Question 1

SSL is a protocol used to establish a secure connection between two computers.

Accepted Answer

A) True 
 B)False

Question 2

NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.

Accepted Answer

A) True 
 B)False

Question 3

________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone else.

Accepted Answer

A)  Identity theft 
B)  Spoofing 
C)  Social engineering 
D)  Evil twins 
E)  Pharming 
A)  Identity theft 
B)  Spoofing 
C)  Social engineering 
D)  Evil twins 
E)  Pharming

Question 4

You have just been hired as a security consultant by MegaMalls Inc., a national chain of retail malls, to make sure that the security of their information systems is up to par. Outline the steps you will take to achieve this.

Accepted Answer

(1) Establish what data and processes ar

Question 5

A digital certificate system

Accepted Answer

A)  uses third-party CAs to validate a user's identity. 
B)  uses digital signatures to validate a user's identity. 
C)  uses tokens to validate a user's identity. 
D)  is used primarily by individuals for personal correspondence. 
E)  protects a user's identity by substituting a certificate in place of identifiable traits. 
A)  uses third-party CAs to validate a user's identity. 
B)  uses digital signatures to validate a user's identity. 
C)  uses tokens to validate a user's identity. 
D)  is used primarily by individuals for personal correspondence. 
E)  protects a user's identity by substituting a certificate in place of identifiable traits.

Question 6

________ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards.

Accepted Answer

A)  "Legacy systems" 
B)  "SSID standards" 
C)  "Vulnerabilities" 
D)  "Security policy" 
E)  "Controls" 
A)  "Legacy systems" 
B)  "SSID standards" 
C)  "Vulnerabilities" 
D)  "Security policy" 
E)  "Controls"

Question 7

Explain how an SQL injection attack works and what types of systems are vulnerable to this type of attack.

Accepted Answer

SQL injection attacks take advantage of

Question 8

A firewall allows the organization to

Accepted Answer

A)  enforce a security policy on data exchanged between its network and the Internet. 
B)  check the accuracy of all transactions between its network and the Internet. 
C)  create an enterprise system on the Internet. 
D)  check the content of all incoming and outgoing e-mail messages. 
E)  create access rules for a network. 
A)  enforce a security policy on data exchanged between its network and the Internet. 
B)  check the accuracy of all transactions between its network and the Internet. 
C)  create an enterprise system on the Internet. 
D)  check the content of all incoming and outgoing e-mail messages. 
E)  create access rules for a network.

Question 9

How is the security of a firm's information system and data affected by its people, organization, and technology?
 Is the contribution of one of these dimensions any more important than the other?
 Why?

Accepted Answer

There are various technological essentia

Question 10

Evil twins are

Accepted Answer

A)  Trojan horses that appears to the user to be a legitimate commercial software application. 
B)  e-mail messages that mimic the e-mail messages of a legitimate business. 
C)  fraudulent Web sites that mimic a legitimate business's Web site. 
D)  computers that fraudulently access a Web site or network using the IP address and identification of an authorized computer. 
E)  bogus wireless network access points that look legitimate to users. 
A)  Trojan horses that appears to the user to be a legitimate commercial software application. 
B)  e-mail messages that mimic the e-mail messages of a legitimate business. 
C)  fraudulent Web sites that mimic a legitimate business's Web site. 
D)  computers that fraudulently access a Web site or network using the IP address and identification of an authorized computer. 
E)  bogus wireless network access points that look legitimate to users.

Question 11

Why is software quality important to security?
 What specific steps can an organization take to ensure software quality?

Accepted Answer

Software errors pose a constant threat t

Question 12

Currently, the protocols used for secure information transfer over the Internet are

Accepted Answer

A)  TCP/IP and SSL. 
B)  S-HTTP and CA. 
C)  HTTP and TCP/IP. 
D)  S-HTTP and SHTML. 
E)  SSL, TLS, and S-HTTP. 
A)  TCP/IP and SSL. 
B)  S-HTTP and CA. 
C)  HTTP and TCP/IP. 
D)  S-HTTP and SHTML. 
E)  SSL, TLS, and S-HTTP.

Question 13

The HIPAA Act of 1996

Accepted Answer

A)  requires financial institutions to ensure the security of customer data. 
B)  specifies best practices in information systems security and control. 
C)  imposes responsibility on companies and management to safeguard the accuracy of financial information. 
D)  outlines medical security and privacy rules. 
E)  identifies computer abuse as a crime and defines abusive activities. 
A)  requires financial institutions to ensure the security of customer data. 
B)  specifies best practices in information systems security and control. 
C)  imposes responsibility on companies and management to safeguard the accuracy of financial information. 
D)  outlines medical security and privacy rules. 
E)  identifies computer abuse as a crime and defines abusive activities.

