logo image

IST 202 Chapter 10 Practice Questions

1) Which of the following is the most complete definition of a computer crime?
A) the act of using a computer to commit an illegal act
B) the act of using someone’s computer to browse the Internet
C) the act of using someone’s computer to check e-mail
D) the act of stealing a computer and related hardware
E) the act of giving personal information to Web sites when shopping
A) the act of using a computer to commit an illegal act

Page Ref: 395

2) Those individuals who are knowledgeable enough to gain access to computer systems without authorization have long been referred to as ________.
A) hackers
B) bots
C) online predators
D) worms
E) power users
A) hackers

Page Ref: 396

3) Which of the following is one of the main federal laws in the United States against computer crimes?
A) Satellite Act of 1962
B) Trade Expansions Act of 1962
C) United States Information and Educational Exchange Act
D) Central Intelligence Agency Act
E) Electronic Communications Privacy Act of 1986
E) Electronic Communications Privacy Act of 1986

Page Ref: 409

4) The Computer Fraud and Abuse Act of 1986 prohibits ________.
A) accessing company intranet and confidential information from public computers
B) stealing or compromising data about national defense, foreign relations, atomic energy, or other restricted information
C) the use of external devices to provide access and information to companies’ confidential information
D) contracting with consultants outside the United States to process information
E) access to company extranets when outsourcing work to clients overseas
B) stealing or compromising data about national defense, foreign relations, atomic energy, or other restricted information

Page Ref: 409

5) Which of the following US laws amended the Computer Fraud and Abuse Act to allow investigators access to voice-related communications?
A) the Non-detention Act
B) the Espionage Act
C) the Patriot Act
D) the Video Privacy Protection Act
E) the Clery Act
C) the Patriot Act

Page Ref: 409

6) Violating data belonging to banks or other financial institutions is a crime in the United States. Which of the following legislations prohibit such violations?
A) the Foreign Intelligence Surveillance Act
B) the Computer Fraud and Abuse Act
C) the Patriot Act
D) the Banking Rights and Privacy Act
E) the Electronic Communications Privacy Act
B) the Computer Fraud and Abuse Act

Page Ref: 409

7) Some violations of state and federal computer crime laws are punishable by fines and by not more than one year in prison. Such violations are charged as ________.
A) misdemeanors
B) felonies
C) embezzlements
D) indictments
E) larcenies
A) misdemeanors

Page Ref: 409

8) Computer criminals who attempt to break into systems or deface Web sites to promote political or ideological goals are called ________.
A) hacktivists
B) crackers
C) social promoters
D) internet activists
E) online predators
A) hacktivists

Page: 396

9) Today, people who break into computer systems with the intention of doing damage or committing a crime are usually called ________.
A) bots
B) white hats
C) worms
D) cyber spies
E) crackers
E) crackers

Page: 396

10) WikiLeaks is a famous not-for-profit whistleblower Web site. MasterCard and Visa stopped payments to WikiLeaks after a series of leaks by the site. An anonymous group attacked the Web sites of both MasterCard and Visa reacting to this. These Web vandals, who tried to protect WikiLeaks, can be called ________.
A) hacktivists
B) bots
C) ethical hackers
D) patriot hackers
E) cyber soldiers
A) hacktivists

Page: 396

11) Employees steal time on company computers to do personal business. This can be considered as an example of ________.
A) unauthorized access
B) hacking
C) Web vandalism
D) cyberstalking
E) embezzlement
A) unauthorized access

Page: 398

12) In May 2001, an e-mail with “This is unbelievable!” in the subject field and an attached file spread to numerous computers in the world. Any user who downloaded the attached file complained of his or her systems slowing down and in some cases, files being erased. The attached file is most likely to be ________.
A) adware
B) spyware
C) a virus
D) spam
E) a logic bomb
C) a virus

Page: 400

13) ________ targeted at networks, is designed to spread by itself, without the need for an infected host file to be shared.
A) Adware
B) Spyware
C) A worm
D) Spam
E) A logic bomb
C) A worm

