TEST
Which of the following is a type of ambient data?
A file deleted from a hard disk
Which of the following items defines acceptable uses of a firm's information resources and computing equipment?
An AUP
Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n) ________ attack.
DDoS
Which of the following focuses primarily on the technical issues of keeping systems up and running?
Disaster recovery planning
________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.
Intrusion detection systems
Which of the following statements about botnets is not true?
It is not possible to make a smartphone part of a botnet.
Currently, the protocols used for secure information transfer over the Internet are:
SSL, TLS, and S-HTTP.
Examines the firm's overall security environment as well as controls governing individual information systems
Security Audits
In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?
Symmetric key encryption
A tool that provides a single appliance with multiple security controls.
Unified threat management system
Which of the following is the single greatest cause of network security breaches?
User lack of knowledge
Evil twins are:
bogus wireless network access points that look legitimate to users
A salesperson clicks repeatedly on the online ads of a competitor in order to drive the competitor's advertising costs up. This is an example of:
click fraud
The intentional defacement or destruction of a website is called:
cybervandalism.
A firewall allows the organization to:
enforce a security policy on data exchanged between its network and the Internet.
This security tool is often used by large companies to keep track of all users and the privileges.
identity management
When hackers gain access to a database containing your personal private information, this is an example of:
identity theft.
The Sarbanes-Oxley Act:
imposes responsibility on companies and management to safeguard the accuracy of financial information.
The HIPAA Act of 1996:
outlines medical security and privacy rules.
Pharming involves:
redirecting users to a fraudulent website even when the user has typed in the correct address in the web browser.
Fault tolerant information systems offer 100 percent availability because they use:
redundant hardware, software, and power supplies.
The Gramm-Leach-Bliley Act:
requires financial institutions to ensure the security of customer data.
An employee clicks on a link in an email from what looks like a fellow employee and is taken to a fraudulent web site which asks for personal information is an example of:
spear phishing.
WPA2 is a more effective way to secure a wireless network than WEP because it:
uses much longer encryption keys.
A digital certificate system:
uses third party CAs to validate a user's identity
When a hacker discovers a security hole in software that is unknown to the software vendor it is an example of:
zero-day vulnerability
