MIS-Chapter 8
Evil twins are:
bogus wireless network access points that look legitimate to users.
Application controls:
can be classified as input controls, processing controls, and output controls.
Computer forensics tasks include all of the following except:
collecting physical evidence on the computer.
In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.
deep packet inspection
The most common type of electronic evidence is:
A firewall allows the organization to:
enforce a security policy on data exchanged between its network and the Internet.
Specific security challenges that threaten corporate servers in a client/server environment include:
hacking, vandalism, and denial of service attacks.
An authentication token:
is a device that displays passcodes.
Pharming involves:
redirecting users to a fraudulent website even when the user has typed in the correct address in the web browser.
________ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards.
"Controls"
________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.
"Security"
Which of the following is a type of ambient data?
A file deleted from a hard disk
Which of the following defines acceptable uses of a firm's information resources and computing equipment?
An AUP
Which of the following statements about passwords is not true?
Authentication cannot be established by the use of a password.
Which of the following statements about wireless security is not true?
Bluetooth is the only wireless technology that is not susceptible to hacking by eavesdroppers.
Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n):
risk assessment.
Statements ranking information risks and identifying security goals are included in a(n):
security policy
An example of phishing is:
setting up a fake medical website that asks users for confidential information.
All of the following are currently being used as traits that can be profiled by biometric authentication except:
Body odor
Which of the following is not an example of a computer used as an instrument of crime?
Breaching the confidentiality of protected computerized data
Specific security challenges that threaten the communications lines in a client/server environment include:
tapping, sniffing, message alteration, and radiation.
All of the following have contributed to an increase in software flaws except:
the increase in malicious intruders seeking system access.
A salesperson clicks repeatedly on the online ads of a competitor's in order to drive the competitor's advertising costs up. This is an example of:
Click fraud
A foreign country attempting to access government networks in order to disable a national power grid would be an example of:
Cyberwarfare
Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n) ________ attack.
DDoS
________ controls ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage.
Data security
Which of the following focuses primarily on the technical issues of keeping systems up and running?
Disaster recovery planning
Specific security challenges that threaten clients in a client/server environment include:
unauthorized access, errors, and spyware.
A digital certificate system:
uses third-party CAs to validate a user's identity.
For 100 percent availability, online transaction processing requires:
Fault-tolerant computer systems.
________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone else.
Identity theft
Which of the following is not an example of a computer used as a target of crime?
Illegally accessing stored electronic communication
________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.
Intrusion detection systems
All of the following countries are popular sources of malware attacks except:
Mexico
Which of the following specifically makes malware distribution and hacker attacks to disable websites a federal crime?
National Information Infrastructure Protection Act
Most computer viruses deliver a:
Payload
CryptoLocker is an example of which of the following?
Ransomware
Conficker (also known as Downadup or Downup) is an example of which of the following?
SQL injection attack
________ identify the access points in a Wi-Fi network.
SSIDs
Currently, the protocols used for secure information transfer over the Internet are:
SSL, TLS, and S-HTTP.
Tricking employees into revealing their passwords by pretending to be a legitimate member of a company is called:
Social engineering
Phishing is a form of:
Spoofing
Redirecting a web link to a different address is a form of:
Spoofing
A keylogger is a type of:
Spyware
Which of the following provides additional security by determining whether packets are part of an ongoing dialogue between a sender and receiver?
Stateful inspection
In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?
Symmetric key encryption
Which of the following sued BJ's Wholesale Club for allowing hackers to access its systems and steal credit and debit card data for fraudulent purchases?
The U.S. Federal Trade Commission
Comprehensive security management products, with tools for firewalls, VPNs, intrusion detection systems, and more, are called ________ systems.
UTM
Which of the following is the single greatest cause of network security breaches?
User lack of knowledge
Which of the following statements about Internet security is not true?
VoIP is more secure than the switched voice network.
Which of the following specifications replaced WEP with a stronger security standard that features changing encryption keys?
WPA2
A practice in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic is referred to as:
War driving
An independent computer program that copies itself from one computer to another over a network is called a:
Worm
All of the following are types of information systems general controls except:
application controls