Page: 400

14) Ronald downloads a movie from the Internet onto his company’s computer. During this process, his system gets affected by a virus. The virus spreads rapidly in the company’s network and causes the server to crash. This type of virus is most likely to be ________.
A) adware
B) phishing mail
C) spam
D) a worm
E) a Trojan horse
D) a worm

Page:400

15) While Shelly downloaded an arcade game from an unknown Internet Web site, an unauthorized connection unknown to Shelly had been established with her computer. The arcade game is most likely to be ________.
A) spyware
B) a worm
C) adware
D) a Trojan horse
E) encryption
D) a Trojan horse

Page:400

16) While adding information to the employee information database, Neil’s computer crashed and the entire database on his computer was erased along with it. Which of the following types of virus would have caused Neil’s computer to crash?
A) spyware
B) worm
C) adware
D) logic bomb
E) encryption
D) logic bomb

Page: 401

17) Computers that are located in homes, schools, and businesses are infected with viruses or worms to create armies of zombie computers to execute ________ attacks.
A) phishing
B) malware
C) adware
D) denial-of-service
E) encryption
D) denial-of-service

Page: 401

18) The official Web site of the Iranian government was made unreachable by foreign activists seeking to help the opposition parties during the 2009 Iranian election protests. Web sites belonging to many Iranian news agencies were also made unreachable by the activists. This cyber protest is an example of a(n) ________ attack.
A) denial-of-service
B) logic bomb
C) Trojan horse
D) online predator
E) bot herder
A) denial-of-service

Page: 401

19) ________ refers to any software that covertly gathers information about a user through an Internet connection without the user’s knowledge.
A) Spyware
B) Spam
C) Web filter
D) Cookie
E) Bot herder
A) Spyware

Page: 402

20) Which of the following terms represents junk newsgroup postings used for the purpose of advertising for some product or service?
A) spam
B) adware
C) cookie
D) bot herder
E) Web filter
A) spam

Page: 402

21) Robert receives an e-mail which says he has won an online lottery worth $50 billion. Robert had his doubts as he did not remember entering or buying any lottery ticket. It was a spam e-mail intended to obtain the bank account details and the credit card number of Robert. Which of the following is evident here?
A) logic bomb
B) hacktivism
C) phishing
D) tunneling
E) cyberterrorism
C) phishing

Page: 403

22) ________ is an attempt to trick financial account and credit card holders into giving away their authentication information, usually by sending spam messages to literally millions of e-mail accounts.
A) Phishing
B) Cyber tunneling
C) Viral marketing
D) Logic bombing
E) Hacking
A) Phishing

Page: 403

23) ________ is a more sophisticated fraudulent e-mail attack that targets a specific person or organization by personalizing the message in order to make the message appear as if it is from a trusted source such as an individual within the recipient’s company, a government entity, or a well-known company.
A) Spear phishing
B) Cyber tunneling
C) Viral marketing
D) Logic bombing
E) Hacking
A) Spear phishing

Page: 403

24) Which of the following is a message passed to a Web browser on a user’s computer by a Web server?
A) cookie
B) botnet
C) honeypot
D) phish
E) spam
A) cookie

Page: 404

25) When using Yahoo Messenger, you get an unsolicited advertisement from a company. This advertisement contains a link to connect to the merchant’s Web site. Which of the following is the best way of classifying this advertisement?
A) adware
B) cookie
C) Internet hoax
D) spim
E) cyber squatting
D) spim

Page: 403

26) A(n) ________ typically consists of a distorted image displaying a combination of letters and/or numbers that a user has to input into a form before submitting it.
A) ASCII
B) CTAN
C) ENGO
D) CAPTCHA
E) WYSIWYG
D) CAPTCHA

