logo image

INFO 360 – Chapter 8

A(n) _____ is a person that tries to gain access to a computer system without authorization and with criminal intent, different from a person that simply tries to gain access.
cracker
_____ can be destructive to a company when at risk for people or programs deliberately moving through ads, thus driving up advertising costs for a company.
Click fraud
The _____ outlines medial security and privacy rules and procedures for the health care industry.
HIPAA Act
The _____ mandates that financial services firms ensure security and confidentiality of customer data.
Gramm-Leach-Bliley Act
_____ check for data entering a system for accuracy and completeness, such as when a clerk confirms a telephone number for a new customer.
Input controls
With security, a(n) _____ sets how information assets are used while _____ controls who can access information assets.
acceptable use policy; identity management
Current tablet devices require a fingerprint as a(n) ____ to control who can access a device.
biometric authentication
Using a combination of hardware and software, ____ are able to control incoming and outgoing data on a network.
firewalls
Which of the following is NOT a security threat posed by the use of the iPhone, iPad and other mobile computing devices in the workplace?
A. Mobile devices appear vulnerable to rogue apps.
B. Mobile devices have less stringent passwords and locks.
C. Mobile devices are easily stolen and often contain corporate data.
D. Dictating what kind of data an app can access inside its sandbox domain.
E. Data leakage is caused by use of cloud storage services with mobile devices.
D. Dictating what kind of data an app can access inside its sandbox domain.
Which is NOT a type of security loss?
A. Unauthorized data disclosure
B. Denial of service
C. Unauthorized data modification
D. Faulty service
E. Forgotten passwords
E. Forgotten passwords
Which of the following items does NOT comprise part of an organization’s security policy?
A. Identifying acceptable security goals
B. Controlling what non organizational activities employees can do
C. Weighing what risks the organization is willing to accept for each asset
D. Ranking priorities of information risks
E. Identifying the mechanisms for achieving these goals
B. Controlling what non organizational activities employees can do
A key logger is a type of _____.
spyware
Which of the following examine(s) data files and sorts out low-priority online material while assigning higher priority to business-critical files?
A. Intrusion detection systems
B. Managed security service providers
C. Unified threat management
D. Deep packet inspection
E. Antivirus software
D. Deep packet inspection
Which is NOT a characteristic of the most secure, hard-to-break passwords?
A. Is a mix of letters and numbers
B. Contains no word in any language
C. Has upper- and lowercase characters
D. Contains special characters
E. Has six or fewer characters
E. Has six or fewer characters
Computer forensics deals with all of the following problems EXCEPT:
A. presenting the information to a court of law.
B. protecting the computer assets from fraudulent access.
C. finding significant information in a large volume of electronic data.
D. recovering data from computers while preserving evidential integrity.
E. securely storing and handling recovered electronic data.
B. protecting the computer assets from fraudulent access.
Which of the following was NOT one of security practices that LinkedIn failed to follow?
A. LinkedIn did not install security patches and bug fixes.
B. LinkedIn had minimal password protection via encryption.
C. LinkedIn did not sufficiently protect its website from hackers.
D. LinkedIn had not salted its user passwords.
E. LinkedIn did not store hashed passwords on separate secure Web servers.
A. LinkedIn did not install security patches and bug fixes.
Human safeguards involve the people and procedure components of information systems. All of the following constitute effective human safeguards EXCEPT ______.
A. dissemination and enforcement
B. positon definiton
C. incidence response plan
D. termination
E. hiring and screening
C. incidence response plan
Which of the following is an opportunity for threats to gain access to assets?
A. Threat
B. Target
C. Attack
D. Vulnerability
E. Safeguard
D. Vulnerability
Which of the following is NOT a type of malware?
A. Adware
B. Virus
C. Cookies
D. Spyware
E. Trojan horse
C. Cookies
Which of the following is a critical security function of senior management in an organization?
A. Establishing the security policy and managing risk
B. Managing security programs on a real-time basis
C. Safeguarding computer hardware and software
D. Developing IS security software
E. Monitoring potential malicious activity continuously
