Find study materials for any course. Check these out:
Browse by school
Make your own
To login with Google, please enable popups
To login with Google, please enable popups
Don’t have an account?
To signup with Google, please enable popups
To signup with Google, please enable popups
Sign up withor
1) As problemscaused by human errors are not malicious, they are not security threats.
2)An example of malicious human activity could include an employee whoinadvertently installs an old database on top of the current one.
3)Unauthorized data disclosures can occur from malicious human activity.
4)Phishing is a technique for intercepting computer communications.
5)Pretexting occurs when a person receives a confidential SMS by mistake.
6)Sniffing occurs when an intruder uses another site's IP address as if it werethat other site.
7)Email spoofing is a synonym for phishing.
8)Drive-by spoofers take computers with wireless connections through an area andsearch for unprotected wireless networks.
9)Drive-by sniffers can access wireless computer networks.
10)People who intentionally gain unauthorized access to computer systems arecalled hackers.
11)Faulty service includes incorrectly billing customers or sending the wronginformation to employees, but not incorrect data modification.
12)When a hacker floods a Web server with millions of bogus service requests sothat it cannot service legitimate requests, this is called a denial-of-serviceattack.
13)A denial-of-service situation is always the result of a malicious attack.
14)According to the NIST Handbook, responsibility for information security in aparticular department. rests with the manager of that department.
15)According to the NIST Handbook, defining a security policy and managingcomputer-security risk are the responsibilities of a company's IT department.
16)According to the elements of company security outlined in the NIST Handbook,computer security cannot be constrained by societal factors.
17)Uncertainty is the likelihood of an adverse occurrence.
18)Uncertainty is different from risk.
19)Risk management can only be approximated because of uncertainty.
20)According to the NIST Handbook, there is always a residual risk that thesafeguard will not protect the assets in all circumstances.
21)Intangible consequences are those whose financial impact can be measured.
22)Tangible consequences when an asset is compromised include such things as lossof customer goodwill.
23)Probable loss is the probability that a given asset will be compromised by agiven threat, despite the safeguards.
24)Probable loss is concerned only with tangible consequences; it does not includeintangible consequences.
25)The Privacy Act of 1974 gives individuals the right to access health data.
26)HIPAA sets limits on who can receive your health information.
27)The Gramm-Leach-Bliley Act set limits on how health care providers use yourmedical information.
28)Technical safeguards involve the hardware and software components of aninformation system.
29)Smart cards are convenient and easy to use since they don't require any PINnumbers for authentication.
30)A magnetic strip holds far more data than a microchip.
31)A retina scan would be considered as a biometric authentication technique.
32)Encryption is an example of a technical safeguard.
33)Windows, Linux, Unix, and other operating systems employ Kerberos and canauthenticate user requests across networks of computers using a mixture ofthese operating systems.
34)Wireless networks are more secure than wired networks.
35)To gain access to a wired network, a potential intruder must obtain physicalaccess to the network.
36)It is not possible to protect wireless networks.
37)WEP is the newest and most advanced wireless security standard.
38)With symmetric encryption, both the sender and receiver use the same key totransmit messages.
39)Digital signatures use public keys to encrypt the message digest.
40)Secure Socket Layer (SSL) is a protocol that is restricted to asymmetricencryption.
41)The letters "http://" in the browser's address bar indicate that itis safe to send data over the Internet.
42)When a message is hashed to produce a message digest, the message digest can beunhashed to produce the original message.
43)Public keys are supplied by third parties called certificate authorities.
44)A certificate authority verifies the legitimacy of the business sending thedigital certificate.
45)Viruses and worms are examples of malware.
46)A Trojan horse is a virus that masquerades as a useful program or file.
47)Most spyware is benign in that it does not perform malicious acts or stealdata.
48)The term bot is a new catch-all term that refers to any type of virus, worm,Trojan Horse, spyware, adware, or other program not installed and controlled bythe computer's owner or manager.
49)A botnet is a network of bots that is created and managed by the individual ororganization that infected the network with the bot program.
50)Data safeguards are measures used to protect computer hardware from externalthreat.
51)Employee termination may lead to a security threat for an organization.
52)Business requirements may necessitate opening information systems to the publicthat can threaten its security. The best safeguard from such threats is toharden the Web site.
53)The different systems procedure types are: normal operations, review, control,and recovery.
54)Cold sites are cheaper to lease than hot sites.