Page: 403-404

27) Which of the following is the most accurate definition of a botnet?
A) fraudulent e-mail attack that targets a specific person or organization by personalizing the message
B) spider software used by a search algorithm to crawl various Web sites to return a query
C) small text file passed to a Web browser on a user’s computer by a Web server
D) common platform used by search engines to index the contents of a Web site
E) destructive software robots, working together on a collection of zombie computers via the Internet
E) destructive software robots, working together on a collection of zombie computers via the Internet

Page:405

28) ________ is the stealing of another person’s Social Security number, credit card number, and other personal information for the purpose of using the victim’s credit rating to borrow money, buy merchandise, and otherwise run up debts that are never repaid.
A) Logic bombing
B) Battery
C) Spear phishing
D) Bot herding
E) Identity theft
E) Identity theft

Page:405

29) A hacker takes an individual’s Social Security number, credit card number, and other personal information for the purpose of using the victim’s credit rating to run up debts that are never repaid. This practice is called ________.
A) identity theft
B) cyberstalking
C) cyberbullying
D) bot herding
E) viral marketing
A) identity theft

Page: 405

30) ________ are false messages often circulated online about new viruses, earthquakes, kids in trouble, cancer causes, or any other topic of public interest.
A) Internet hoaxes
B) Honeypots
C) Cookies
D) Logic bombs
E) Malware
A) Internet hoaxes

Page: 406

31) ________ is the dubious practice of registering a domain name and then trying to sell the name for big bucks to the person, company, or organization most likely to want it.
A) Cybersquatting
B) Bot herding
C) Spear phishing
D) Logic bombing
E) Hacktivism
A) Cybersquatting

Page: 406

32) Arbitron consultants, a leading software consulting firm in the United States, decides to launch an ERP solution. The company chooses the brand name ArbitEnterprise for the new solution. However, when the company attempts to register the domain name, it finds that the domain name is already registered to an unknown firm. The small firm is now attempting to sell the domain name to Arbitron. Which of the following terms refers to this practice of buying a domain name only to sell it for big bucks?
A) cybersquatting
B) logic bombing
C) cyberbullying
D) bot herding
E) cyberstalking
A) cybersquatting

Page: 406

33) ________ broadly refers to the use of a computer to communicate obscene, vulgar, or threatening content that causes a reasonable person to endure distress.
A) Cyberharassment
B) Viral marketing
C) Hacktivism
D) Bot herding
E) Spam filtering
A) Cyberharassment

Page: 406

34) Cyber criminals gain information on a victim by monitoring online activities, accessing databases, and so on and make false accusations that damage the reputation of the victim on blogs, Web sites, chat rooms, or e-commerce sites. Such acts are called ________.
A) bot herding
B) cyberstalking
C) spam filtering
D) viral marketing
E) spear phishing
B) cyberstalking

Page: 406

35) ________ refers to offering stolen proprietary software for free over the Internet.
A) Bot herding
B) Warez peddling
C) Spam filtering
D) Viral marketing
E) Spear phishing
B) Warez peddling

Page: 407

36) Which of the following can typically be filed for a patent?
A) material inventions
B) software
C) music
D) literature
E) art
A) material inventions

Page: 407

37) Which of the following can typically be filed for a copyright?
A) iPhone
B) music by the Beatles
C) Amazon’s one-click buying
D) Google Nexus phone
E) iPad
B) music by the Beatles

Page: 407

38) ________ refers to an organized attempt by a country’s military to disrupt or destroy the information and communication systems of another country.
A) Cyberwar
B) Internet hoaxing
C) Cybersquatting
D) Web vandalism
E) Logic bombing
A) Cyberwar

Page: 411

39) Independent citizens or supporters of a country that perpetrate attacks on perceived or real enemies are called ________.
A) patriot hackers
B) bot herders
C) online predators
D) hacktivists
E) ethical hackers
A) patriot hackers

Page: 412

40) ________ is the use of computer and networking technologies, by individuals and organized groups, against persons or property to intimidate or coerce governments, civilians, or any segment of society in order to attain political, religious, or ideological goals.
A) Cyberterrorism
B) Web vandalism
C) Cyberwar
D) Patriot hacking
E) Cyberbullying
A) Cyberterrorism

