Question 1

Three major concerns of system builders and users are disaster,security,and human error.Of the three,which do you think is most difficult to deal with? Why?

Accepted Answer

Student answers will vary.Example answers are: Disaster might be the most difficult because it is unexpected,broad-based,and frequently life threatening.In addition,the company cannot know if the disaster plan will work until a disaster occurs,and then it's too late to make corrections.Security might be the most difficult because it is an ongoing problem,new viruses are devised constantly,and hackers get smarter every day.Furthermore,damage done by a trusted employee from inside cannot be obviated by system security measures.Human error might be most difficult because it isn't caught until too late,and the consequences may be disastrous.Also,administrative error can occur at any level and through any operation or procedure in the company.

Question 2

Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n)________ attack.

Accepted Answer

A) DDoS 
B) DoS 
C) SQL injection 
D) phishing 
E) botnet 
A) DDoS 
B) DoS 
C) SQL injection 
D) phishing 
E) botnet A

Question 3

All of the following are specific security challenges that threaten corporate servers in a client/server environment except:

Accepted Answer

A) hacking. 
B) malware. 
C) denial-of-service attacks. 
D) sniffing. 
E) vandalism. 
A) hacking. 
B) malware. 
C) denial-of-service attacks. 
D) sniffing. 
E) vandalism. D

Question 4

________ is spyware that logs and transmits everything a user types.

Accepted Answer

A) Spyware 
B) A Trojan horse 
C) A keylogger 
D) A worm 
E) A sniffer 
A) Spyware 
B) A Trojan horse 
C) A keylogger 
D) A worm 
E) A sniffer

Question 5

Blockchain refers to a technology that:

Accepted Answer

A) uses a distributed ledger system of transactions. 
B) uses a centralized data store in the cloud. 
C) relies on the Internet to provide secure transactions. 
D) uses existing banking systems to transfer funds. 
E) relies on peer-to-peer networks. 
A) uses a distributed ledger system of transactions. 
B) uses a centralized data store in the cloud. 
C) relies on the Internet to provide secure transactions. 
D) uses existing banking systems to transfer funds. 
E) relies on peer-to-peer networks.

Question 6

An acceptable use policy defines acceptable uses of the firm's information resources and computing equipment.

Accepted Answer

A) True 
 B)False

Question 7

Which of the following refers to policies,procedures,and technical measures used to prevent unauthorized access,alteration,theft,or physical damage to information systems?

Accepted Answer

A) Security 
B) Controls 
C) Benchmarking 
D) Algorithms 
E) Identity management 
A) Security 
B) Controls 
C) Benchmarking 
D) Algorithms 
E) Identity management

Question 8

Hackers and their companion viruses are an increasing problem,especially on the Internet.What are the most important measures for a firm to take to protect itself from this? Is full protection feasible? Why or why not?

Accepted Answer

For protection,a company must institute

Question 9

Malicious software programs referred to as spyware include a variety of threats such as computer viruses,worms,and Trojan horses.

Accepted Answer

A) True 
 B)False

Question 10

Is the cloud a safer and more secure computing environment than an in-house network? Why or why not?

Accepted Answer

Student evaluations will vary,but should

Question 11

Implementation controls:

Accepted Answer

A) can be classified as input controls,processing controls,and output controls. 
B) govern the design,security,and use of computer programs and the security of data files in general throughout the organization. 
C) apply to all computerized applications and consist of a combination of hardware,software,and manual procedures that create an overall control environment. 
D) include software controls,computer operations controls,and implementation controls. 
E) Audit the systems development process at various points to ensure that the process is properly controlled and managed. 
A) can be classified as input controls,processing controls,and output controls. 
B) govern the design,security,and use of computer programs and the security of data files in general throughout the organization. 
C) apply to all computerized applications and consist of a combination of hardware,software,and manual procedures that create an overall control environment. 
D) include software controls,computer operations controls,and implementation controls. 
E) Audit the systems development process at various points to ensure that the process is properly controlled and managed.

Question 12

Name and describe four firewall screening technologies.

Accepted Answer

There are a number of firewall screening

Question 13

________ use scanning software to look for known problems such as bad passwords,the removal of important files,security attacks in progress,and system administration errors.

Accepted Answer

A) Stateful inspections 
B) Intrusion detection systems 
C) Application proxy filtering technologies 
D) Packet filtering technologies 
E) Firewalls 
A) Stateful inspections 
B) Intrusion detection systems 
C) Application proxy filtering technologies 
D) Packet filtering technologies 
E) Firewalls

Question 14

Which of the following statements about wireless security is not true?

Accepted Answer

A) SSIDs are broadcast multiple times and can be picked up fairly easily by sniffer programs. 
B) Radio frequency bands are easy to scan. 
C) An intruder who has associated with an access point by using the correct SSID is capable of accessing other resources on the network. 
D) Intruders can force a user's NIC to associate with a rogue access point. 
E) Bluetooth is the only wireless technology that is not susceptible to hacking by eavesdroppers. 
A) SSIDs are broadcast multiple times and can be picked up fairly easily by sniffer programs. 
B) Radio frequency bands are easy to scan. 
C) An intruder who has associated with an access point by using the correct SSID is capable of accessing other resources on the network. 
D) Intruders can force a user's NIC to associate with a rogue access point. 
E) Bluetooth is the only wireless technology that is not susceptible to hacking by eavesdroppers.

Question 15

Application proxy filtering examines the application content of packets.

