CIS Chapter 8

is software that appears to be benign but does something other than expected.

A Trojan horse

uses third-party CAs to validate a user's identity.

A digital certificate system

enforce a security policy on data exchanged between its network and the Internet.

A firewall allows the organization to

cyberwarfare.

A foreign country attempting to access government networks in order to disable a national power grid would be an example of

war driving.

A practice in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic is referred to as

click fraud.

A salesperson clicks repeatedly on the online ads of a competitor's in order to drive the competitor's advertising costs up. This is an example of

application controls.

All of the following are types of information systems general controls except

two-factor authentication.

An authentication system in which a user must provide two types of identification, such as a bank card and PIN, is called

gadget that displays passcodes.

An authentication token is a(n)

risk assessment.

Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n)

can be classified as input controls, processing controls, and output controls.

Application controls

can use a person's voice as a unique, measurable trait.

Biometric authentication

unauthorized access.

Client software in a client/server environment is specifically vulnerable to

UTM

Comprehensive security management products, with tools for firewalls, VPNs, intrusion detection systems, and more, are called ________ systems.

collecting physical evidence on the computer.

Computer forensics tasks include all of the following except

SSL, TLS, and S-HTTP.

Currently, the protocols used for secure information transfer over the Internet are

may be accessible by anyone who has access to the same network.

Electronic data are more susceptible to destruction, fraud, error, and misuse because information systems concentrate data in computer files that

bogus wireless network access points that look legitimate to users.

Evil twins are

fault-tolerant computer systems.

For 100-percent availability, online transaction processing requires

causing other people's computers to become "zombie" PCs following a master computer.

Hackers create a botnet by

They issue patches.

How do software vendors correct flaws in their software after it has been distributed?

malware.

In a client/server environment, corporate servers are specifically vulnerable to

deep-packet inspection

In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.

symmetric key encryption

In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?

vulnerable to many more kinds of threats

Large amounts of data stored in electronic form are ________ than the same data in manual form.

only those viruses already known when the software is written.

Most antivirus software is effective against

redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.

Pharming involves

may hinder employee productivity.

Rigorous password systems

MSSPs.

Smaller firms may outsource some or many security functions to

they allow users to post software code.

Social networking sites have become a new conduit for malware because

security policy.

Statements ranking information risks and identifying security goals are included in a(n)

requires financial institutions to ensure the security of customer data.

The Gramm-Leach-Bliley Act

outlines medical security and privacy rules.

The HIPAA Act of 1996

it was designed to be easily accessible.

The Internet poses specific security problems because

imposes responsibility on companies and management to safeguard the accuracy of financial information.

The Sarbanes-Oxley Act

tapping.

The communications lines in a client/server environment are specifically vulnerable to

cybervandalism.

The intentional defacement or destruction of a Web site is called

e-mail.

The most common type of electronic evidence is

social engineering.

Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called

DDoS

Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n) ________ attack.

a file deleted from a hard disk

Which of the following is a type of ambient data?

Conficker

Which of the following is a virus that uses flaws in Windows software to take over a computer remotely?

illegally accessing stored electronic communication

Which of the following is not an example of a computer used as a target of crime?

breaching the confidentiality of protected computerized data

Which of the following is not an example of a computer used as an instrument of crime?

WPA2

Which of the following specifications replaces WEP with a stronger security standard that features changing encryption keys?

VoIP is more secure than the switched voice network.

Which of the following statements about the Internet security is not true?

employees

You have been hired as a security consultant for a law firm. Which of the following constitutes the greatest source for network security breaches to the firm?

$1,250

Your company, an online discount stationers, has calculated that a loss of Internet connectivity for 3 hours results in a potential loss of $2,000 to $3,000 and that there is a 50% chance of this occurring each year. What is the annual expected loss from this exposure?

Data security

________ controls ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage.

SSIDs

________ identify the access points in a Wi-Fi network.

Identity theft

________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone else.

Ransomware

________ is malware that hijacks a user's computer and demands payment in return for giving back access.

A keylogger

________ is malware that logs and transmits everything a user types.

"Controls"

________ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards.

"Security"

________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.

Intrusion detection systems

________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.