Page: 412

41) A mass cyber attack occurred in a country when it took severe actions against a group of citizens who protested against the country’s religious policies. The attack involved a denial-of-service in which selected sites were bombarded with traffic to force them offline. This is an example of ________.
A) cyberterrorism
B) logic bombing
C) hot backing up
D) cyberbullying
E) cybersquatting
A) cyberterrorism

Page: 412

42) ________ by terrorists refers to the use of the vast amount of information available on the Internet regarding virtually any topic for planning, recruitment, and numerous other endeavors.
A) Data mining
B) Information dissemination
C) Location monitoring
D) Information sharing
E) Cybersquatting
A) Data mining

Page: 413

43) ________ refers to precautions taken to keep all aspects of information systems safe from destruction, manipulation, or unauthorized use or access.
A) Information systems security
B) Information systems resources
C) Information systems planning
D) Information systems audit
E) Information systems distribution
A) Information systems security

Page: 416

44) ________ is a process in which you assess the value of the assets being protected, determine their probability of being compromised, and compare the probable costs of their being compromised with the estimated costs of whatever protections you might have to take.
A) Risk analysis
B) Information systems audit
C) Disintermediation
D) Operational analysis
E) Data mining
A) Risk analysis

Page:417

45) An organization takes active countermeasures to protect its systems, such as installing firewalls. This approach is known as ________.
A) risk reduction
B) risk acceptance
C) risk rescheduling
D) risk transference
E) risk elimination
A) risk reduction

Page:417

46) An organization does not implement countermeasures against information threats; instead it simply absorbs the damages that occur. This approach is called ________.
A) risk acceptance
B) risk reduction
C) risk mitigation
D) risk transference
E) risk rescheduling
A) risk acceptance

Page: 417

47) Ciscon Telecom is a mobile operator in the European Union. The company provides personalized services to its customers and its databases contain valuable information about its customers. The loss of customer information which is used to decide services would be extremely harmful to the organization. Which of the following strategies used by Ciscon is an example of risk transference?
A) The company insures any possible data loss for a large sum.
B) The company forms a special team of top executives to monitor and correct the information policies.
C) It installs a corporate firewall to protect unauthorized access to information.
D) It enforces a strict employee data policy and prohibits employees from unauthorized access.
E) The company decides to absorb any damages that might occur.
A) The company insures any possible data loss for a large sum.

Page: 417

48) RBS Publishing is a leading media company in France. The company handles sensitive information and often finds it susceptible to information threats. As a counter measure the company installs strong firewalls and protective software. These steps are a part of a ________ strategy.
A) risk acceptance
B) risk reduction
C) risk mitigation
D) risk transference
E) risk rescheduling
B) risk reduction

Page: 417

49) With ________, employees may be identified by fingerprints, retinal patterns in the eye, facial features, or other bodily characteristics before being granted access to use a computer or to enter a facility.
A) CAPTCHAs
B) biometrics
C) passwords
D) access-control software
E) smart cards
B) biometrics

Page: 419

50) Your company uses a fingerprint recognition system instead of an access card. This helps the company prevent unauthorized physical access. Which of the following technologies is used for authentication here?
A) biometrics
B) passwords
C) smart cards
D) access-control software
E) encryption
A) biometrics

Page:419

51) In ________, an attacker accesses the network, intercepts data from it, and even uses network services and/or sends attack instructions to it without having to enter the home, office, or organization that owns the network.
A) drive-by hacking
B) hacktivism
C) viral marketing
D) cybersquatting
E) denial-of-service
A) drive-by hacking

Page:420

52) A(n) ________ is a network connection that is constructed dynamically within an existing network in order to connect users or nodes.
A) virtual private network
B) ambient network
C) cognitive network
D) collaborative service network
E) internetwork
A) virtual private network

