MIS Ch4

Ace your homework & exams now with Quizwiz!

28) An information system's _____ is the possibility that the system will be harmed by a threat. a) vulnerability b) risk c) control d) danger e) compromise

Answer: a Title: Assessment Question 4.28 Learning Objective 1: LO 4.1 Identify the five factors that contribute to the increasing vulnerability of information resources, providing an example for each. Section Reference 1: Introduction to Information Security Difficulty: Easy

31) Unintentional threats to information systems include all of the following except: a) malicious software b) tailgating c) power outage d) lack of user experience e) tornados

Answer: a Title: Assessment Question 4.31 Learning Objective 1: LO 4.2 Compare and contrast human mistakes and social engineering, providing an example for each. Section Reference 1: Unintentional Threats to Information Systems Difficulty: Medium

40) _____ are segments of computer code that attach to existing computer programs and perform malicious acts. a) Viruses b) Worms c) Trojan horses d) Back doors e) Logic bombs

Answer: a Title: Assessment Question 4.40 Learning Objective 1: LO 4.3 Discuss the ten types of deliberate attacks. Section Reference 1: Deliberate Threats to Information Systems Difficulty: Easy

45) The term _____ refers to clandestine software that is installed on your PC through duplicitous channels but is not particularly malicious. a) Alien software b) Virus c) Worm d) Back door e) Logic bomb

Answer: a Title: Assessment Question 4.45 Learning Objective 1: LO 4.3 Discuss the ten types of deliberate attacks. Section Reference 1: Deliberate Threats to Information Systems Difficulty: Easy

47) When companies attempt to counter _____ by requiring users to accurately select characters in turn from a series of boxes, attackers respond by using _____. a) keyloggers, screen scrapers b) screen scrapers, uninstallers c) keyloggers, spam d) screen scrapers, keyloggers e) spam, keyloggers

Answer: a Title: Assessment Question 4.47 Learning Objective 1: LO 4.3 Discuss the ten types of deliberate attacks. Section Reference 1: Deliberate Threats to Information Systems Difficulty: Medium

54) _____ controls are concerned with user identification, and they restrict unauthorized individuals from using information resources. a) Access b) Physical c) Data security d) Administrative e) Input

Answer: a Title: Assessment Question 4.54 Learning Objective 1: LO 4.5 Identify the three major types of controls that organizations can use to protect their information resources, providing an example for each. Section Reference 1: Information Security Controls Difficulty: Easy 55) Access controls involve _____ before _____. a) biometrics, signature recognition b) authentication, authorization c) iris scanning, voice recognition d) strong passwords, biometrics e) authorization, authentication Answer: b Title: Assessment Question 4.55 Learning Objective 1: LO 4.5 Identify the three major types of controls that organizations can use to protect their information resources, providing an example for each. Section Reference 1: Information Security Controls Difficulty: Easy 56) Biometrics are an example of: a) something the user is. b) something the user wants. c) something the user has. d) something the user knows. e) something the user does. Answer: a Title: Assessment Question 4.56 Learning Objective 1: LO 4.5 Identify the three major types of controls that organizations can use to protect their information resources, providing an example for each. Section Reference 1: Information Security Controls Difficulty: Easy 57) Voice and signature recognition are examples of: a) something the user is. b) something the user wants. c) something the user has. d) something the user knows. e) something the user does. Answer: e Title: Assessment Question 4.57 Learning Objective 1: LO 4.5 Identify the three major types of controls that organizations can use to protect their information resources, providing an example for each. Section Reference 1: Information Security Controls Difficulty: Easy 58) Passwords and passphrases are examples of: a) something the user is. b) something the user wants. c) something the user has. d) something the user knows. e) something the user does. Answer: e Title: Assessment Question 4.58 Learning Objective 1: LO 4.5 Identify the three major types of controls that organizations can use to protect their information resources, providing an example for each. Section Reference 1: Information Security Controls Difficulty: Easy 59) Which of the following is not a characteristic of strong passwords? a) They are difficult to guess. b) They contain special characters. c) They are not a recognizable word. d) They are not a recognizable string of numbers e) They tend to be short so they are easy to remember. Answer: e Title: Assessment Question 4.59 Learning Objective 1: LO 4.5 Identify the three major types of controls that organizations can use to protect their information resources, providing an example for each. Section Reference 1: Information Security Controls Difficulty: Medium 60) Which of the following is not an example of a weak password? a) IloveIT b) 08141990 c) 9AmGt/* d) Rainer e) InformationSecurity Answer: c Title: Assessment Question 4.60 Learning Objective 1: LO 4.5 Identify the three major types of controls that organizations can use to protect their information resources, providing an example for each. Section Reference 1: Information Security Controls Difficulty: Medium 61) Bob is using public key encryption to send a message to Ted. Bob encrypts the message with Ted's _____ key, and Ted decrypts the message using his _____ key. a) public, public b) public, private c) private, private d) private, public e) none of these Answer: b Title: Assessment Question 4.61 Learning Objective 1: LO 4.5 Identify the three major types of controls that organizations can use to protect their information resources, providing an example for each. Section Reference 1: Information Security Controls Difficulty: Medium 62) Which of the following statements concerning firewalls is not true? a) Firewalls prevent unauthorized Internet users from accessing private networks. b) Firewalls examine every message that enters or leaves an organization's network. c) Firewalls filter network traffic according to categories of activities that are likely to cause problems. d) Firewalls filter messages the same way as anti-malware systems do. e) Firewalls are sometimes located inside an organization's private network. Answer: d Title: Assessment Question 4.62 Learning Objective 1: LO 4.5 Identify the three major types of controls that organizations can use to protect their information resources, providing an example for each. Section Reference 1: Information Security Controls Difficulty: Medium 63) In a process called _____, a company allows nothing to run unless it is approved, whereas in a process called _____, the company allows everything to run unless it is not approved. a) whitelisting, blacklisting b) whitelisting, encryption c) encryption, whitelisting d) encryption, blacklisting e) blacklisting, whitelisting Answer: a Title: Assessment Question 4.63 Learning Objective 1: LO 4.5 Identify the three major types of controls that organizations can use to protect their information resources, providing an example for each. Section Reference 1: Information Security Controls Difficulty: Medium 64) Organizations use hot sites, warm sites, and cold sites to insure business continuity. Which of the following statements is not true? a) A cold site has no equipment. b) A warm site has no user workstations. c) A hot site needs to be located close to the organization's offices. d) A hot site duplicates all of the organization's resources. e) A warm site does not include actual applications. Answer: c Title: Assessment Question 4.64 Learning Objective 1: LO 4.5 Identify the three major types of controls that organizations can use to protect their information resources, providing an example for each. Section Reference 1: Information Security Controls Difficulty: Easy

