Question 1

The HIPAA Act of 1996:

Accepted Answer

A) requires financial institutions to ensure the security of customer data. 
B) specifies best practices in information systems security and control. 
C) imposes responsibility on companies and management to safeguard the accuracy of financial information. 
D) outlines medical security and privacy rules. 
A) requires financial institutions to ensure the security of customer data. 
B) specifies best practices in information systems security and control. 
C) imposes responsibility on companies and management to safeguard the accuracy of financial information. 
D) outlines medical security and privacy rules.

Question 2

________ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards.

Accepted Answer

A) "Legacy systems" 
B) "SSID standards" 
C) "Vulnerabilities" 
D) "Controls" 
A) "Legacy systems" 
B) "SSID standards" 
C) "Vulnerabilities" 
D) "Controls"

Question 3

All of the following are types of information systems general controls except:

Accepted Answer

A) application controls. 
B) computer applications controls. 
C) physical hardware controls. 
D) administrative controls. 
A) application controls. 
B) computer applications controls. 
C) physical hardware controls. 
D) administrative controls.

Question 4

In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, a small program called Mitglieder was downloaded to the user's machine. The program enabled outsiders to infiltrate the user's machine. What type of malware is this an example of?

Accepted Answer

A) Trojan horse 
B) Virus 
C) Worm 
D) Spyware 
A) Trojan horse 
B) Virus 
C) Worm 
D) Spyware

Question 5

An example of phishing is:

Accepted Answer

A) setting up a bogus Wi-Fi hot spot. 
B) setting up a fake medical Web site that asks users for confidential information. 
C) pretending to be a utility company's employee in order to garner information from that company about their security system. 
D) sending bulk e-mail that asks for financial aid under a false pretext. 
A) setting up a bogus Wi-Fi hot spot. 
B) setting up a fake medical Web site that asks users for confidential information. 
C) pretending to be a utility company's employee in order to garner information from that company about their security system. 
D) sending bulk e-mail that asks for financial aid under a false pretext.

Question 6

________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.

Accepted Answer

A) "Security" 
B) "Controls" 
C) "Benchmarking" 
D) "Algorithms" 
A) "Security" 
B) "Controls" 
C) "Benchmarking" 
D) "Algorithms"

Question 7

Specific security challenges that threaten corporate servers in a client/server environment include:

Accepted Answer

A) tapping; sniffing; message alteration; radiation. 
B) hacking; vandalism; denial of service attacks. 
C) theft, copying, alteration of data; hardware or software failure. 
D) unauthorized access; errors; spyware. 
A) tapping; sniffing; message alteration; radiation. 
B) hacking; vandalism; denial of service attacks. 
C) theft, copying, alteration of data; hardware or software failure. 
D) unauthorized access; errors; spyware.

Question 8

The most common type of electronic evidence is:

Accepted Answer

A) voice-mail. 
B) spreadsheets. 
C) instant messages. 
D) e-mail. 
A) voice-mail. 
B) spreadsheets. 
C) instant messages. 
D) e-mail.

Question 9

Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called:

Accepted Answer

A) sniffing. 
B) social engineering. 
C) phishing. 
D) pharming. 
A) sniffing. 
B) social engineering. 
C) phishing. 
D) pharming.

Question 10

An authentication token is a(n):

Accepted Answer

A) device the size of a credit card that contains access permission data. 
B) type of smart card. 
C) gadget that displays passcodes. 
D) electronic marker attached to a digital authorization file. 
A) device the size of a credit card that contains access permission data. 
B) type of smart card. 
C) gadget that displays passcodes. 
D) electronic marker attached to a digital authorization file.

Question 11

The Gramm-Leach-Bliley Act:

Accepted Answer

A) requires financial institutions to ensure the security of customer data. 
B) specifies best practices in information systems security and control. 
C) imposes responsibility on companies and management to safeguard the accuracy of financial information. 
D) outlines medical security and privacy rules. 
A) requires financial institutions to ensure the security of customer data. 
B) specifies best practices in information systems security and control. 
C) imposes responsibility on companies and management to safeguard the accuracy of financial information. 
D) outlines medical security and privacy rules.

Question 12

Redirecting a Web link to a different address is a form of:

Accepted Answer

A) snooping. 
B) spoofing. 
C) sniffing. 
D) war driving. 
A) snooping. 
B) spoofing. 
C) sniffing. 
D) war driving.

Question 13

Most antivirus software is effective against:

Accepted Answer

A) only those viruses active on the Internet and through e-mail. 
B) any virus. 
C) any virus except those in wireless communications applications. 
D) only those viruses already known when the software is written. 
A) only those viruses active on the Internet and through e-mail. 
B) any virus. 
C) any virus except those in wireless communications applications. 
D) only those viruses already known when the software is written.

Question 14

Three major concerns of system builders and users are disaster, security, and human error. Of the three, which do you think is most difficult to deal with? Why?