Page:420

53) Albitrex Systems is an Asian software consulting firm which develops solutions for companies in the United States and Europe. The company is heavily dependent on the Internet for transporting data. The company wants to ensure that only authorized users access the data and that the data cannot be intercepted and compromised. Which of the following would be most helpful to the company in achieving this goal?
A) spam filtering
B) hot backing up
C) tunneling
D) open transmitting
E) cloud storage
C) tunneling

Page: 420-421

54) Which of the following is a part of a computer system designed to detect intrusion and prevent unauthorized access to or from a private network?
A) firewall
B) cookie
C) botnet
D) honeypot
E) spam filter
A) firewall

Page:421

55) Which of the following is a valid observation about encryption?
A) Encrypted messages cannot be deciphered without the decoding key.
B) Encryption is used for data enhancement rather than data protection.
C) Encryption is performed only after the messages enter the network.
D) The encryption approach is not dependent on the type of data transmission.
E) Encryption implementation is an expensive process and needs an authentication from a relevant authority.
A) Encrypted messages cannot be deciphered without the decoding key.

Page:422

56) Implementing encryption on a large scale, such as on a busy Web site, requires a third party, called a(n) ________.
A) certificate authority
B) virtual private network
C) arbitrative authority
D) control center
E) buying center
A) certificate authority

Page: 422

57) ________ software is used to keep track of computer activity so that inspectors can spot suspicious activity and take action.
A) Access-control
B) Firewall
C) Audit-control
D) Denial-of-service
E) Risk analysis
C) Audit-control

Page: 422

58) A ________ is nothing more than an empty warehouse with all necessary connections for power and communication but nothing else.
A) cold backup site
B) buying center
C) botnet
D) firewall
E) collocation facility
A) cold backup site

Page: 424

59) An organization builds a fully equipped backup facility, having everything from office chairs to a one-to-one replication of the most current data. This facility is called a ________.
A) buying center
B) firewall
C) hot backup site
D) botnet
E) collocation facility
C) hot backup site

Page: 424

60) Some data centers rent server space to multiple customers and provide necessary infrastructure in terms of power, backups, connectivity, and security. Such data centers are called ________.
A) collocation facilities
B) hot backup sites
C) virtual private networks
D) offshore networks
E) control centers
A) collocation facilities

Page: 425

61) ________ is the use of formal investigative techniques to evaluate digital information for judicial review.
A) Computer forensics
B) Flaming
C) Hacktivism
D) Certificate authority
E) Encryption
A) Computer forensics

Page: 426

62) Which of the following terms refers to a computer, data, or network site that is designed to be enticing to crackers so as to detect, deflect, or counteract illegal activity?
A) honeypot
B) firewall
C) bot herder
D) botnet
E) zombie computer
A) honeypot

Page:426

63) Identify the policy that lists procedures for adding new users to systems and removing users who have left the organization.
A) information policy
B) use policy
C) incident handling procedures
D) disaster recovery plan
E) account management policy
E) account management policy

Page: 429

64) Which of the following types of plans describes how a business resumes operation after a disaster?
A) business continuity plan
B) internal operations plan
C) collocation facilities plan
D) emergency operation plan
E) virtual private network plan
A) business continuity plan

Page: 429

65) Recovery point objectives of a recovery plan specify ________.
A) the maximum time allowed to recover from a catastrophic event
B) data structures and patterns of the data
C) the minimum time after which response should be allowed in a catastrophic event
D) how current the backup data should be
E) the capacity of a backup server in storing the necessary data
D) how current the backup data should be

Page: 430

66) Controls that are used to assess whether anything went wrong, such as unauthorized access attempts, are called ________ controls.
A) detective
B) preventive
C) corrective
D) adaptive
E) protective
A) detective

Page: 432

67) Organizations periodically have an external entity review the controls so as to uncover any potential problems in the controls. This process is called ________.
A) information systems audit
B) risk analysis
C) information modification
D) recovery plan objective analysis
E) business continuity plan
A) information systems audit

