Question 1

Which of the following is not a strategy for mitigating the risk of threats against information?

Accepted Answer

A) Continue operating with no controls and absorb any damages that occur. 
B) Transfer the risk by purchasing insurance. 
C) Implement controls that minimize the impact of the threat. 
D) Install controls that block the risk. 
E) All of the above are strategies for mitigating risk. 
A) Continue operating with no controls and absorb any damages that occur. 
B) Transfer the risk by purchasing insurance. 
C) Implement controls that minimize the impact of the threat. 
D) Install controls that block the risk. 
E) All of the above are strategies for mitigating risk.

Question 2

Walls, doors, and fences are examples of __________ controls.

Accepted Answer

A) access 
B) communications 
C) network 
D) physical 
A) access 
B) communications 
C) network 
D) physical

Question 3

Which of the following is/are designed to use your computer as a launch pad for sending unsolicited e-mail to other computers?

Accepted Answer

A) Spyware 
B) Spamware 
C) Adware 
D) Viruses 
E) Worms 
A) Spyware 
B) Spamware 
C) Adware 
D) Viruses 
E) Worms

Question 4

Being careless with your computing devices is ______________.

Accepted Answer

A) a deliberate threat 
B) a human error 
C) an intentional threat 
D) social engineering 
A) a deliberate threat 
B) a human error 
C) an intentional threat 
D) social engineering

Question 5

Social engineering is typically _____________ human error on the part of an employee, but it is _____________ on the part of the attacker.

Accepted Answer

A) intentional, unintentional 
B) intentional, intentional 
C) unintentional, intentional 
D) unintentional, unintentional 
A) intentional, unintentional 
B) intentional, intentional 
C) unintentional, intentional 
D) unintentional, unintentional

Question 6

Describe how a digital certificate works.

Accepted Answer

The answer of Describe how a digital certificate works....

Question 7

In _____, the organization purchases insurance as a means to compensate for any loss.

Accepted Answer

A) risk management 
B) risk analysis 
C) risk mitigation 
D) risk acceptance 
E) risk transference 
A) risk management 
B) risk analysis 
C) risk mitigation 
D) risk acceptance 
E) risk transference

Question 8

Contrast the following types of remote attacks: virus, worm, phishing, and spear phishing.

Accepted Answer

The answer of Contrast the following types of remote attacks:...

Question 9

Biometrics is something the user _______.

Accepted Answer

A) does 
B) has 
C) is 
D) knows 
A) does 
B) has 
C) is 
D) knows

Question 10

Dumpster diving is:

Accepted Answer

A) always illegal because it is considered trespassing. 
B) never illegal because it is not considered trespassing. 
C) typically committed for the purpose of identity theft. 
D) always illegal because individuals own the material in the dumpster. 
E) always legal because the dumpster is not owned by private citizens. 
A) always illegal because it is considered trespassing. 
B) never illegal because it is not considered trespassing. 
C) typically committed for the purpose of identity theft. 
D) always illegal because individuals own the material in the dumpster. 
E) always legal because the dumpster is not owned by private citizens.

Question 11

Shodan is used for _________.

Accepted Answer

A) creating a backdoor 
B) SCADA attacks 
C) spreading viruses 
D) phishing 
A) creating a backdoor 
B) SCADA attacks 
C) spreading viruses 
D) phishing

Question 12

Software can be copyrighted.

Accepted Answer

A) True 
 B)False

Question 13

Which of the following is not a characteristic of strong passwords?

Accepted Answer

A) They are difficult to guess. 
B) They contain special characters. 
C) They are not a recognizable word. 
D) They are not a recognizable string of numbers 
E) They tend to be short so they are easy to remember. 
A) They are difficult to guess. 
B) They contain special characters. 
C) They are not a recognizable word. 
D) They are not a recognizable string of numbers 
E) They tend to be short so they are easy to remember.

Question 14

Tim ventured out into the world of retail by renting a cart at a local mall. His product is personalized coffee mugs. He uses his laptop to track sales and to process credit card sales. He has a customer mailing list that is updated by customers on the laptop as well. At the end of each day, Tim backs up all of his data to a thumb drive and puts the drive into the laptop case with the laptop. Discuss Tim's information security strategy.

Accepted Answer

The answer of Tim ventured out into the world of...

Question 15

A password refers to "something the user is."

Accepted Answer

A) True 
 B)False

Question 16

You receive an e-mail from your bank informing you that they are updating their records and need your password. Which of the following statements is true?

Accepted Answer

A) The message could be an industrial espionage attack. 
B) The message could be a phishing attack. 
C) The message could be a denial-of-service attack. 
D) The message could be a back-door attack. 
E) The message could be a Trojan horse attack. 
A) The message could be an industrial espionage attack. 
B) The message could be a phishing attack. 
C) The message could be a denial-of-service attack. 
D) The message could be a back-door attack. 
E) The message could be a Trojan horse attack.

