D) T-Mobile
C) LTD
Smaller firms may outsource some or many security functions to A) ISPs. B) MISs. C) MSSPs. D) CAs.
C) MSSPs.
Which of the following is not a characteristic of packet switching? A) Packets travel independently of each other. B) Packets are routed through many different paths. C) Packet switching requires point-to-point circuits. D) Packets include data for checking transmission errors.
C) Packet switching requires point-to-point circuits.
Which type of network would be most appropriate for a business that comprised three employees and a manager located in the same office space, whose primary need is to share documents? A) MAN B) Domain-based LAN C) Peer-to-peer network D) WAN
C) Peer-to-peer network
Which of the following is not one of the challenges in securing wireless networks? A) broadcasted SSIDs B) scannability of radio frequency bands C) SQL injection attacks D) geographic range of wireless signals
C) SQL injection attacks
Which of the following statements about the Internet security is not true? A) The use of P2P networks can expose a corporate computer to outsiders. B) A corporate network without access to the Internet is more secure than one provides access. C) VoIP is more secure than the switched voice network. D) Instant messaging can provide hackers access to an otherwise secure network.
C) VoIP is more secure than the switched voice network.
The 802.11 set of standards is known as A) WLAN. B) WSN. C) Wi-Fi. D) WiMax
C) Wi-Fi.
What are the four layers of the TCP/IP reference model? A) physical, application, transport, and network interface B) physical, application, Internet, and network interface C) application, transport, Internet, and network interface D) application, hardware, Internet, and network interface
C) application, transport, Internet, and network interface
T1 lines A) operate over existing telephone lines to carry voice, data, and video. B) operate over coaxial lines to deliver Internet access. C) are high-speed, leased data lines providing guaranteed service levels. D) have up to twenty-four 64-Kbps channels.
C) are high-speed, leased data lines providing guaranteed service levels.
Hackers create a botnet by A) infecting Web search bots with malware. B) using Web search bots to infect other computers. C) causing other people's computers to become "zombie" PCs following a master computer. D) infecting corporate servers with "zombie" Trojan horses that allow undetected access through a back door.
C) causing other people's computers to become "zombie" PCs following a master computer.
The Internet is based on which three key technologies? A) TCP/IP, HTML, and HTTP B) TCP/IP, HTTP, and packet switching C) client/server computing, packet switching, and the development of communications standards for linking networks and computers D) client/server computing, packet switching, and HTTP
C) client/server computing, packet switching, and the development of communications standards for linking networks and computers
Bandwidth is the A) number of frequencies that can be broadcast through a medium. B) number of cycles per second that can be sent through a medium. C) difference between the highest and lowest frequencies that can be accommodated on a single channel. D) total number of bytes that can be sent through a medium per second.
C) difference between the highest and lowest frequencies that can be accommodated on a single channel.
Bluetooth can be used to link up to ________ devices within a 10-meter area using low- power, radio-based communication. A) four B) six C) eight D) ten
C) eight
For 100% availability, online transaction processing requires A) high-capacity storage. B) a multi-tier server network. C) fault-tolerant computer systems. D) dedicated phone lines.
C) fault-tolerant computer systems.
An authentication token is a(n) A) device the size of a credit card that contains access permission data. B) type of smart card. C) gadget that displays passcodes. D) electronic marker attached to a digital authorization file.
C) gadget that displays passcodes
Which of the following is not a trait used for identification in biometric systems? A) retinal image B) voice C) hair color D) face
C) hair color
Electronic data are more susceptible to destruction, fraud, error, and misuse because information systems concentrate data in computer files that A) are usually bound up in legacy systems that are difficult to access and difficult to correct in case of error. B) are not secure because the technology to secure them did not exist at the time the files were created. C) have the potential to be accessed by large numbers of people and by groups outside of the organization. D) are frequently available on the Internet.
C) have the potential to be accessed by large numbers of people and by groups outside of the organization.
Which of the following is not an example of a computer used as a target of crime? A) knowingly accessing a protected computer to commit fraud B) accessing a computer system without authority C) illegally accessing stored electronic communication D) threatening to cause damage to a protected computer
C) illegally accessing stored electronic communication
The Sarbanes-Oxley Act A) requires financial institutions to ensure the security of customer data. B) specifies best practices in information systems security and control. C) imposes responsibility on companies and management to safeguard the accuracy of financial information. D) outlines medical security and privacy rules.