Page: 432

68) Which of the following laws makes it mandatory for organizations to demonstrate that there are controls in place to prevent misuse or fraud, controls to detect any potential problems, and effective measures to correct any problems?
A) Sarbanes-Oxley Act
B) Trade Expansions Act of 1962
C) Electronic Communications Privacy Act of 1986
D) Central Intelligence Agency Act
E) USA Patriot Act
A) Sarbanes-Oxley Act

Page: 434

69) The ________ is a set of best practices that helps organizations both maximize the benefits from their IS infrastructure and establish appropriate controls.
A) Sarbanes-Oxley Act of 2002 (S-OX)
B) Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA)
C) Electronic Communications Privacy Act of 1986
D) Control objectives for information and related technology (COBIT)
E) USA Patriot Act
D) Control objectives for information and related technology (COBIT)

Page: 434

70) Computer crime is defined as the act of using a computer to commit an illegal act.
Answer: TRUE
Page Ref: 395
71) Employees steal time on company computers to do personal business. This is a form of unauthorized access.
Answer: TRUE
Page Ref: 398
72) Logic bombs are variations of Trojan horses that can reproduce themselves to disrupt the normal functioning of a computer.
Answer: FALSE
Page Ref: 401
73) Spyware is electronic junk mail or junk newsgroup postings, posted usually for the purpose of advertising some product and/or service.
Answer: FALSE
Page Ref: 402
74) Spam filters are used to reduce the amount of spam processed by central e-mail servers.
Answer: TRUE
Page Ref: 402
75) A cookie is a message passed to a Web browser on a user’s computer by a Web server.
Answer: TRUE
Page Ref: 404
76) An Internet hoax is a false message circulated online about new viruses.
Answer: TRUE
Page Ref: 406
77) Making false accusations that damage the reputation of the victim on blogs, Web sites, chat rooms, or e-commerce sites is a form of cyberstalking.
Answer: TRUE
Page Ref: 406
78) Patents generally refer to creations of the mind such as music, literature, or software.
Answer: FALSE
Page Ref: 407
79) Cyberwar refers to an organized attempt by a country’s military to disrupt or destroy the information and communication systems of another country.
Answer: TRUE
Page Ref: 411
80) Patriot hackers are independent citizens or supporters of a country that perpetrate attacks on perceived or real enemies.
Answer: TRUE
Page Ref: 412
81) Data mining refers to the use of Web sites to disseminate propaganda to current and potential supporters, to influence international public opinion, and to notify potential enemies of pending plans.
Answer: FALSE
Page Ref: 413
82) Insuring all the systems and information processing processes is an essential part of risk acceptance strategy
Answer: FALSE
Page Ref: 417
83) A virtual private network is a network connection that is constructed dynamically within an existing network.
Answer: TRUE
Page Ref: 420
84) A firewall is a part of a computer system designed to detect intrusion and prevent unauthorized access to or from a private network.
Answer: TRUE
Page Ref: 421
85) A hot backup site is an empty warehouse with all necessary connections for power and communication.
Answer: FALSE
Page Ref: 424
86) Redundant data centers can be used to secure the facilities infrastructure of organizations.
Answer: TRUE
Page Ref: 424
87) A honeypot is a computer, data, or network site that is used to penetrate other networks and computer systems to snoop or to cause damage.
Answer: FALSE
Page Ref: 426
