Exam 2 Chapter 8

All of the following are types of information systems general controls except: 1) application controls. 2) implementation controls. 3) physical hardware controls. 4) administrative controls. 5) data security controls.

1) application controls.

In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key? 1) SSL 2) Symmetric key encryption 3) Public key encryption 4) Private key encryption 5) TLS

2) Symmetric key encryption

________ controls ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage. 1) Software 2) Administrative 3) Data security 4) Implementation 5) Authentication

3) Data security

Which of the following defines acceptable uses of a firm's information resources and computing equipment? 1) An information systems audit policy 2) A CA policy 3) A MSSP 4) A UTM system 5) An AUP

5) An AUP

Most computer viruses deliver a: 1) worm. 2) Trojan horse. 3) driveby download. 4) keylogger. 5) payload.

5) payload.

________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems. 1) "Security" 2) "Controls" 3) "Benchmarking" 4) "Algorithms" 5) "Authentication"

1) "Security"

Which of the following statements about passwords is not true? 1) Authentication cannot be established by the use of a password. 2) Password systems that are too rigorous may hinder employee productivity. 3) Passwords can be stolen through social engineering. 4) Passwords are often disregarded by employees. 5) Passwords can be sniffed when being transmitted over a network.

1) Authentication cannot be established by the use of a password.

Conficker (also known as Downadup or Downup) is an example of which of the following? 1) SQL injection attack 2) Browser parasite 3) Worm 4) Ransomware 5) Script virus

1) SQL injection attack

Application controls: 1) can be classified as input controls, processing controls, and output controls. 2) govern the design, security, and use of computer programs. 3) apply to all computerized applications and consist of a combination of hardware, software, and manual procedures that create an overall control environment. 4) include software controls, computer operations controls, and implementation controls. 5) govern the security of data files in general throughout the organization.

1) can be classified as input controls, processing controls, and output controls.

Specific security challenges that threaten the communications lines in a client/server environment include: 1) tapping, sniffing, message alteration, and radiation. 2) hacking, vandalism, and denial of service attacks. 3) theft, copying, alteration of data, and hardware or software failure. 4) unauthorized access, errors, and spyware. 5) errors, vandalism, and malware.

1) tapping, sniffing, message alteration, and radiation.

A digital certificate system: 1) uses third-party CAs to validate a user's identity. 2) uses digital signatures to validate a user's identity. 3) uses tokens to validate a user's identity. 4) is used primarily by individuals for personal correspondence. 5) uses deep packet inspection to validate a user's identity.

1) uses third-party CAs to validate a user's identity.

A practice in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic is referred to as: 1) war driving. 2) sniffing. 3) cybervandalism. 4) driveby tapping. 5) driveby downloading.

1) war driving.

An independent computer program that copies itself from one computer to another over a network is called a: 1) worm. 2) Trojan horse. 3) bug. 4) pest. 5) sniffer.

1) worm.

Which of the following is a type of ambient data? 1) Computer log containing recent system errors 2) A file deleted from a hard disk 3) A file that contains an application's user settings 4) A set of raw data from an environmental sensor 5) An email file

2) A file deleted from a hard disk

In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data. 1) high availability computing 2) deep packet inspection 3) application proxy filtering 4) stateful inspection 5) fault-tolerant computing

2) deep packet inspection

Specific security challenges that threaten corporate servers in a client/server environment include: 1) tapping, sniffing, message alteration, and radiation. 2) hacking, vandalism, and denial of service attacks. 3) theft, copying, alteration of data, and hardware or software failure. 4) unauthorized access, errors, and spyware. 5) vandalism, message alteration, and errors.

2) hacking, vandalism, and denial of service attacks.

Tricking employees into revealing their passwords by pretending to be a legitimate member of a company is called: 1) sniffing. 2) social engineering. 3) phishing. 4) pharming. 5) click fraud.

2) social engineering.

