Question 1

All risks can be prevented.

Accepted Answer

A) True 
 B)False  False

Question 2

Determining the right level of security is a difficult balance. Explain.

Accepted Answer

Too little security opens the company to attacks, while too much security slows system performance and can impact employee morale and customer satisfaction.

Question 3

Describe what should be included in end-user computing policy.

Accepted Answer

The policy should include items such as reminders that users must comply with corporate security policies and procedures, take care of corporate equipment, and use the company's computer resources and information only for authorized business purposes.
It also sets out responsibilities for backing up data, protecting against viruses, keeping passwords secret, and taking other precautions for protecting the privacy of corporate data.

Question 4

Studies on stock prices of ebusiness entities have shown that security breaches involving access to confidential data and website outages are associated with significant stock price declines.

Accepted Answer

A) True 
 B)False

Question 5

Lack of standards, regulations and rules, and support systems are examples of internal risks associated with new business models.

Accepted Answer

A) True 
 B)False

Question 6

An access control technique used on the web to prevent unauthorized software from masquerading as a person, presenting a set of distorted squiggly letters and numbers that people can decipher but computers cannot is called ________.

Accepted Answer

A)  GOTCHA 
B)  a digitial signature 
C)  CAPTCHA 
D)  a public key 
E)  encryption 
A)  GOTCHA 
B)  a digitial signature 
C)  CAPTCHA 
D)  a public key 
E)  encryption

Question 7

The following are all examples of security controls except:

Accepted Answer

A)  policies on putting test applications into production 
B)  monitoring employee emails for personal messages 
C)  requiring passwords to access important applications 
D)  requiring users to change passwords every thirty days 
E)  documenting backup policies and procedures 
A)  policies on putting test applications into production 
B)  monitoring employee emails for personal messages 
C)  requiring passwords to access important applications 
D)  requiring users to change passwords every thirty days 
E)  documenting backup policies and procedures

Question 8

More than half the damage suffered in security breaches is caused by:

Accepted Answer

A)  the inability to safely answer questionnaires. 
B)  carelessness, errors, or omissions. 
C)  having email read by unauthorized persons. 
D)  failure to lock the web browsers. 
E)  not having a firewall to protect the data . 
A)  the inability to safely answer questionnaires. 
B)  carelessness, errors, or omissions. 
C)  having email read by unauthorized persons. 
D)  failure to lock the web browsers. 
E)  not having a firewall to protect the data .

Question 9

The use of electronic devices attached to transmission lines that can detect and capture data transmissions on those lines is called:

Accepted Answer

A)  Certificate Authorities (CAS). 
B)  check digits. 
C)  sniffing. 
D)  a digital certificate. 
E)  a disaster recovery plan. 
A)  Certificate Authorities (CAS). 
B)  check digits. 
C)  sniffing. 
D)  a digital certificate. 
E)  a disaster recovery plan.

Question 10

An International Development System (IDS) monitors devices and processes for security threats and can alert security personnel of the occurrence of unusual activity as it occurs.

Accepted Answer

A) True 
 B)False

Question 11

The concept of non-repudiation refers to:

Accepted Answer

A)  the inability to deny who the sender of data was. 
B)  the inability to identify who the sender of data was. 
C)  the automatic destruction of data after it has been sent. 
D)  a virus which destroys a user's hard drive. 
E)  a network scenario where backup procedures are carried out. 
A)  the inability to deny who the sender of data was. 
B)  the inability to identify who the sender of data was. 
C)  the automatic destruction of data after it has been sent. 
D)  a virus which destroys a user's hard drive. 
E)  a network scenario where backup procedures are carried out.

Question 12

The annual report of Canadian Tire's financial activities contains a tag containing the time that it was created, modified and moved. This is an example of ________.

Accepted Answer

A)  auto tagging 
B)  digital tagging 
C)  time stamping 
D)  authentication 
E)  auto stamping 
A)  auto tagging 
B)  digital tagging 
C)  time stamping 
D)  authentication 
E)  auto stamping

Question 13

An employee created a new database system to track promotional materials and linked it into the ERP system. Soon after, the ERP system's inventory module suffered a crash. This crash is likely the result of ________.

Accepted Answer

A)  physical controls 
B)  non-repudiation 
C)  developmental controls 
D)  digital signatures 
E)  firewall errors 
A)  physical controls 
B)  non-repudiation 
C)  developmental controls 
D)  digital signatures 
E)  firewall errors

Question 14

When logging on to a network server, authentication would mean that:

Accepted Answer

A)  the user is permitted to look at specific directories on the server. 
B)  the password has expired. 
C)  the server is using VPN technology. 
D)  the client computer is recognized by the server. 
E)  all of the above 
A)  the user is permitted to look at specific directories on the server. 
B)  the password has expired. 
C)  the server is using VPN technology. 
D)  the client computer is recognized by the server. 
E)  all of the above

Question 15

Biometrics include all of the following except:

Accepted Answer

A)  signatures. 
B)  fingerprints. 
C)  passwords 
D)  voice recognition. 
E)  retina scans 
A)  signatures. 
B)  fingerprints. 
C)  passwords 
D)  voice recognition. 
E)  retina scans

Question 16

Which of the following would be part of the disaster recovery plan of a company?