Accepted Answer

Student answers will vary. Example answe

Question 15

NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.

Accepted Answer

A) True 
 B)False

Question 16

You have been hired as a security consultant for a law firm. Which of the following constitutes the greatest source of security threats to the firm?

Accepted Answer

A) Wireless network 
B) Employees 
C) Authentication procedures 
D) Lack of data encryption 
A) Wireless network 
B) Employees 
C) Authentication procedures 
D) Lack of data encryption

Question 17

Large amounts of data stored in electronic form are ________ than the same data in manual form.

Accepted Answer

A) less vulnerable to damage 
B) more secure 
C) vulnerable to many more kinds of threats 
D) more critical to most businesses 
A) less vulnerable to damage 
B) more secure 
C) vulnerable to many more kinds of threats 
D) more critical to most businesses

Question 18

Why is software quality important to security? What specific steps can an organization take to ensure software quality?

Accepted Answer

Software errors pose a constant threat t

Question 19

Electronic data are more susceptible to destruction, fraud, error, and misuse because information systems concentrate data in computer files that:

Accepted Answer

A) are easily decrypted. 
B) can be opened with easily available software. 
C) may be accessible by anyone who has access to the same network. 
D) are unprotected by up-to-date security systems. 
A) are easily decrypted. 
B) can be opened with easily available software. 
C) may be accessible by anyone who has access to the same network. 
D) are unprotected by up-to-date security systems.

Question 20

The term cracker is used to identify a hacker whose specialty is breaking open security systems.

Accepted Answer

A) True 
 B)False

The HIPAA Act of 1996:

________ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards.

All of the following are types of information systems general controls except:

In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, a small program called Mitglieder was downloaded to the user's machine. The program enabled outsiders to infiltrate the user's machine. What type of malware is this an example of?

An example of phishing is:

________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.

Specific security challenges that threaten corporate servers in a client/server environment include:

The most common type of electronic evidence is:

Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called:

An authentication token is a(n):

The Gramm-Leach-Bliley Act:

Redirecting a Web link to a different address is a form of:

Most antivirus software is effective against:

Three major concerns of system builders and users are disaster, security, and human error. Of the three, which do you think is most difficult to deal with? Why?

NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.

You have been hired as a security consultant for a law firm. Which of the following constitutes the greatest source of security threats to the firm?

Large amounts of data stored in electronic form are ________ than the same data in manual form.

Why is software quality important to security? What specific steps can an organization take to ensure software quality?

Electronic data are more susceptible to destruction, fraud, error, and misuse because information systems concentrate data in computer files that:

The term cracker is used to identify a hacker whose specialty is breaking open security systems.

Business Information Systems in Your Career

Global E-Business and Collaboration

Achieving Competitive Advantage With Information Systems

Ethical and Social Issues in Information Systems

It Infrastructure: Hardware and Software

Foundations of Business Intelligence: Databases and Information Management

Telecommunications, the Internet, and Wireless Technology

Achieving Operational Excellence and Customer Intimacy: Enterprise Applications

E-Commerce: Digital Markets, Digital Goods

Improving Decision Making and Managing Knowledge

Building Information Systems and Managing Projects

Filters

Exam 8: Securing Information Systems

The HIPAA Act of 1996:

________ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards.

All of the following are types of information systems general controls except:

In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, a small program called Mitglieder was downloaded to the user's machine. The program enabled outsiders to infiltrate the user's machine. What type of malware is this an example of?

An example of phishing is:

________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.

Specific security challenges that threaten corporate servers in a client/server environment include:

The most common type of electronic evidence is:

Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called:

An authentication token is a(n):

The Gramm-Leach-Bliley Act:

Redirecting a Web link to a different address is a form of:

Most antivirus software is effective against:

Three major concerns of system builders and users are disaster, security, and human error. Of the three, which do you think is most difficult to deal with? Why?

NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.

You have been hired as a security consultant for a law firm. Which of the following constitutes the greatest source of security threats to the firm?

Large amounts of data stored in electronic form are ________ than the same data in manual form.

Why is software quality important to security? What specific steps can an organization take to ensure software quality?

Electronic data are more susceptible to destruction, fraud, error, and misuse because information systems concentrate data in computer files that:

The term cracker is used to identify a hacker whose specialty is breaking open security systems.

Business Information Systems in Your Career

Global E-Business and Collaboration

Achieving Competitive Advantage With Information Systems

Ethical and Social Issues in Information Systems

It Infrastructure: Hardware and Software

Foundations of Business Intelligence: Databases and Information Management

Telecommunications, the Internet, and Wireless Technology

Achieving Operational Excellence and Customer Intimacy: Enterprise Applications

E-Commerce: Digital Markets, Digital Goods

Improving Decision Making and Managing Knowledge

Building Information Systems and Managing Projects

Filters