55)Following a disaster, hot sites provide office space, but customers mustthemselves provide and install the equipment needed to continue operations.
1)Which of the following is considered malicious human activity?
A)an employee who accidentally deletes records
B)data loss as a result of flooding
C)hacking of information systems
D)poorly written programs resulting in losses
2)The ________ pretends to be a legitimate company and sends an email requestingconfidential data, such as account numbers, Social Security numbers, accountpasswords, and so forth.
_____occurs when someone deceives by pretending to be someone else.
5)Email spoofing is a synonym for ________.
________take computers with wireless connections through an area and search forunprotected wireless networks and then monitor and intercept wireless trafficat will.
7)Which of the following is an example of a sniffing technique?
Whenreferring to security threats, pretexting, sniffing, IP spoofing, and phishingare all examples of ________.
A)unauthorized data disclosure
B)incorrect data modification
D)loss of infrastructure
________occurs when a person gains unauthorized access to a computer system, invading anetwork to obtain critical data or to manipulate the system for financial gain.
)Which of the following could most likely be the result of hacking?
A)an unexplained reduction in your account balance
B)certain Web sites being blocked from viewing for security reasons
C)increasing amounts of spam in your inbox
D)pop-up ads appearing frequently
________occurs when unauthorized programs invade a computer system and replacelegitimate programs, shutting down the legitimate system and substituting theirown processing.
Whichof the following usually happens in a malicious denial-of-service attack?
A)A hacker monitors and intercepts wireless traffic at will.
B)A hacker floods a Web server with millions of bogus service requests.
C)A hacker uses unauthorized programs to invade a system and replace legitimateprograms.
D)A phisher pretends to be a legitimate company and requests confidential data.
Whichof the following is an example of a human safeguard?
14)Customers often object to thorough physical searches at airports. Which aspectof computer security described in the NIST Handbook is reflected here?
A)System owners have computer security responsibilities outside their ownorganizations.
B)Computer security is an integral element of sound management.
C)Computer security should be periodically reassessed.D) Computer security is constrained by societalfactors
Whichof the following is a critical security function of senior-managementinvolvement?
A)safeguarding computer hardware and software
B)planning responses to specific security incidents
C)establishing the security policy and managing risk
D)managing the security program on a real-time basis
)Which of the following is the responsibility of senior management in anorganization?
A)implementing disaster-recovery safeguards in individual departmental systems
B)protecting the computer network from sneak attacks by installing safeguards
C)training junior employees about the organization's security policy
D)managing risk by balancing the costs and benefits of the security program
)Which of the following is NOT an element of organizational security policy?
B)a general statement of the security program
Asecurity policy covering personal use of computers at work would be an exampleof a(n) ________.
D)network security policy
)An example of a system-specific security policy would be ________.
A)limiting personal use of an organization's computer systems
B)deciding what customer data from the order-entry system will be shared withother organizations
C)a general statement about the goals of the organization's overall securityprogram
D)inspection of an employee's personal email for compliance with company policy
Whichelement of the security policy specifies how the organization will ensure theenforcement of security programs and policies?
A)the general statement of the security program
B)the issue-specific policy
C)the network policy
D)the system-specific policy
________refers to things we do not know, while ________ is the likelihood of an adverseoccurrence.
22)Which of the following is the first step in risk management?
A)create perfect hedges to mitigate the risks
B)reduce the likelihood of a threat
C)evaluate the results of the risk management process
D)assess what the threats are
Whichfactor of risk assessment refers to the probability that a given asset will becompromised by a given threat, despite the safeguards?
)Which of the following is an example of an intangible consequence?
A)a dip in sales because the supplies were not replenished
B)a loss of customer goodwill due to an outage
C)reduced production because of plant maintenance
D)financial loss reported due to high input costs
25)A weakness in a security system is known as a system ________.
26)To obtain a measure of probable loss, companies ________.
A)multiply likelihood by the probability of the occurrence
B)multiply the vulnerability by the probability of the occurrence
C)multiply likelihood by the cost of the consequences
D)multiply residual risk by the likelihood of the occurrence
Whichof the following is covered by the Gramm-Leach-Bliley Act of 1999?
A)information related to national security
B)records maintained by the U.S. government
C)consumer financial data stored by financial institutions
D)health data created by doctors and other health-care providers
Whichof the following was passed to give individuals the right to access their ownhealth data created by doctors and other health-care providers?
