IS Chapter 8
Which of the following is the single greatest cause of network security breaches? A. User lack of knowledge B. Viruses C. Trojan horses D. Bugs E. Cyberwarfare
A. User lack of knowledge
An independent computer program that copies itself from one computer to another over a network is called a: A. worm B. sniffer C. Trojan horse D. Bug E. Pest
A. worm
All of the following have contributed to an increase in software flaws except: A. The growing complexity of software programs B. The increase in malicious intruders seeking system access C. Demands for timely delivery to markets D. The inability to fully test programs E. The growing size of software programs
B. The increase in malicious intruders seeking system access
All of the following are currently being used as traits that can be profiled by biometric authentication except:
Body odor
__________ refers to all of the methods, policies, & organizational procedures that ensure the safety of the organization's assets, the accuracy & reliability of its accounting records, & operational adherence to management standards.
Controls
Which of the following is a type of ambient data? A. Computer log containing recent system errors B. A file that contains an application's user settings C. An email file D. A file deleted from a hard disk E. A set of raw data from an environmental sensor
D. A file deleted from a hard disk
A salesperson clicks repeatedly on the online ads of a competitor's in order to drive the competitor's advertising costs up. This is an example of: A. Phishing B. Sniffing C. Pharming D. Click fraud E. Spoofing
D. Click fraud
__________ refers to policies, procedures, & technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems. A. Authentication B. Controls C. Algorithms D. Security E. Benchmarking
D. Security
Using numerous computers to inundate & overwhelm the network from numerous launch points is called a(n) _________ attack
DDoS
DoS
Denial-of-service attacks (DoS). Flooding server with thousands of false requests to crash the network
All of the following are types of information systems general controls except: A. Data security controls B. Physical hardware controls C. Administrative controls D. Implementation controls E. Application controls
E. Application controls
A firewall allows the organization to: A. Authenticate users B. Check the content of all incoming & outgoing email messages C. Create an enterprise system on the internet D. Check the accuracy of all transactions between its network & the internet E. Enforce a security policy on data exchanged between its network & the internet
E. Enforce a security policy on data exchanged between its network & the internet
The Sarbanes-Oxley Act: A. Specifies best practices in information systems security & control B. Outlines medical security & privacy rules C. Requires financial institutions to ensure the security of customer data D. Requires that companies retain electronic records for at least 10 years E. Imposes responsibility on companies & management to safeguard the accuracy of financial information
E. Imposes responsibility on companies & management to safeguard the accuracy of financial information
CryptoLocker is an example of which of the following? A. Sniffer B. SQL injection attack C. Trojan house D. Evil Twin E. Ransomware
E. Ransomware
Sniffer
Eavesdropping program that monitors information traveling over network. Enables hackers to steal proprietary information such as email, company files, and so on
All malicious software programs have the ability to replicate themselves & spread over all files in an infected PC. T/F
False
An acceptabel use policy defines the acceptable level of access to information assets for diff. users. T/F
False
Both computer viruses & worms are attached to a file & rely on the infected file to spread
False
Installing antivirus software can guarantee the computer is virus free. T/F
False
The term cracker is used to I.D. a hacker who gains unauthorized access to a computer system with good intent. T/F
False
The term cracker is used to I.D. a hacker whose specialty is breaking open security systems. T/F
False
Viruses cannot be spread through email. T/F
False
WEP is more secure encryption standard the WPA2. T/F
False
Wireless networks are more difficult to penetrate because radio frequency bands are hard to scan. T/F
False
Zero-day vulnerabilities is an industry standard to ensure software programs are bug free when 1st released
False
Worms
Independent computer programs that copy themselves from one computer to other computers over a network. Can operate on their own, reproduce themselves. Spread more rapidly than viruses
Spoofing
Misrepresenting oneself by using fake email addresses or masquerading as someone else. Redirecting Web link to address different from intended one, with site masquerading as intended destination
botnet
Networks of "zombie" PCs infiltrated by bot malware
Most computer viruses deliver a __________
Payload
Redirecting users to a bogus website even is they type the correct URL
Pharming
Computer bug/patches
Program code defects/Small pieces of software to repair flaws released by vendors
Keyloggers
Record every keystroke on computer to steal serial numbers, passwords, launch Internet attacks
Pharming involves:
Redirecting users to a fraudulent website even when the user has typed in the correct address in the web browser
Analysis of an information system that rates the likelihood of a security incident occurring & its costs is included in a(n)
Risk assessment
Virus
Rogue software program that attaches itself to other files, software programs or data files in order to be executed. Cause damage to computer. Can spread from computer to computer
Phishing
Setting up fake Websites or sending email messages that look like legitimate businesses to ask users for confidential personal data
Ex. of phishing
Setting up fake medical website that asks users for confidential info
Spyware
Small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising.
Trojan Horse
Software program that appears to be benign but then does something other than expected. Not a virus as it does not replicate. Can be used the steal login credentials
A keylogger is a type of
Spyware
Social Engineering
Tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information
In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's side a small program called Mid was downloaded to the user's machine. Program enabled outsiders to infiltrate the user's machine.
Trojan Horse
Public key encryption uses 2 keys T/F
True
SSL is a protocol used to establish a secure connection between 2 computers. T/F
True
To secure mobile devices, a company will need to implement special mobile device management software. T/F
True
Zero defects cannot be achieved in larger software programs because fully testing programs that contain thousands of choices & millions of paths would require thousands of years. T/F
True
Evil Twins
Wireless networks that pretend to offer trustworthy Wi-Fi connections to the Internet