C) imposes responsibility on companies and management to safeguard the accuracy of financial information.
Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n) A) security policy. B) AUP. C) risk assessment. D) business impact analysis.
C) risk assessment
_____ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards. A) "Legacy systems" B) "SSID standards" C) "Vulnerabilities" D) "Controls"
D) "Controls"
Which of the following is the first generation of cellular systems suitable for watching videos? A) 2G B) 2.5G C) 3G D) 4G
D) 4G
The most appropriate wireless networking standard for creating PANs is A) I-mode. B) IEEE 802.11b. C) Wi-Fi. D) Bluetooth.
D) Bluetooth.
Which organization helps define the overall structure of the Internet? A) none (no one "owns" the Internet) B) W3C C) ICANN D) IAB
D) IAB
Which of the following statements about RFID is not true? A) RFIDs transmit only over a short range. B) RFIDs use an antenna to transmit data. C) Microchips embedded in RFIDs are used to store data. D) RFIDs require line-of-sight contact to be read.
D) RFIDs require line-of-sight contact to be read.
The process of employing techniques to help a Web site achieve a higher ranking with the major search engines is called A) VPN. B) IAB. C) SEM. D) SEO
D) SEO
Currently, the protocols used for secure information transfer over the Internet are A) TCP/IP and SSL. B) S-HTTP and CA. C) HTTP and TCP/IP. D) SSL, TLS, and S-HTTP.
D) SSL, TLS, and S-HTTP.
Which of the following statements is not true about search engines? A) They are arguably the Internet's "killer app." B) They have solved the problem of how users instantly find information on the Internet. C) They are monetized almost exclusively by search engine marketing. D) There are hundreds of search engines vying for user attention, with no clear leader having yet emerged
D) There are hundreds of search engines vying for user attention, with no clear leader having yet emerged
_______ integrate(s) disparate channels for voice communications, data communications, instant messaging, e-mail, and electronic conferencing into a single experience. A) Wireless networks B) Intranets C) Virtual private networks D) Unified communications
D) Unified communications
Which signal types are represented by a continuous waveform? A) laser B) optical C) digital D) analog
D) analog
Evil twins are A) Trojan horses that appears to the user to be a legitimate commercial software application. B) e-mail messages that mimic the e-mail messages of a legitimate business. C) fraudulent Web sites that mimic a legitimate business's Web site. D) bogus wireless network access points that look legitimate to users.
D) bogus wireless network access points that look legitimate to users.
Which of the following is not an example of a computer used as an instrument of crime? A) theft of trade secrets B) intentionally attempting to intercept electronic communication C) unauthorized copying of software D) breaching the confidentiality of protected computerized data
D) breaching the confidentiality of protected computerized data
The telephone system is an example of a ________ network. A) peer-to-peer B) wireless C) packet-switched D) circuit-switched
D) circuit-switched
A salesperson clicks repeatedly on the online ads of a competitor's in order to drive the competitor's advertising costs up. This is an example of A) phishing. B) pharming. C) spoofing. D) click fraud.
D) click fraud.
The most common type of electronic evidence is A) voice-mail. B) spreadsheets. C) instant messages. D) e-mail.
D) e-mail.
Most antivirus software is effective against A) only those viruses active on the Internet and through e-mail. B) any virus. C) any virus except those in wireless communications applications. D) only those viruses already known when the software is written.
D) only those viruses already known when the software is written.
The HIPAA Act A) requires financial institutions to ensure the security of customer data. B) specifies best practices in information systems security and control. C) imposes responsibility on companies and management to safeguard the accuracy of financial information. D) outlines medical security and privacy rules.
D) outlines medical security and privacy rules.
Which of the following is not one of the main firewall screening techniques? A) application proxy filtering B) static packet filtering C) NAT D) secure socket filtering
D) secure socket filtering
A keylogger is a type of A) worm. B) Trojan horse. C) virus. D) spyware.
D) spyware.
Which of the following services enables logging on to one computer system and working on another? A) FTP B) World Wide Web C) newsgroups D) telnet
D) telnet
A network that covers entire geographical regions is most commonly referred to as a(n) A) local area network. B) intranet. C) peer-to-peer network. D) wide area network
D) wide area network
Instant messaging is a type of ________ service. A) chat B) cellular C) e-mail D) wireless
a