Question 14

________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.

Accepted Answer

A)  "Security" 
B)  "Controls" 
C)  "Benchmarking" 
D)  "Algorithms" 
E)  "Identity management" 
A)  "Security" 
B)  "Controls" 
C)  "Benchmarking" 
D)  "Algorithms" 
E)  "Identity management"

Question 15

Pharming involves

Accepted Answer

A)  redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser. 
B)  pretending to be a legitimate business's representative in order to garner information about a security system. 
C)  setting up fake Web sites to ask users for confidential information. 
D)  using e-mails for threats or harassment. 
E)  setting up fake Wi-Fi access points that look as if they are legitimate public networks. 
A)  redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser. 
B)  pretending to be a legitimate business's representative in order to garner information about a security system. 
C)  setting up fake Web sites to ask users for confidential information. 
D)  using e-mails for threats or harassment. 
E)  setting up fake Wi-Fi access points that look as if they are legitimate public networks.

Question 16

Statements ranking information risks and identifying security goals are included in a(n)

Accepted Answer

A)  security policy. 
B)  AUP. 
C)  risk assessment. 
D)  business impact analysis. 
E)  business continuity plan. 
A)  security policy. 
B)  AUP. 
C)  risk assessment. 
D)  business impact analysis. 
E)  business continuity plan.

Question 17

In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.

Accepted Answer

A)  high availability computing 
B)  deep-packet inspection 
C)  application proxy filtering 
D)  stateful inspection 
E)  unified threat management 
A)  high availability computing 
B)  deep-packet inspection 
C)  application proxy filtering 
D)  stateful inspection 
E)  unified threat management

Question 18

The Internet poses specific security problems because

Accepted Answer

A)  it was designed to be easily accessible. 
B)  Internet data is not run over secure lines. 
C)  Internet standards are universal. 
D)  it changes so rapidly. 
E)  there is no formal controlling body. 
A)  it was designed to be easily accessible. 
B)  Internet data is not run over secure lines. 
C)  Internet standards are universal. 
D)  it changes so rapidly. 
E)  there is no formal controlling body.

Question 19

Public key encryption uses two keys.

Accepted Answer

A) True 
 B)False

Question 20

Social networking sites have become a new conduit for malware because

Accepted Answer

A)  they are used by so many people. 
B)  they allow users to post media and image files. 
C)  they are especially vulnerable to social engineering. 
D)  they allow users to post software code. 
E)  they have poor user authentication. 
A)  they are used by so many people. 
B)  they allow users to post media and image files. 
C)  they are especially vulnerable to social engineering. 
D)  they allow users to post software code. 
E)  they have poor user authentication.

SSL is a protocol used to establish a secure connection between two computers.

NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.

________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone else.

You have just been hired as a security consultant by MegaMalls Inc., a national chain of retail malls, to make sure that the security of their information systems is up to par. Outline the steps you will take to achieve this.

A digital certificate system

________ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards.

Explain how an SQL injection attack works and what types of systems are vulnerable to this type of attack.

A firewall allows the organization to

How is the security of a firm's information system and data affected by its people, organization, and technology? Is the contribution of one of these dimensions any more important than the other? Why?

Evil twins are

Why is software quality important to security? What specific steps can an organization take to ensure software quality?

Currently, the protocols used for secure information transfer over the Internet are

The HIPAA Act of 1996

________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.

Pharming involves

Statements ranking information risks and identifying security goals are included in a(n)

In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.

The Internet poses specific security problems because

Public key encryption uses two keys.

Social networking sites have become a new conduit for malware because

Information Systems in Global Business Today

Global E-Business and Collaboration

Information Systems, Organizations, and Strategy

Ethical and Social Issues in Information Systems

It Infrastructure and Emerging Technologies

Foundations of Business Intelligence: Databases and Information Management

Telecommunications, the Internet, and Wireless Technology

Achieving Operational Excellence and Customer Intimacy: Enterprise Applications

E-Commerce: Digital Markets, Digital Goods

Managing Knowledge

Enhancing Decision Making

Building Information Systems

Managing Projects

Managing Global Systems

Filters

Exam 8: Securing Information Systems

SSL is a protocol used to establish a secure connection between two computers.

NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.

________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone else.

You have just been hired as a security consultant by MegaMalls Inc., a national chain of retail malls, to make sure that the security of their information systems is up to par. Outline the steps you will take to achieve this.

A digital certificate system

________ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards.

Explain how an SQL injection attack works and what types of systems are vulnerable to this type of attack.

A firewall allows the organization to

How is the security of a firm's information system and data affected by its people, organization, and technology? Is the contribution of one of these dimensions any more important than the other? Why?

Evil twins are

Why is software quality important to security? What specific steps can an organization take to ensure software quality?

Currently, the protocols used for secure information transfer over the Internet are

The HIPAA Act of 1996

________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.

Pharming involves

Statements ranking information risks and identifying security goals are included in a(n)

In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.

The Internet poses specific security problems because

Public key encryption uses two keys.

Social networking sites have become a new conduit for malware because

Information Systems in Global Business Today

Global E-Business and Collaboration

Information Systems, Organizations, and Strategy

Ethical and Social Issues in Information Systems

It Infrastructure and Emerging Technologies

Foundations of Business Intelligence: Databases and Information Management

Telecommunications, the Internet, and Wireless Technology

Achieving Operational Excellence and Customer Intimacy: Enterprise Applications

E-Commerce: Digital Markets, Digital Goods

Managing Knowledge

Enhancing Decision Making

Building Information Systems

Managing Projects

Managing Global Systems

Filters