Redirecting a web link to a different address is a form of: 1) snooping. 2) spoofing. 3) sniffing. 4) war driving. 5) SQL injection attack.

2) spoofing.

Which of the following focuses primarily on the technical issues of keeping systems up and running? 1) Business continuity planning 2) Security policies 3) Disaster recovery planning 4) An AUP 5) An information systems audit

3) Disaster recovery planning

Which of the following sued BJ's Wholesale Club for allowing hackers to access its systems and steal credit and debit card data for fraudulent purchases? 1) The U.S. Justice Department 2) The U.S. Food and Drug Administration 3) The U.S. Federal Trade Commission 4) The Federal Bureau of Investigation 5) The U.S. Securities and Exchange Commission

3) The U.S. Federal Trade Commission

Computer forensics tasks include all of the following except: 1) presenting collected evidence in a court of law. 2) securely storing recovered electronic data. 3) collecting physical evidence on the computer. 4) finding significant information in a large volume of electronic data. 5) recovering data from computers while preserving evidential integrity.

3) collecting physical evidence on the computer.

For 100 percent availability, online transaction processing requires: 1) high-capacity storage. 2) a multi-tier server network. 3) fault-tolerant computer systems. 4) dedicated phone lines. 5) deep packet inspection.

3) fault-tolerant computer systems.

An authentication token: 1) is a device the size of a credit card that contains access permission data. 2) is a type of smart card. 3) is a device that displays passcodes. 4) is an electronic marker attached to a digital authorization file. 5) compares a person's unique characteristics against a stored profile of these characteristics to determine any differences between these characteristics and the stored profile.

3) is a device that displays passcodes.

Which of the following is not an example of a computer used as an instrument of crime? 1) Theft of trade secrets 2) Intentionally attempting to intercept electronic communication 3) Unauthorized copying of software 4) Breaching the confidentiality of protected computerized data 5) Illegally accessing stored electronic communications

4) Breaching the confidentiality of protected computerized data

________ identify the access points in a Wi-Fi network. 1) NICs 2) Mac addresses 3) URLs 4) SSIDs 5) CAs

4) SSIDs

Currently, the protocols used for secure information transfer over the Internet are: 1) TCP/IP, SSL and CA. 2) S-HTTP, TCP/IP, and CA. 3) HTTP, TLS, and TCP/IP. 4) SSL, TLS, and S-HTTP. 5) TLS, S-HTTP, and TCP/IP

4) SSL, TLS, and S-HTTP.

Which of the following provides additional security by determining whether packets are part of an ongoing dialogue between a sender and receiver? 1) NAT 2) Packet filtering 3) Deep packet inspection 4) Stateful inspection 5) Application proxy filtering

4) Stateful inspection

Comprehensive security management products, with tools for firewalls, VPNs, intrusion detection systems, and more, are called ________ systems. 1) DPI 2) MSSP 3) NSP 4) UTM 5) SSL

4) UTM

Specific security challenges that threaten clients in a client/server environment include: 1) tapping, sniffing, message alteration, and radiation. 2) hacking, vandalism, and denial of service attacks. 3) theft, copying, alteration of data, and hardware or software failure. 4) unauthorized access, errors, and spyware. 5) vandalism, message alteration, and errors.

4) unauthorized access, errors, and spyware.

Which of the following specifically makes malware distribution and hacker attacks to disable websites a federal crime? 1) Computer Fraud and Abuse Act 2) Economic Espionage Act 3) Electronic Communications Privacy Act 4) Data Security and Breach Notification Act 5) National Information Infrastructure Protection Act

5) National Information Infrastructure Protection Act

All of the following have contributed to an increase in software flaws except: 1) the growing complexity of software programs. 2) the growing size of software programs. 3) demands for timely delivery to markets. 4) the inability to fully test programs. 5) the increase in malicious intruders seeking system access.

5) the increase in malicious intruders seeking system access.