Accepted Answer

A) True 
 B)False

Question 16

What is a digital certificate? How does it work?

Accepted Answer

Digital certificates are data files used

Question 17

Which of the following defines acceptable uses of a firm's information resources and computing equipment?

Accepted Answer

A) An information systems audit policy 
B) A CA policy 
C) A MSSP 
D) A UTM system 
E) An AUP 
A) An information systems audit policy 
B) A CA policy 
C) A MSSP 
D) A UTM system 
E) An AUP

Question 18

Which of the following is the single greatest cause of network security breaches?

Accepted Answer

A) Viruses 
B) User lack of knowledge 
C) Trojan horses 
D) Cyberwarfare 
E) Bugs 
A) Viruses 
B) User lack of knowledge 
C) Trojan horses 
D) Cyberwarfare 
E) Bugs

Question 19

How is the security of a firm's information system and data affected by its people,organization,and technology? Is the contribution of one of these dimensions any more important than the other? Why?

Accepted Answer

There are various technological essentia

Question 20

Zero defects cannot be achieved in larger software programs because fully testing programs that contain thousands of choices and millions of paths would require thousands of years.

Accepted Answer

A) True 
 B)False

Three major concerns of system builders and users are disaster,security,and human error.Of the three,which do you think is most difficult to deal with? Why?

Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n)________ attack.

All of the following are specific security challenges that threaten corporate servers in a client/server environment except:

________ is spyware that logs and transmits everything a user types.

Blockchain refers to a technology that:

An acceptable use policy defines acceptable uses of the firm's information resources and computing equipment.

Which of the following refers to policies,procedures,and technical measures used to prevent unauthorized access,alteration,theft,or physical damage to information systems?

Hackers and their companion viruses are an increasing problem,especially on the Internet.What are the most important measures for a firm to take to protect itself from this? Is full protection feasible? Why or why not?

Malicious software programs referred to as spyware include a variety of threats such as computer viruses,worms,and Trojan horses.

Is the cloud a safer and more secure computing environment than an in-house network? Why or why not?

Implementation controls:

Name and describe four firewall screening technologies.

________ use scanning software to look for known problems such as bad passwords,the removal of important files,security attacks in progress,and system administration errors.

Which of the following statements about wireless security is not true?

Application proxy filtering examines the application content of packets.

What is a digital certificate? How does it work?

Which of the following defines acceptable uses of a firm's information resources and computing equipment?

Which of the following is the single greatest cause of network security breaches?

How is the security of a firm's information system and data affected by its people,organization,and technology? Is the contribution of one of these dimensions any more important than the other? Why?

Zero defects cannot be achieved in larger software programs because fully testing programs that contain thousands of choices and millions of paths would require thousands of years.

Information Systems in Global Business Today

Global E-Business and Collaboration

Information Systems,organizations,and Strategy

Ethical and Social Issues in Information Systems

It Infrastructure and Emerging Technologies

Foundations of Business Intelligence:

Telecommunications, the Internet, and Wireless Technology

Achieving Operational Excellence and Customer Intimacy:

E-Commerce: Digital Markets, digital Goods

Managing Knowledge and Artificial Intelligence

Enhancing Decision Making

Building Information Systems

Managing Projects

Managing Global Systems

Filters

Exam 8: Securing Information Systems

Three major concerns of system builders and users are disaster,security,and human error.Of the three,which do you think is most difficult to deal with? Why?

Using numerous computers to inundate and overwhelm the network from numerous launch points is called a(n)________ attack.

All of the following are specific security challenges that threaten corporate servers in a client/server environment except:

________ is spyware that logs and transmits everything a user types.

Blockchain refers to a technology that:

An acceptable use policy defines acceptable uses of the firm's information resources and computing equipment.

Which of the following refers to policies,procedures,and technical measures used to prevent unauthorized access,alteration,theft,or physical damage to information systems?

Hackers and their companion viruses are an increasing problem,especially on the Internet.What are the most important measures for a firm to take to protect itself from this? Is full protection feasible? Why or why not?

Malicious software programs referred to as spyware include a variety of threats such as computer viruses,worms,and Trojan horses.

Is the cloud a safer and more secure computing environment than an in-house network? Why or why not?

Implementation controls:

Name and describe four firewall screening technologies.

________ use scanning software to look for known problems such as bad passwords,the removal of important files,security attacks in progress,and system administration errors.

Which of the following statements about wireless security is not true?

Application proxy filtering examines the application content of packets.

What is a digital certificate? How does it work?

Which of the following defines acceptable uses of a firm's information resources and computing equipment?

Which of the following is the single greatest cause of network security breaches?

How is the security of a firm's information system and data affected by its people,organization,and technology? Is the contribution of one of these dimensions any more important than the other? Why?

Zero defects cannot be achieved in larger software programs because fully testing programs that contain thousands of choices and millions of paths would require thousands of years.

Information Systems in Global Business Today

Global E-Business and Collaboration

Information Systems,organizations,and Strategy

Ethical and Social Issues in Information Systems

It Infrastructure and Emerging Technologies

Foundations of Business Intelligence:

Telecommunications, the Internet, and Wireless Technology

Achieving Operational Excellence and Customer Intimacy:

E-Commerce: Digital Markets, digital Goods

Managing Knowledge and Artificial Intelligence

Enhancing Decision Making

Building Information Systems

Managing Projects

Managing Global Systems

Filters