Accepted Answer

A)  operations controls 
B)  physical controls 
C)  backup hardware locations 
D)  the number of check digits there should be in the application controls 
E)  none of the above 
A)  operations controls 
B)  physical controls 
C)  backup hardware locations 
D)  the number of check digits there should be in the application controls 
E)  none of the above

Question 17

There are two broad categories of controls. These are:

Accepted Answer

A)  general and applications controls. 
B)  security and access controls. 
C)  firewall and biometric controls. 
D)  logical and operations controls. 
E)  management and business process 
A)  general and applications controls. 
B)  security and access controls. 
C)  firewall and biometric controls. 
D)  logical and operations controls. 
E)  management and business process

Question 18

Logical access controls include locking the door to the server room.

Accepted Answer

A) True 
 B)False

Question 19

The following is an example of an applications control:

Accepted Answer

A)  a password is required to log onto the network 
B)  the security manager has written an internet-use policy 
C)  email is backed up on a storage area network 
D)  an input mask ensures data is entered appropriately 
E)  none of the above 
A)  a password is required to log onto the network 
B)  the security manager has written an internet-use policy 
C)  email is backed up on a storage area network 
D)  an input mask ensures data is entered appropriately 
E)  none of the above

Question 20

Viruses can potentially result in:

Accepted Answer

A)  destruction of data. 
B)  inappropriate access to data. 
C)  slowing of network traffic. 
D)  employee downtime. 
E)  all of the above 
A)  destruction of data. 
B)  inappropriate access to data. 
C)  slowing of network traffic. 
D)  employee downtime. 
E)  all of the above

All risks can be prevented.

Determining the right level of security is a difficult balance. Explain.

Describe what should be included in end-user computing policy.

Studies on stock prices of ebusiness entities have shown that security breaches involving access to confidential data and website outages are associated with significant stock price declines.

Lack of standards, regulations and rules, and support systems are examples of internal risks associated with new business models.

An access control technique used on the web to prevent unauthorized software from masquerading as a person, presenting a set of distorted squiggly letters and numbers that people can decipher but computers cannot is called ________.

The following are all examples of security controls except:

More than half the damage suffered in security breaches is caused by:

The use of electronic devices attached to transmission lines that can detect and capture data transmissions on those lines is called:

An International Development System (IDS) monitors devices and processes for security threats and can alert security personnel of the occurrence of unusual activity as it occurs.

The concept of non-repudiation refers to:

The annual report of Canadian Tire's financial activities contains a tag containing the time that it was created, modified and moved. This is an example of ________.

An employee created a new database system to track promotional materials and linked it into the ERP system. Soon after, the ERP system's inventory module suffered a crash. This crash is likely the result of ________.

When logging on to a network server, authentication would mean that:

Biometrics include all of the following except:

Which of the following would be part of the disaster recovery plan of a company?

There are two broad categories of controls. These are:

Logical access controls include locking the door to the server room.

The following is an example of an applications control:

Viruses can potentially result in:

Introduction to Ebusiness

Internet Business Models and Strategies

Evolution and Applications of the Internet

Enterprise-Wide and Inter-Enterprise Systems

Billing and Payment Systems

Supply-Chain Management

Eprocurement, Trading Exchanges, and Auctions

Customer Relationship Management

Business Intelligence

E-marketing and Advertising

Metrics for Performance Measurement in E-commerce

Privacy, Legal, and Taxation Issues in Ecommerce

Ecommerce and Small Business

Filters

Exam 5: Security and Controls

All risks can be prevented.

Determining the right level of security is a difficult balance. Explain.

Describe what should be included in end-user computing policy.

Studies on stock prices of ebusiness entities have shown that security breaches involving access to confidential data and website outages are associated with significant stock price declines.

Lack of standards, regulations and rules, and support systems are examples of internal risks associated with new business models.

An access control technique used on the web to prevent unauthorized software from masquerading as a person, presenting a set of distorted squiggly letters and numbers that people can decipher but computers cannot is called ________.

The following are all examples of security controls except:

More than half the damage suffered in security breaches is caused by:

The use of electronic devices attached to transmission lines that can detect and capture data transmissions on those lines is called:

An International Development System (IDS) monitors devices and processes for security threats and can alert security personnel of the occurrence of unusual activity as it occurs.

The concept of non-repudiation refers to:

The annual report of Canadian Tire's financial activities contains a tag containing the time that it was created, modified and moved. This is an example of ________.

An employee created a new database system to track promotional materials and linked it into the ERP system. Soon after, the ERP system's inventory module suffered a crash. This crash is likely the result of ________.

When logging on to a network server, authentication would mean that:

Biometrics include all of the following except:

Which of the following would be part of the disaster recovery plan of a company?

There are two broad categories of controls. These are:

Logical access controls include locking the door to the server room.

The following is an example of an applications control:

Viruses can potentially result in:

Introduction to Ebusiness

Internet Business Models and Strategies

Evolution and Applications of the Internet

Enterprise-Wide and Inter-Enterprise Systems

Billing and Payment Systems

Supply-Chain Management

Eprocurement, Trading Exchanges, and Auctions

Customer Relationship Management

Business Intelligence

E-marketing and Advertising

Metrics for Performance Measurement in E-commerce

Privacy, Legal, and Taxation Issues in Ecommerce

Ecommerce and Small Business

Filters