25) The computing skills necessary to be a hacker are decreasing for which of the following reasons? a) More information systems and computer science departments are teaching courses on hacking so that their graduates can recognize attacks on information assets. b) Computer attack programs, called scripts, are available for download from the Internet. c) International organized crime is training hackers. d) Cybercrime is much more lucrative than regular white-collar crime. e) Almost anyone can buy or access a computer today.

Answer: b Title: Assessment Question 4.25 Learning Objective 1: LO 4.1 Identify the five factors that contribute to the increasing vulnerability of information resources, providing an example for each. Section Reference 1: Introduction to Information Security Difficulty: Hard

30) Employees in which functional areas of the organization pose particularly grave threats to information security? a) human resources, finance b) human resources, management information systems c) finance, marketing d) operations management, management information systems e) finance, management information systems

Answer: b Title: Assessment Question 4.30 Learning Objective 1: LO 4.2 Compare and contrast human mistakes and social engineering, providing an example for each. Section Reference 1: Unintentional Threats to Information Systems Difficulty: Easy

38) A _____ is a document that grants the holder exclusive rights on an invention for 20 years. a) copyright b) patent c) trade secret d) knowledge base e) private property notice

Answer: b Title: Assessment Question 4.38 Learning Objective 1: LO 4.3 Discuss the ten types of deliberate attacks. Section Reference 1: Deliberate Threats to Information Systems Difficulty: Easy

46) Which of the following is(are) designed to use your computer as a launch pad for sending unsolicited e-mail to other computers? a) Spyware b) Spamware c) Adware d) Viruses e) Worms

Answer: b Title: Assessment Question 4.46 Learning Objective 1: LO 4.3 Discuss the ten types of deliberate attacks. Section Reference 1: Deliberate Threats to Information Systems Difficulty: Easy

48) _____ is the process in which an organization assesses the value of each asset being protected, estimates the probability that it will be compromised, and compares the probable costs of an attack with the costs of protecting the asset. a) Risk management b) Risk analysis c) Risk mitigation d) Risk acceptance e) Risk transference

Answer: b Title: Assessment Question 4.48 Learning Objective 1: LO 4.4 Discuss the three risk mitigation strategies, providing an example for each in the context of owning a home. Section Reference 1: What Companies Are Doing to Protect Information Resources Difficulty: Easy