A)Privacy Act of 1974
ThePrivacy Act of 1974 covers ________.
A)records held by private companies
B)records held by the U.S. government
C)records held by banks and other financial institutions
D)records held by medical organizations
31)A(n) ________ card has a microchip on it to hold data.
32)Which of the following is used for biometric authentication?
D)personal identification number
Which of the following cards does NOT use amagnetic strip to hold data?
34)Which of the following statements is true for biometric identification?
A)Users of biometric authentication systems need to enter a PIN forauthentication.
B)One drawback of biometric methods is their unreliability; they provide onlyweak authentication.
C)A major advantage of biometric identification is that it is a relatively cheapmode of authentication.
D)Biometric authentication often faces resistance from users for its invasivenature.
Asystem called ________ authenticates users without sending their passwordsacross the computer network.
TheIEEE 802.11 Committee, the group that develops and maintains wirelessstandards, first developed a wireless security standard called ________.
B)Wi-Fi Protected Access
C)Wired Equivalent Privacy
D)Wireless Security Instruction Set
________eliminate(s) spoofing of public keys and requires browser to have a CA's publickey.
With________ encryption, the sender and receiver transmit a message using the samekey.
Whichof the following observations concerning Secure Socket Layer (SSL) is true?
A)It uses only asymmetric encryption.
B)It is a useful hybrid of symmetric and asymmetric encryption techniques.
C)It works between Levels 2 and 3 of the TCP-OSI architecture.D) It was originally developed by Microsoft
)You are doing an online fund transfer through the Web site of a reputed bank.Which of the following displayed in your browser's address bar will let youknow that the bank is using the SSL protocol?
________is a method of mathematically manipulating the message to create a string ofbits that characterize the message.
Whichof the following is a technique used to ensure that plaintext messagesare received without alteration?
43)A program that asks a sender to transmit its public key could be fooled. Tosolve this problem, trusted, independent third-party companies called ________supply public keys.
44)________ is the term used to denote Trojan horses, spyware, and adware.
)A virus is a computer program that replicates itself. The program code thatcauses unwanted activity is called the ________.
A(n)________ is a type of virus that propagates itself using the Internet or othercomputer networks.
________are viruses that masquerade as useful programs or files.
48)What is a major difference between spyware and adware?
A)Unlike spyware, adware does not perform malicious acts.
B)Unlike spyware, adware steals data from users.
C)Unlike spyware, adware is installed with the user's permission.
D)Unlike spyware, adware does not observe user behavior.
Theterm ________ refers to any type of program that is surreptitiously installedand that takes actions unknown and uncontrolled by the computer's owner oradministrator.
)Which of the following is NOT an example of a data safeguard?
A)periodically creating backup copies of database contents
B)physical security of devices that store database data
C)storing sensitive data in encrypted form
D)storing all backups on organization premises
Becauseencryption keys can be lost or destroyed, a copy of the key should be storedwith a trusted third party. This procedure is called ________.
A)prevention of malware
C)physical security procedures
D)data rights and responsibilities
Whichof the following statements about human safeguards for employees is true?
A)Security screening in an organization applies only to new employees.
B)Given appropriate job descriptions, users' computer accounts should give usersthe least possible privilege necessary to perform their jobs.
C)Companies should provide user accounts and passwords to employees prior totheir security training.
D)There are only two main aspects to security enforcement: responsibility andaccountability.
)When an employee is terminated, IS administrators should receive advance noticeso they can ________.
A)destroy the employee's records
B)plan for new recruitment
D)remove accounts and passwords
________a site means to take extraordinary measures to reduce a system's vulnerability,using special versions of the operating system, and eliminating features andfunctions that are not required by the application.
Thethree main systems procedure types are ________.
A)normal operation, backup, and recovery
B)design, implementation, and control
C)planning, organizing, and controlling
D)activity control, monitoring, and feedback
Activitylog analyses, security testing, and investigating and learning from securityincidents are activities included in ________.
)In disaster-preparedness terminology, a ________ is a utility company that cantake over another company's processing with no forewarning.
Whichof the following observations is true of a cold site?
A)It is located in the company's premises.
B)It is more expensive to lease than a hot site.
C)Customers will have to install and manage systems themselves.
D)The total cost is always less than the cost of a hot site.
Whenan employee notices a virus on his or her machine, the ________ plan shouldspecify what to do.
Sign up for free and study better.
Get started today!