Question 17

Cyberterrorism and cyberwarfare can attack supervisory control and data acquisition (SCADA)systems to cause widespread physical damage.

Accepted Answer

A) True 
 B)False

Question 18

Which of the following statements concerning the difficulties in protecting information resources is not correct?

Accepted Answer

A) Computing resources are typically decentralized. 
B) Computer crimes often remain undetected for a long period of time. 
C) Rapid technological changes ensure that controls are effective for years. 
D) Employees typically do not follow security procedures when the procedures are inconvenient. 
E) Computer networks can be located outside the organization. 
A) Computing resources are typically decentralized. 
B) Computer crimes often remain undetected for a long period of time. 
C) Rapid technological changes ensure that controls are effective for years. 
D) Employees typically do not follow security procedures when the procedures are inconvenient. 
E) Computer networks can be located outside the organization.

Question 19

A ___________ site does not include the actual applications the company runs.

Accepted Answer

A) cold 
B) hot 
C) warm 
D) neutral 
A) cold 
B) hot 
C) warm 
D) neutral

Question 20

Describe public key encryption.

Accepted Answer

The answer of Describe public key encryption....

Which of the following is not a strategy for mitigating the risk of threats against information?

Walls, doors, and fences are examples of __________ controls.

Which of the following is/are designed to use your computer as a launch pad for sending unsolicited e-mail to other computers?

Being careless with your computing devices is ______________.

Social engineering is typically _ human error on the part of an employee, but it is _ on the part of the attacker.

Describe how a digital certificate works.

In _____, the organization purchases insurance as a means to compensate for any loss.

Contrast the following types of remote attacks: virus, worm, phishing, and spear phishing.

Biometrics is something the user _______.

Dumpster diving is:

Shodan is used for _________.

Software can be copyrighted.

Which of the following is not a characteristic of strong passwords?

A password refers to "something the user is."

You receive an e-mail from your bank informing you that they are updating their records and need your password. Which of the following statements is true?

Cyberterrorism and cyberwarfare can attack supervisory control and data acquisition (SCADA)systems to cause widespread physical damage.

Which of the following statements concerning the difficulties in protecting information resources is not correct?

A ___________ site does not include the actual applications the company runs.

Describe public key encryption.

Introduction to Information Systems

Organizational Strategy, Competitive Advantage, and Information Systems

Ethics and Privacy

Data and Knowledge Management

Telecommunications and Networking

E-Business and E-Commerce

Wireless, Mobile Computing, and Mobile Commerce

Social Computing

Information Systems Within the Organization

Customer Relationship Management and Supply Chain Management

Business Intelligence

Acquiring Information Systems and Applications

Technology Guide 1 : Hardware

Technology Guide 2 : Software

Technology Guide 3 : Cloud Computing

Technology Guide 4 : Intelligent Systems

Technology Guide 5 Protecting Your Information Assets

Filters

Exam 4: Information Security and Controls

Which of the following is not a strategy for mitigating the risk of threats against information?

Walls, doors, and fences are examples of __________ controls.

Which of the following is/are designed to use your computer as a launch pad for sending unsolicited e-mail to other computers?

Being careless with your computing devices is ______________.

Social engineering is typically _____________ human error on the part of an employee, but it is _____________ on the part of the attacker.

Describe how a digital certificate works.

In _____, the organization purchases insurance as a means to compensate for any loss.

Contrast the following types of remote attacks: virus, worm, phishing, and spear phishing.

Biometrics is something the user _______.

Dumpster diving is:

Shodan is used for _________.

Software can be copyrighted.

Which of the following is not a characteristic of strong passwords?

A password refers to "something the user is."

You receive an e-mail from your bank informing you that they are updating their records and need your password. Which of the following statements is true?

Cyberterrorism and cyberwarfare can attack supervisory control and data acquisition (SCADA)systems to cause widespread physical damage.

Which of the following statements concerning the difficulties in protecting information resources is not correct?

A ___________ site does not include the actual applications the company runs.

Describe public key encryption.

Introduction to Information Systems

Organizational Strategy, Competitive Advantage, and Information Systems

Ethics and Privacy

Data and Knowledge Management

Telecommunications and Networking

E-Business and E-Commerce

Wireless, Mobile Computing, and Mobile Commerce

Social Computing

Information Systems Within the Organization

Customer Relationship Management and Supply Chain Management

Business Intelligence

Acquiring Information Systems and Applications

Technology Guide 1 : Hardware

Technology Guide 2 : Software

Technology Guide 3 : Cloud Computing

Technology Guide 4 : Intelligent Systems

Technology Guide 5 Protecting Your Information Assets

Filters

Social engineering is typically _ human error on the part of an employee, but it is _ on the part of the attacker.