26) Rank the following in terms of dollar value of the crime, from highest to lowest. a) robbery - white collar crime - cybercrime b) white collar crime - extortion - robbery c) cybercrime - white collar crime - robbery d) cybercrime - robbery - white collar crime e) white collar crime - burglary - robbery

Answer: c Title: Assessment Question 4.26 Learning Objective 1: LO 4.1 Identify the five factors that contribute to the increasing vulnerability of information resources, providing an example for each. Section Reference 1: Introduction to Information Security Difficulty: Medium

33) The cost of a stolen laptop includes all of the following except: a) Loss of intellectual property b) Loss of data c) Backup costs d) Loss of productivity e) Replacement cost

Answer: c Title: Assessment Question 4.33 Learning Objective 1: LO 4.3 Discuss the ten types of deliberate attacks. Section Reference 1: Deliberate Threats to Information Systems Difficulty: Easy

34) Dumpster diving is: a) always illegal because it is considered trespassing. b) never illegal because it is not considered trespassing. c) typically committed for the purpose of identity theft. d) always illegal because individuals own the material in the dumpster. e) always legal because the dumpster is not owned by private citizens.

Answer: c Title: Assessment Question 4.34 Learning Objective 1: LO 4.3 Discuss the ten types of deliberate attacks. Section Reference 1: Deliberate Threats to Information Systems Difficulty: Medium

36) A _____ is intellectual work that is known only to a company and is not based on public information. a) copyright b) patent c) trade secret d) knowledge base e) private property

Answer: c Title: Assessment Question 4.36 Learning Objective 1: LO 4.3 Discuss the nine types of deliberate attacks. Section Reference 1: Deliberate Threats to Information Systems Difficulty: Easy

37) A pharmaceutical company's research and development plan for a new class of drugs would be best described as which of the following? a) Copyrighted material b) Patented material c) A trade secret d) A knowledge base e) Public property

Answer: c Title: Assessment Question 4.37 Learning Objective 1: LO 4.3 Discuss the ten types of deliberate attacks. Section Reference 1: Deliberate Threats to Information Systems Difficulty: Easy

49) Which of the following statements is false? a) Credit card companies usually block stolen credit cards rather than prosecute. b) People tend to shortcut security procedures because the procedures are inconvenient. c) It is easy to assess the value of a hypothetical attack. d) The online commerce industry isn't willing to install safeguards on credit card transactions. e) The cost of preventing computer crimes can be very high.

Answer: c Title: Assessment Question 4.49 Learning Objective 1: LO 4.4 Discuss the three risk mitigation strategies, providing an example for each in the context of owning a home. Section Reference 1: What Companies Are Doing to Protect Information Resources Difficulty: Easy

50) In _____, the organization takes concrete actions against risks. a) risk management b) risk analysis c) risk mitigation d) risk acceptance e) risk transference

Answer: c Title: Assessment Question 4.50 Learning Objective 1: LO 4.4 Discuss the three risk mitigation strategies, providing an example for each in the context of owning a home. Section Reference 1: What Companies Are Doing to Protect Information Resources Difficulty: Easy

53) Which of the following statements concerning the difficulties in protecting information resources is not correct? a) Computing resources are typically decentralized. b) Computer crimes often remain undetected for a long period of time. c) Rapid technological changes ensure that controls are effective for years. d) Employees typically do not follow security procedures when the procedures are inconvenient. e) Computer networks can be located outside the organization.

Answer: c Title: Assessment Question 4.53 Learning Objective 1: LO 4.4 Discuss the three risk mitigation strategies, providing an example for each in the context of owning a home. Section Reference 1: What Companies Are Doing to Protect Information Resources Difficulty: Medium

24) Which of the following factors is not increasing the threats to information security? a) smaller computing devices b) downstream liability c) the Internet d) limited storage capacity on portable devices e) due diligence

Answer: d Title: Assessment Question 4.24 Learning Objective 1: LO 4.1 Identify the five factors that contribute to the increasing vulnerability of information resources, providing an example for each. Section Reference 1: Introduction to Information Security Difficulty: Medium

27) A _____ is any danger to which an information resource may be exposed. a) vulnerability b) risk c) control d) threat e) compromise

Answer: d Title: Assessment Question 4.27 Learning Objective 1: LO 4.1 Identify the five factors that contribute to the increasing vulnerability of information resources, providing an example for each. Section Reference 1: Introduction to Information Security Difficulty: Easy

29) The most overlooked people in information security are: a) consultants and temporary hires. b) secretaries and consultants. c) contract laborers and executive assistants. d) janitors and guards. e) executives and executive secretaries.

