CH 4 MIS 301
What are the three types of software attacks?
1. Remote attacks requiring user action 2. Remote attacks requiring no user action 3. Software attacks initiated by programmers during the development of a system
Please differentiate among a threat, an exposure, and a vulnerability.
A threat is any danger that an information resource may be exposed. An exposure is the harm or loss or damage if a threat compromises an information resource. A vulnerability is the possibility that an information resource will be harmed by a threat.
A firewall is a _______ control. A. communication B. physical C. virtual D. access
A. Communication
Which of the following is FALSE? A. Mainframes make it easy to communicate freely and seamlessly with everyone. B. Thumb drives make it easy to steal huge amounts of sensitive information. C. Management doesn't always support security efforts. D. It is easier to be a hacker nowadays.
A. Mainframes make it easy to communicate freely and seamlessly with everyone.
_____________________ is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords. A. Social engineering B. Dumpster diving C. Tailgating D. Shoulder surfing
A. Social engineering
Phishing is an example of __________. A. Software attack B. Copyright infringement C. Sabotage D. Espionage
A. Software attack
_________ is the possibility that the system will be harmed by a threat. A. Vulnerability B. Exposure C. Security D. Threat
A. Vulnerability
Cybercriminals _________ A. target known software security weaknesses. B. are violent criminals. C. can be easily arrested, once they are found. D. don't make that much money; they do it for fun.
A. target known software security weaknesses.
Wireless is a(n) inherently _________ network. A. untrusted B. trusted C. useful D. neutral
A. untrusted
What is an unintentional threat to an information system?
An unintentional threat represents a serious threat to information security but appear without malicious intent. Many of the unintentional threats are results of human error.
Differentiate between authentication and authorization. Which one of these processes is always performed first?
Authentication is the confirmation of the identification of the person requiring access. On the other hand, authorization determines which actions, rights, or privileges a person has, based on his or her verified identification. Of the two, authentication is always performed first.
If you have an empty building you can move into if your primary location is destroyed, you've implemented a _________ site. A. Hot B. Cold C. Neutral D. Warm
B. Cold
The Heartbleed bug is an encryption security flaw in the ___________ software package that was an _____________ mistake by the software developer. A. Microsoft; unintended B. OpenSSL; unintended C. OpenSSL; intended D. Microsoft; intended
B. OpenSSL; unintended
The airport's self check-in computers are a(n) __________ threat. A. outside B. hardware C. software D. employee
B. hardware
A smart ID card is something the user _______. A. Knows B. Does C. Has D. Is
C. Has
Biometrics is something the user _______. A. Has B. Knows C. Is D. Does
C. Is
_______________ is a process whereby the organization takes concrete actions against risks, such as implementing controls and developing a disaster recovery plan. A. Risk management B. Risk analysis C. Risk mitigation D. Risk
C. Risk mitigation
You start browsing your favorite home improvement company's website and notice someone has changed all the logos to their main competitor's logos. This is an example of ___________. A. Identity theft B. Information extortion C. Sabotage D. Espionage
C. Sabotage
_________ is any danger to which a system may be exposed. A. Security B. Information security C. Threat D. Exposure
C. Threat
Coca-Cola's formula is an example of a ___________. A. Copyright B. Patent C. Trade secret D. All of above
C. Trade Secret
Which of the following is NOT one of the most dangerous employees to information security? A. Janitors B. HR employees C. Accountants D. MIS employees
C. accountants
_________ is one common example of SSL. A. wwws B. http C. https D. www
C. https
A ___________ is a remote attack requiring user action. A. logic bomb B. back door C. phishing attack D. denial-of-service attack
C. phishing attack
Which of the following is NOT an example of alien software? A. Adware B. Spyware C. Spamware D. Blockware
D. Blockware
A ___________ is an attack by a programmer developing a system. A. phishing attack B. denial-of-service attack C. virus D. back door
D. back door
Weak passwords are a(n) ___________ threat. A. software B. outside C. hardware D. employee
D. employee
If you hire a cybersecurity company like FireEye to identify security weaknesses in your information systems, you are using a risk _________ strategy. A. analysis B. acceptance C. transference D. limitation
D. limitation
You have a small business that has had problems with malware on your employees' computers. You decide to hire a third-party company such as GFI Software to implement security controls and then monitor your company's systems. You are adopting a risk ________ strategy. A. limitation B. analysis C. acceptance D. transference
D. transference
Which of the following is NOT an unintentional threat to information systems? A. Careless monitoring of environmental hazards B. Choosing a weak password C. Having an unlocked desk or filing cabinet after going home D. Viruses
D. viruses
Compare and contrast risk mitigation and risk analysis.
Risk analysis is more observational and passive. It focuses more on making analyses on risks that may be present while risk mitigation is taking concrete actions toward the present risks.
What is the purpose of a disaster recovery plan?
The purpose of a disaster recovery plan is to provide guidance to those who are operating a business after a disaster occurs. This could include preparing for, reacting to, and recover from events that affect information security of a company.