88) An account management policy explains technical controls on all organizational computer systems, such as access limitations, audit-control software, firewalls, and so on.
Answer: FALSE
Page Ref: 428
89) Recovery point objectives are used to specify how current the backup data should be.
Answer: TRUE
Page Ref: 430
90) Detective controls are used to prevent any potentially negative event from occurring, such as preventing outside intruders from accessing a facility.
Answer: FALSE
Page Ref: 432
91) COBIT is a set of best practices that helps organizations maximize the benefits from their IS infrastructure and establish appropriate controls.
Answer: TRUE
Page Ref: 434
92) What is computer crime? Explain your answer.
Answer: Computer crime is defined as the act of using a computer to commit an illegal act. This broad definition of computer crime can include the following:
1. Targeting a computer while committing an offense. For example, someone gains unauthorized entry to a computer system in order to cause damage to the computer system or to the data it contains.
2. Using a computer to commit an offense. In such cases, computer criminals may steal credit card numbers from Web sites or a company’s database, skim money from bank accounts, or make unauthorized electronic fund transfers from financial institutions.
3. Using computers to support a criminal activity despite the fact that computers are not actually targeted. For example, drug dealers and other professional criminals may use computers to store records of their illegal transactions.
Page Ref: 395
93) What is unauthorized access? Provide a few examples of unauthorized access.
Answer: Unauthorized access occurs whenever people who are not authorized to see, manipulate, or otherwise handle information look through electronically stored information files for interesting or useful data, peek at monitors displaying proprietary or confidential information, or intercept electronic information on the way to its destination. The following are a few additional examples from recent media reports:
1. Employees steal time on company computers to do personal business.
2. Intruders break into government Web sites and change the information displayed.
3. Thieves steal credit card numbers and Social Security numbers from electronic databases, and then use the stolen information to charge thousands of dollars in merchandise to victims.
4. An employee at a Swiss bank steals data that could possibly help to charge the bank’s customers for tax evasion, hoping to sell this data to other countries’ governments for hefty sums of money.
Page Ref: 398
94) Compare and contrast computer viruses and a Trojan horse.
Answer: A virus is a destructive program that disrupts the normal functioning of computer systems. Viruses differ from other types of malicious code in that they can reproduce themselves. Some viruses are intended to be harmless pranks, but more often they do damage to a computer system by erasing files on the hard drive or by slowing computer processing or otherwise compromising the system.
Unlike viruses, the Trojan horses do not replicate themselves, but, like viruses, can do much damage. When a Trojan horse is planted in a computer, its instructions remain hidden. The computer appears to function normally, but in fact it is performing underlying functions dictated by the intrusive code.
Page Ref: 400
95) What are cookies? Do they pose a threat to users?
Answer: A cookie is a message passed to a Web browser on a user’s computer by a Web server. The browser then stores the message in a text file, and the message is sent back to the server each time the user’s browser requests a page from that server.