Answer: d Title: Assessment Question 4.29 Learning Objective 1: LO 4.2 Compare and contrast human mistakes and social engineering, providing an example for each. Section Reference 1: Unintentional Threats to Information Systems Difficulty: Easy

32) _____ involves building an inappropriate trust relationship with employees for the purpose of gaining sensitive information or unauthorized access privileges. a) Tailgating b) Hacking c) Spoofing d) Social engineering e) Spamming

Answer: d Title: Assessment Question 4.32 Learning Objective 1: LO 4.2 Compare and contrast human mistakes and social engineering, providing an example for each. Section Reference 1: Unintentional Threats to Information Systems Difficulty: Easy

39) An organization's e-mail policy has the least impact on which of the following software attacks? a) virus b) worm c) phishing d) zero-day e) spear phishing

Answer: d Title: Assessment Question 4.39 Learning Objective 1: LO 4.3 Discuss the ten types of deliberate attacks. Section Reference 1: Deliberate Threats to Information Systems Difficulty: Hard

43) A _____ attack uses deception to fraudulently acquire sensitive personal information by masquerading as an official e-mail. a) Zero-day b) Denial-of-service c) Distributed denial-of-service d) Phishing e) Brute force dictionary

Answer: d Title: Assessment Question 4.43 Learning Objective 1: LO 4.3 Discuss the ten types of deliberate attacks. Section Reference 1: Deliberate Threats to Information Systems Difficulty: Easy

35) Cybercriminals can obtain the information they need in order to assume another person's identity by: a) Infiltrating an organization that stores large amounts of personal information. b) Phishing. c) Hacking into a corporate database. d) Stealing mail. e) All of the above are strategies to obtain information to assume another person's identity.

Answer: e Title: Assessment Question 4.35 Learning Objective 1: LO 4.3 Discuss the ten types of deliberate attacks. Section Reference 1: Deliberate Threats to Information Systems Difficulty: Easy

41) _____ are software programs that hide in other computer programs and reveal their designed behavior only when they are activated. a) Viruses b) Worms c) Trojan horses d) Back doors e) Logic bombs

Answer: e Title: Assessment Question 4.41 Learning Objective 1: LO 4.3 Discuss the ten types of deliberate attacks. Section Reference 1: Deliberate Threats to Information Systems Difficulty: Easy

42) _____ are segments of computer code embedded within an organization's existing computer programs that activate and perform a destructive action at a certain time or date. a) Viruses b) Worms c) Trojan horses d) Back doors e) Logic bombs

Answer: e Title: Assessment Question 4.42 Learning Objective 1: LO 4.3 Discuss the ten types of deliberate attacks. Section Reference 1: Deliberate Threats to Information Systems Difficulty: Easy

44) In a _____ attack, a coordinated stream of requests is launched against a target system from many compromised computers at the same time. a) phishing b) zero-day c) worm d) back door e) distributed denial-of-service

Answer: e Title: Assessment Question 4.44 Learning Objective 1: LO 4.3 Discuss the ten types of deliberate attacks. Section Reference 1: Deliberate Threats to Information Systems Difficulty: Easy

51) Which of the following is not a strategy for mitigating the risk of threats against information? a) Continue operating with no controls and absorb any damages that occur b) Transfer the risk by purchasing insurance. c) Implement controls that minimize the impact of the threat d) Install controls that block the risk. e) All of the above are strategies for mitigating risk.

Answer: e Title: Assessment Question 4.51 Learning Objective 1: LO 4.4 Discuss the three risk mitigation strategies, providing an example for each in the context of owning a home. Section Reference 1: What Companies Are Doing to Protect Information Resources Difficulty: Easy

52) In _____, the organization purchases insurance as a means to compensate for any loss. a) risk management b) risk analysis c) risk mitigation d) risk acceptance e) risk transference

Answer: e Title: Assessment Question 4.52 Learning Objective 1: LO 4.4 Discuss the three risk mitigation strategies, providing an example for each in the context of owning a home. Section Reference 1: What Companies Are Doing to Protect Information Resources Difficulty: Easy


Related study sets

Chapter 11 - Inventory Management

View Set

PLATO / Edmentum End of Semester Test : Algebra 2B

View Set

Chapter 12 - 16 Practice & Review Questions

View Set

Pharmacology Final + Practice Quizzes

View Set

International Business Chapter Midterm

View Set

AP US History: Chapter 25 Review

View Set

Community Health Exam 3 Practice Questions

View Set