A. Establishing the security policy and managing risk
Which of the following is NOT a situation when a computer is the target of a crime?
A. Knowingly transmitting a program, program code, or command that intentionally causes damages to a protected computer
B. Accessing a computer system without authority
C. Breaching the confidentiality of protected computerized data
D. Using e-mail for threats or harassment
E. Knowingly accessing a protected computer to commit fraud
D. Using e-mail for threats or harassment
Technical safeguards against computer security threats include all of the following EXCEPT ______.
A. malware protection
B. passwords
C. Firewalls
D. encryption
E. identification and authorization
B. passwords
Which of the following is FALSE regarding public-key encryption?
A. The sender encrypts the message with the recipient’s public key.
B. The private key is kept secret.
C. The public key is shared using a directory.
D. On receiving the message, the recipient uses the public key to decrypt it.
E. It uses two keys that are mathematically related.
D. On receiving the message, the recipient uses the public key to decrypt it.
Electronic evidence on computer storage media that is not visible to the average user is called ______.
ambient data
Data safeguards include all of the following EXCEPT _____.
A. encryption
B. data rights and responsibilities
C. passwords
D. backup and recovery
E. training
E. training
Which of the following threats is NOT considered a computer crime aimed at unauthorized data disclosure?
A. Hacking
B. Sniffing
C. Procedural mistakes
D. Spoofing
E. Phishing
C. Procedural mistakes
An independent computer program that copies itself from one computer to another over a network is called a _____.
worm
Which act requires financial institutions to ensure the security and confidential of customer data and mandates that data must be stored on a secure medium and protected during storage and transmittal?
Gramm-Leach-Bliley Act
Which of the following is NOT a situation where the computer is used as the instrument of crime?
A. Unauthorized copying of software or copyrighted intellectual property
B. Launching schemes to defraud
C. Accessing a computer system without authority
D. Intentionally attempting to intercept electronic communication
E. Using e-mail for threats or harassment
C. Accessing a computer system without authority
Which of the following is NOT addressed by a business continuity plan?
A. The identification of critical business processes
B. When and how the plan is to be updated and refined
C. Action plans for handling mission-critical functions if systems go down
D. The technical issues involved in keeping systems up and running
E. How the company can restore business operations after a disaster strikes
D. The technical issues involved in keeping systems up and running
Which of the following is NOT a good practice for protecting against security threats?
A. Not using the same password for all your accounts
B. Buying only from online vendors that use https in their transactions
C. Using long and complex passwords
D. Never sending valuable data such as credit number in email or IM
E. Backing up your browsing history, temporary files, and cookies
E. Backing up your browsing history, temporary files, and cookies
Which of the following is FALSE regarding digital certificates?
A. They help a user and a merchant to validate that their digital certificates were issued by an authorized and trusted third party before they exchange data.
B. The recipient decodes the encrypted message by using the CA’s public key.
C. They authenticate that the public key belongs to the designated owner.
D. The CA verifies a digital certificate user’s identity online.
E. They contain the owner’s identification and a copy of the owner’s public key.
D. The CA verifies a digital certificate user’s identity online.
Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is referred to as ______.
social engineering

Need essay sample on "INFO 360 – Chapter 8"? We will write a custom essay sample specifically for you for only .90/page

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
×
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register
Signup & Access Essays

Already on Businessays? Login here

No, thanks. I prefer suffering on my own
Sorry, but copying text is forbidden on this website. If you need this or any other sample register now and get a free access to all papers, carefully proofread and edited by our experts.
Sign in / Sign up
No, thanks. I prefer suffering on my own
Not quite the topic you need?
We would be happy to write it
Join and witness the magic
Service Open At All Times
|
Complete Buyer Protection
|
Plagiarism-Free Writing

Emily from Businessays

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/chNgQy