Cookies are normally used for legitimate purposes, such as identifying a user in order to present a customized Web page or for authentication purposes. Although you can choose to not accept the storage of cookies, you may not be able to visit the site, or it may not function properly. In such cases, cookies may contain sensitive information (such as credit card numbers) and thus pose a security risk in case unauthorized persons gain access to the computer.
Page Ref: 404

96) Briefly explain cyberstalking and cybersquatting.
Answer: Cybersquatting refers to the dubious practice of registering a domain name and then trying to sell the name for big bucks to the person, company, or organization most likely to want it. Domain names are one of the few scarce resources on the Internet and cybersquatting makes use of it.
Cyberharassment refers to the use of computer to communicate obscene, vulgar, or threatening content that causes a reasonable person to endure distress. Repeated contacts with a victim are referred to as cyberstalking. It includes making false accusations, gaining information on a victim by monitoring online activities, encouraging others to harass a victim, and so forth.
Page Ref: 406
97) Briefly explain cyberwar and cyberterrorism.
Answer: Cyberwar refers to an organized attempt by a country’s military to disrupt or destroy the information and communication systems of another country. Cyberwar is often executed simultaneously with traditional methods to quickly dissipate the capabilities of an enemy.
Unlike cyberwar, cyberterrorism is launched not by governments but by individuals and organized groups. Cyberterrorism is the use of computer and networking technologies against persons or property to intimidate or coerce governments, civilians, or any segment of society in order to attain political, religious, or ideological goals.
Page Ref: 411-412
98) What is risk analysis? What are the three ways in which organizations react to perceived risks?
Answer: Risk analysis is a process in which the value of the assets being protected are assessed, their likelihood of being compromised determined, and the probable costs of their being compromised compared with the estimated costs of whatever protections it requires.
Risk analysis then helps determine the steps, if any, to take to secure systems. There are three general ways to react:
1. Risk Reduction: Taking active countermeasures to protect systems, such as installing firewalls.
2. Risk Acceptance: Implementing no countermeasures and simply absorbing any damages that occur.
3. Risk Transference: Having someone else absorb the risk, such as by investing in insurance or by outsourcing certain functions to another organization with specific expertise.
Page Ref: 417
99) List the six commonly used methods in which technology is employed to safeguard information systems.
Answer: The six methods employed to safeguard information systems are:
1. Physical access restrictions
2. Firewalls
3. Encryption
4. Virus monitoring and prevention
5. Audit-control software
6. Secure data centers
Page Ref: 417
100) Briefly describe the concept of virtual private networks.
Answer: A virtual private network (VPN) is a network connection that is constructed dynamically within an existing network, often called a secure tunnel, in order to connect users or nodes. A number of companies and software solutions enable you to create VPNs within the Internet as the medium for transporting data. These systems use authentication and encryption and other security mechanisms to ensure that only authorized users can access the VPN and that the data cannot be intercepted and compromised; this practice of creating an encrypted “tunnel” to send secure (private) data over the (public) Internet is known as tunneling.
Page Ref: 420-421
101) Suggest a few safeguards that organizations can employ to secure their facilities infrastructure.
Answer:
1. Backups: Organizations and individual computer users should perform backups of important files to external hard drives, CDs, tapes, or online backup service providers at regular intervals.
2. Backup Sites: Backup sites are critical for business continuity in the event a disaster strikes; in other words, backup sites can be thought of as a company’s office in a temporary location.
3. Redundant Data Centers: Often, companies choose to replicate their data centers in multiple locations. Even if the primary infrastructure is located in-house, it pays to have a backup located in a different geographic area to minimize the risk of a disaster happening to both systems.
4. Closed-Circuit Television: While installation and monitoring a closed-circuit television system is costly, the systems can monitor for physical intruders in data centers, server rooms, or collocation facilities.
5. Uninterruptible Power Supply: An uninterruptible power supply does not protect against intruders, but it protects against power surges and temporary power failures that can cause information loss.
Page Ref: 423-425
102) Explain the concept of disaster planning in organizations.
Answer: Organizations need to be prepared for when something catastrophic occurs. The most important aspect of preparing for disaster is creating a business continuity plan, which describes how a business resumes operation after a disaster. A subset of the business continuity plan is the disaster recovery plan, which spells out detailed procedures for recovering from systems-related disasters, such as virus infections and other disasters that might cripple the IS infrastructure. When planning for disaster, two objectives should be considered by an organization: recovery time and recovery point objectives. Recovery time objectives specify the maximum time allowed to recover from a catastrophic event. Recovery point objectives specify how current the backup data should be.
Page Ref: 429-430
103) Explain various types of information systems controls.
Answer: The three types of information systems controls are:
1. Preventive controls: to prevent any potentially negative event from occurring, such as by preventing outside intruders from accessing a facility.
2. Detective controls: to assess whether anything went wrong, such as unauthorized access attempts.
3. Corrective controls: to mitigate the impact of any problem after it has arisen, such as restoring compromised data.
Page Ref: 432

Need essay sample on "IST 202 Chapter 10 Practice Questions"? We will write a custom essay sample specifically for you for only $ 13.90/page

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
×
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register

Already on Businessays? Login here

No, thanks. I prefer suffering on my own
Sorry, but copying text is forbidden on this website. If you need this or any other sample register now and get a free access to all papers, carefully proofread and edited by our experts.
Sign in / Sign up
No, thanks. I prefer suffering on my own
Not quite the topic you need?
We would be happy to write it
Join and witness the magic
Service Open At All Times
|
Complete Buyer Protection
|
Plagiarism-Free Writing

Emily from Businessays

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/chNgQy

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy