logo image

IS 300 Chapter 2 Data/ Security

Having one backup of your business data is sufficient for security purposes.
Answer: False
The security of each computer on the Internet is independent of the security of all other computers on the Internet.
Answer: False
The computing skills necessary to be a hacker are decreasing.
Answer: True
Human errors cause more than half of the security-related problems in many organizations.
Answer: True
The higher the level of an employee in organization, the greater the threat that he or she poses to the organization.
Answer: True
Dumpster diving is always illegal because it involves trespassing on private property.
Answer: False
Software can be copyrighted.
Answer: True
Trojan horses are software programs that hide in other computer programs and reveal their designed behavior only when they are activated.
Answer: True
Zero-day attacks use deceptive e-mails to acquire sensitive personal information.
Answer: False
In most cases, cookies track your path through Web sites and are therefore invasions of your privacy.
Answer: True
Cyberterrorism and cyberwarfare can attack supervisory control and data acquisition (SCADA) systems to cause widespread physical damage.
Answer: True
Supervisory control and data acquisition (SCADA) systems require human data input.
Answer: False
Cyberterrorism is usually carried out by nations.
Answer: False
IT security is the responsibility of everyone in the organization.
Answer: True
Risk analysis involves determining whether security programs are working.
Answer: False
A password refers to “something the user is.”
Answer: False
Organizations utilize layers of controls because they face so many diverse threats to information security.
Answer: True
Public-key encryption uses two different keys, one public and one private.
Answer: True
Answer: True
Voice recognition is an example of “something a user does” authentication.
Answer: True
Organizations use authentication to establish privileges to systems operations.
Answer: True
The area located between two firewalls within an organization is called the demilitarized zone.
Answer: True
A VPN is a network within the organization.
Answer: False
A URL that begins with https rather than http indicates that the site transmits using an extra layer of security called transport layer security.
Answer: True
) Which of the following is not a consequence of poor information security practices?

a) Stolen information
b) Stolen identities
c) Financial loss
d) Loss of service
e) All of the above are consequences of poor information security practices.

e) All of the above are consequences of poor information security practices
) In its study of various organizations, the Ponemon Institute found that the most common cause of data breaches was:

a) weak passwords.
b) unattended computers.
c) employee negligence.
d) contract labor, such as consultants.
e) poor antivirus software

c) employee negligence.
Which of the following factors is not increasing the threats to information security?

a) smaller computing devices
b) downstream liability
c) the Internet
d) limited storage capacity on portable devices
e) due diligence

d) limited storage capacity on portable devices
The computing skills necessary to be a hacker are decreasing for which of the following reasons?

a) More information systems and computer science departments are teaching courses on hacking so that their graduates can recognize attacks on information assets.
b) Computer attack programs, called scripts, are available for download from the Internet.
c) International organized crime is training hackers.
d) Cybercrime is much more lucrative than regular white-collar crime.
e) Almost anyone can buy or access a computer today.

b) Computer attack programs, called scripts, are available for download from the Internet.
) Rank the following in terms of dollar value of the crime, from highest to lowest.

a) robbery – white collar crime – cybercrime
b) white collar crime – extortion – robbery
c) cybercrime – white collar crime – robbery
d) cybercrime – robbery – white collar crime
e) white collar crime – burglary – robbery

c) cybercrime – white collar crime – robbery
A _____ is any danger to which an information resource may be exposed.

a) vulnerability
b) risk
c) control
d) threat
e) compromise

d) threat
An information system’s _____ is the possibility that the system will be harmed by a threat.

a) vulnerability
b) risk
c) control
d) danger
e) compromise

a) vulnerability
The most overlooked people in information security are:

a) consultants and temporary hires.
b) secretaries and consultants.
c) contract laborers and executive assistants.
d) janitors and guards.
e) executives and executive secretaries.

d) janitors and guards.
Employees in which functional areas of the organization pose particularly grave threats to information security?

a) human resources, finance
b) human resources, management information systems
c) finance, marketing
d) operations management, management information systems
e) finance, management information systems

b) human resources, management information systems
Unintentional threats to information systems include all of the following except:

a) malicious software
b) tailgating
c) power outage
d) lack of user experience
e) tornados

a) malicious software
_____ involves building an inappropriate trust relationship with employees for the purpose of gaining sensitive information or unauthorized access privileges.

a) Tailgating
b) Hacking
c) Spoofing
d) Social engineering
e) Spamming

d) Social engineering
The cost of a stolen laptop includes all of the following except:

a) Loss of intellectual property
b) Loss of data
c) Backup costs
d) Loss of productivity
e) Replacement cost

c) Backup costs
Dumpster diving is:

a) always illegal because it is considered trespassing.
b) never illegal because it is not considered trespassing.
c) typically committed for the purpose of identity theft.
d) always illegal because individuals own the material in the dumpster.
e) always legal because the dumpster is not owned by private citizens

c) typically committed for the purpose of identity theft.
Cybercriminals can obtain the information they need in order to assume another person’s identity by:

a) Infiltrating an organization that stores large amounts of personal information.
b) Phishing.
c) Hacking into a corporate database.
d) Stealing mail.
e) All of the above are strategies to obtain information to assume another person’s identity.

e) All of the above are strategies to obtain information to assume another person’s identity.
A _____ is intellectual work that is known only to a company and is not based on public information.

a) copyright
b) patent
c) trade secret
d) knowledge base
e) private property

c) trade secret
A pharmaceutical company’s research and development plan for a new class of drugs would be best described as which of the following?

a) Copyrighted material
b) Patented material
c) A trade secret
d) A knowledge base
e) Public property

c) A trade secret
A _____ is a document that grants the holder exclusive rights on an invention for 20 years.

a) copyright
b) patent
c) trade secret
d) knowledge base
e) private property notice

b) patent
An organization’s e-mail policy has the least impact on which of the following software attacks?

a) virus
b) worm
c) phishing
e) zero-day
e) spear phishing

e) zero-day
_____ are segments of computer code that attach to existing computer programs and perform malicious acts.

a) Viruses
b) Worms
c) Trojan horses
d) Back doors
e) Logic bombs

a) Viruses
_____ are software programs that hide in other computer programs and reveal their designed behavior only when they are activated.

a) Viruses
b) Worms
c) Trojan horses
d) Back doors
e) Logic bombs

e) Logic bombs
_____ are segments of computer code embedded within an organization’s existing computer programs that activate and perform a destructive action at a certain time or date.

a) Viruses
b) Worms
c) Trojan horses
d) Back doors
e) Logic bombs

e) Logic bombs
A _____ attack uses deception to fraudulently acquire sensitive personal information by masquerading as an official e-mail.

a) Zero-day
b) Denial-of-service
c) Distributed denial-of-service
d) Phishing
e) Brute force dictionary

d) Phishing
In a _____ attack, a coordinated stream of requests is launched against a target system from many compromised computers at the same time.

a) phishing
b) zero-day
c) worm
d) back door
e) distributed denial-of-service

e) distributed denial-of-service
The term _____ refers to clandestine software that is installed on your PC through duplicitous channels but is not particularly malicious.

a) Alien software
b) Virus
c) Worm
d) Back door
e) Logic bomb

a) Alien software
Which of the following is(are) designed to use your computer as a launch pad for sending unsolicited e-mail to other computers?

a) Spyware
b) Spamware
c) Adware
d) Viruses
e) Worms

b) Spamware
When companies attempt to counter _____ by requiring users to accurately select characters in turn from a series of boxes, attackers respond by using _____.

a) keyloggers, screen scrapers
b) screen scrapers, uninstallers
c) keyloggers, spam
d) screen scrapers, keyloggers
e) spam, keyloggers

a) keyloggers, screen scrapers
_____ is the process in which an organization assesses the value of each asset being protected, estimates the probability that it will be compromised, and compares the probable costs of an attack with the costs of protecting the asset.
a) Risk management
b) Risk analysis
c) Risk mitigation
d) Risk acceptance
e) Risk transference
b) Risk analysis
Which of the following statements is false?

a) Credit card companies usually block stolen credit cards rather than prosecute.
b) People tend to shortcut security procedures because the procedures are inconvenient.
c) It is easy to assess the value of a hypothetical attack.
d) The online commerce industry isn’t willing to install safeguards on credit card transactions.
e) The cost of preventing computer crimes can be very high.

c) It is easy to assess the value of a hypothetical attack
In _____, the organization takes concrete actions against risks.

a) risk management
b) risk analysis
c) risk mitigation
d) risk acceptance
e) risk transference

c) risk mitigation
Which of the following is not a strategy for mitigating the risk of threats against information?

a) Continue operating with no controls and absorb any damages that occur
b) Transfer the risk by purchasing insurance.
c) Implement controls that minimize the impact of the threat
d) Install controls that block the risk.
e) All of the above are strategies for mitigating risk.

e) All of the above are strategies for mitigating risk.
In _____, the organization purchases insurance as a means to compensate for any loss.

a) risk management
b) risk analysis
c) risk mitigation
d) risk acceptance
e) risk transference

e) risk transference
Which of the following statements concerning the difficulties in protecting information resources is not correct?

a) Computing resources are typically decentralized.
b) Computer crimes often remain undetected for a long period of time.
c) Rapid technological changes ensure that controls are effective for years.
d) Employees typically do not follow security procedures when the procedures are inconvenient.
e) Computer networks can be located outside the organization.

c) Rapid technological changes ensure that controls are effective for years.
_____ controls are concerned with user identification, and they restrict unauthorized individuals from using information resources.

a) Access
b) Physical
c) Data security
d) Administrative
e) Input

a) Access
Access controls involve _____ before _____.

a) biometrics, signature recognition
b) authentication, authorization
c) iris scanning, voice recognition
d) strong passwords, biometrics
e) authorization, authentication

b) authentication, authorization
Biometrics are an example of:

a) something the user is.
b) something the user wants.
c) something the user has.
d) something the user knows

a) something the user is.
Voice and signature recognition are examples of:

a) something the user is.
b) something the user wants.
c) something the user has.
d) something the user knows.
e) something the user does

e) something the user does
Passwords and passphrases are examples of:

a) something the user is.
b) something the user wants.
c) something the user has.
d) something the user knows.
e) something the user does.

e) something the user does.
Which of the following is not a characteristic of strong passwords?

a) They are difficult to guess.
b) They contain special characters.
c) They are not a recognizable word.
d) They are not a recognizable string of numbers
e) They tend to be short so they are easy to remember

e) They tend to be short so they are easy to remember
Which of the following is not an example of a weak password?

a) IloveIT
b) 08141990
c) 9AmGt/*
d) Rainer
e) InformationSecurity

c) 9AmGt/*
Bob is using public key encryption to send a message to Ted. Bob encrypts the message with Ted’s _____ key, and Ted decrypts the message using his _____ key.

a) public, public
b) public, private
c) private, private
d) private, public
e) none of these

b) public, private
Which of the following statements concerning firewalls is not true?

a) Firewalls prevent unauthorized Internet users from accessing private networks.
b) Firewalls examine every message that enters or leaves an organization’s network.
c) Firewalls filter network traffic according to categories of activities that are likely to cause problems.
d) Firewalls filter messages the same way as anti-malware systems do.
e) Firewalls are sometimes located inside an organization’s private network.

d) Firewalls filter messages the same way as anti-malware systems do.
In a process called _____, a company allows nothing to run unless it is approved, whereas in a process called _____, the company allows everything to run unless it is not approved.

a) whitelisting, blacklisting
b) whitelisting, encryption
c) encryption, whitelisting
d) encryption, blacklisting
e) blacklisting, whitelisting

a) whitelisting, blacklisting
Organizations use hot sites, warm sites, and cold sites to insure business continuity. Which of the following statements is not true?

a) A cold site has no equipment.
b) A warm site has no user workstations.
c) A hot site needs to be located close to the organization’s offices.
d) A hot site duplicates all of the organization’s resources.
e) A warm site does not include actual applications.

c) A hot site needs to be located close to the organization’s offices.
Refer to IT’s About Business 4.2 – Virus Attack Hits the University of Exeter. Which of the following statements about the virus attack is true?

a) The attack was confined to the Exeter campus.
b) Telephone service was not disrupted.
c) It took three days to clean infected computers and bring the network back into operation.
d) Only the PCs owned by the University had to be scanned.
e) The attack did not affect the professors’ ability to run their classes.

c) It took three days to clean infected computers and bring the network back into operation.
Refer to IT’s About Business 4.3 – The Stuxnet Worm: Which of the following statements is true?

a) The worm targeted large data warehouses.
b) The worm was fairly simplistic.
c) The worm spread from Iran to other countries.
d) The worm probably only took a month to build.
e) The worm specifically targeted nuclear facilities

e) The worm specifically targeted nuclear facilities
Refer to IT’s About Business 4.4 – Information Security at City National Bank and Trust: Using the M86 Security software allowed City National Bank and Trust to do all of the following except:

a) Apply policy-based standards for e-mail.
b) Comply with Sarbanes-Oxley.
c) Categorize Web sites and block questionable ones.
d) Provide all employees with secure access to external e-mail.
e) Prevent employees from downloading potentially dangerous files.

d) Provide all employees with secure access to external e-mail.
Refer to Opening Case – Cybercriminals Use Social Networks for Targeted Attacks: Cybercriminals use Facebook for all of the following reasons except:

a) It is easy to get into the Facebook code itself.
b) People trust messages from their Facebook friends.
c) Social networks aren’t closely regulated in corporate network defense systems.
d) Many social network users aren’t technology savvy and wouldn’t realize their computer is under the control of outsiders.
e) There is a black market for Facebook usernames and passwords

a) It is easy to get into the Facebook code itself.
Your company’s headquarters was just hit head on by a hurricane, and the building has lost power. The company sends you to their hot site to minimize downtime from the disaster. Which of the following statements is true?

a) The site will not have any servers.
b) The site will not have any workstations, so you need to bring your laptop.
c) The site is probably in the next town.
d) The site should be an almost exact replica of the IT configuration at headquarters.
e) The site will not have up-to-date data.

d) The site should be an almost exact replica of the IT configuration at headquarters.
You receive an e-mail from your bank informing you that they are updating their records and need your password. Which of the following statements is true?

a) The message could be an industrial espionage attack.
b) The message could be a phishing attack.
c) The message could be a denial of service attack.
d) The message could be a back door attack.
e) The message could be a Trojan horse attack.

b) The message could be a phishing attack.
You start a new job, and the first thing your new company wants you to do is create a user ID and a password. Which of the following would be a strong password?

a) The name of the company
b) Your last name
c) Your birthdate
d) Your initials (capitalized) and the number of the floor you are on
e) The name of the company spelled backward

e) The name of the company spelled backward
You start a new job, and human resources gives you a ten-page document that outlines the employee responsibilities for information security. Which of the following statements is most likely to be true?

a) The document recommends that login passwords be left on a piece of paper in the center desk drawer so that others can use the laptop if necessary.
b) You are expected to read the document, and you could be reprimanded if you don’t follow its guidelines.
c) You can back up sensitive data to a thumb drive so you can take them home to work with.
d) The document indicates that you can leave your laptop unlocked if you leave your desk for less than an hour.
e) The document permits you to lend your laptop to your brother for the weekend.

b) You are expected to read the document, and you could be reprimanded if you don’t follow its guidelines.

Need essay sample on "IS 300 Chapter 2 Data/ Security"? We will write a custom essay sample specifically for you for only $ 13.90/page

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
×
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register

Already on Businessays? Login here

No, thanks. I prefer suffering on my own
Sorry, but copying text is forbidden on this website. If you need this or any other sample register now and get a free access to all papers, carefully proofread and edited by our experts.
Sign in / Sign up
No, thanks. I prefer suffering on my own
Not quite the topic you need?
We would be happy to write it
Join and witness the magic
Service Open At All Times
|
Complete Buyer Protection
|
Plagiarism-Free Writing

Emily from Businessays

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/chNgQy

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy