Question 1

What are the three general sources of security threats?

Accepted Answer

A security threat is a challenge to the integrity of information systems that arises from one of three sources: human errors and mistakes, computer crime, and natural events and disasters. Human errors and mistakes include accidental problems caused by both employees and nonemployees. Computer crime includes employees and former employees who intentionally destroy data or other system components. It also includes hackers who break into a system and virus and worm writers who infect computer systems. Natural events and disasters include fires, floods, hurricanes, earthquakes, tsunamis, avalanches, and other acts of nature. Problems in this category include not only the initial loss of capability and service, but also losses stemming from actions to recover from the initial problem.

Question 2

________ are small files that enables a browser to access Web sites without having to sign in every time.

Accepted Answer

A) Cookies 
B) Botnets 
C) Payloads 
D) Public keys 
A) Cookies 
B) Botnets 
C) Payloads 
D) Public keys A

Question 3

What is the basic information that a security policy must stipulate?

Accepted Answer

At a minimum, a security policy should stipulate:
• What sensitive data the organization will store
• How it will process that data
• Whether data will be shared with other organizations
• How employees and others can obtain copies of data stored about them
• How employees and others can request changes to inaccurate data

Question 4

In the context of security threats, pretexting, sniffing, spoofing, and phishing are all examples of ________.

Accepted Answer

A) unauthorized data disclosure 
B) incorrect data modification 
C) faulty services 
D) loss of infrastructure 
A) unauthorized data disclosure 
B) incorrect data modification 
C) faulty services 
D) loss of infrastructure

Question 5

A denial-of-service attack is launched when a hacker floods a Web server with millions of bogus service requests.

Accepted Answer

A) True 
 B)False

Question 6

What is meant by denial of service?

Accepted Answer

Human error in following procedures, or

Question 7

Improper data disclosure and data damage and loss are possible consequences of an SQL injection attack.

Accepted Answer

A) True 
 B)False

Question 8

Jason attempts to hack into a banking site to steal customer information. He finds the security of the Web site lacking and is able to access the site with ease. Jason is arrested the next day and charged with computer crime. The banking site was able to track Jason's IP address because he had unknowingly attacked a ________.

Accepted Answer

A) botnet 
B) hot site 
C) honeypot 
D) Web beacon 
A) botnet 
B) hot site 
C) honeypot 
D) Web beacon

Question 9

Which of the following usually happens in a malicious denial-of-service attack?

Accepted Answer

A) A hacker monitors and intercepts wireless traffic at will. 
B) A hacker floods a Web server with millions of bogus service requests. 
C) An intruder uses another site's IP address to masquerade as that other site. 
D) A phisher pretends to be a legitimate company and requests confidential data. 
A) A hacker monitors and intercepts wireless traffic at will. 
B) A hacker floods a Web server with millions of bogus service requests. 
C) An intruder uses another site's IP address to masquerade as that other site. 
D) A phisher pretends to be a legitimate company and requests confidential data.

Question 10

Which of the following statements is true about the position definitions component of human safeguards?

Accepted Answer

A) System administrators should retain user accounts after an employee has been terminated. 
B) All employees must be provided with uniform, general training on security regardless of the sensitivity of their positions. 
C) Documenting position sensitivity enables security personnel to prioritize their activities based on possible risk. 
D) Holding public users of Web sites accountable for security violations is easy and inexpensive. 
A) System administrators should retain user accounts after an employee has been terminated. 
B) All employees must be provided with uniform, general training on security regardless of the sensitivity of their positions. 
C) Documenting position sensitivity enables security personnel to prioritize their activities based on possible risk. 
D) Holding public users of Web sites accountable for security violations is easy and inexpensive.

Question 11

Which of the following statements is true about biometric identification?

Accepted Answer

A) It involves the use of a personal identification number (PIN)for authentication. 
B) It provides weak authentication. 
C) It is a relatively inexpensive mode of authentication. 
D) It often faces resistance from users for its invasive nature. 
A) It involves the use of a personal identification number (PIN)for authentication. 
B) It provides weak authentication. 
C) It is a relatively inexpensive mode of authentication. 
D) It often faces resistance from users for its invasive nature.

Question 12

________ involve the people and procedure components of information systems.

Accepted Answer

A) Firewalls 
B) Technical safeguards 
C) Human safeguards 
D) Payloads 
A) Firewalls 
B) Technical safeguards 
C) Human safeguards 
D) Payloads

Question 13

What is key escrow?

Accepted Answer

An organization should protect sensitive

Question 14

Define encryption and explain symmetric and asymmetric encryption for computer systems.

Accepted Answer

Encryption is the process of transformin

Question 15

The process of hardening a Web site is a ________ safeguard.

Accepted Answer

A) political 
B) financial 
C) technical 
D) physical 
A) political 
B) financial 
C) technical 
D) physical

Question 16

In the context of malware protection, the program code that causes the unwanted actions is called the ________.

Accepted Answer

A) payload 
B) kernel 
C) bot herder 
D) key escrow 
A) payload 
B) kernel 
C) bot herder 
D) key escrow

Question 17

Key escrow is a(n)________.

Accepted Answer

A) protocol used to secure communication over the internet 
B) safety procedure that allows a trusted party to have a copy of the encryption key 
C) device that prevents unauthorized network access 
D) encryption algorithm that uses both public and private keys 
A) protocol used to secure communication over the internet 
B) safety procedure that allows a trusted party to have a copy of the encryption key 
C) device that prevents unauthorized network access 
D) encryption algorithm that uses both public and private keys

Question 18

Spoofing occurs when a person receives a confidential text message by mistake.

Accepted Answer

A) True 
 B)False

Question 19

The computers that run the DBMS and all devices that store database data should reside in locked, controlled-access facilities. This is done to ________.

Accepted Answer

A) stop SQL injection attacks 
B) prevent email spoofing 
C) prevent brute force attacks 
D) provide physical security 
A) stop SQL injection attacks 
B) prevent email spoofing 
C) prevent brute force attacks 
D) provide physical security

Question 20

What is a virus? Differentiate between Trojan horses and worms.

Accepted Answer

A virus is a computer program that repli

What are the three general sources of security threats?

________ are small files that enables a browser to access Web sites without having to sign in every time.

What is the basic information that a security policy must stipulate?

In the context of security threats, pretexting, sniffing, spoofing, and phishing are all examples of ________.

A denial-of-service attack is launched when a hacker floods a Web server with millions of bogus service requests.

What is meant by denial of service?

Improper data disclosure and data damage and loss are possible consequences of an SQL injection attack.

Which of the following usually happens in a malicious denial-of-service attack?

Which of the following statements is true about the position definitions component of human safeguards?

Which of the following statements is true about biometric identification?

________ involve the people and procedure components of information systems.

What is key escrow?

Define encryption and explain symmetric and asymmetric encryption for computer systems.

The process of hardening a Web site is a ________ safeguard.

In the context of malware protection, the program code that causes the unwanted actions is called the ________.

Key escrow is a(n)________.

Spoofing occurs when a person receives a confidential text message by mistake.

The computers that run the DBMS and all devices that store database data should reside in locked, controlled-access facilities. This is done to ________.

What is a virus? Differentiate between Trojan horses and worms.

The Importance of Mis

Collaboration Information Systems

Strategy and Information Systems

Hardware, Software, and Mobile Systems

Database Processing

The Cloud

Processes, Organizations, and Information Systems

Social Media Information Systems

Business Intelligence Systems

Information Systems Management

Information Systems Development

Filters

Exam 10: Information Systems Security

What are the three general sources of security threats?

________ are small files that enables a browser to access Web sites without having to sign in every time.

What is the basic information that a security policy must stipulate?

In the context of security threats, pretexting, sniffing, spoofing, and phishing are all examples of ________.

A denial-of-service attack is launched when a hacker floods a Web server with millions of bogus service requests.

What is meant by denial of service?

Improper data disclosure and data damage and loss are possible consequences of an SQL injection attack.

Which of the following usually happens in a malicious denial-of-service attack?

Which of the following statements is true about the position definitions component of human safeguards?

Which of the following statements is true about biometric identification?

________ involve the people and procedure components of information systems.

What is key escrow?

Define encryption and explain symmetric and asymmetric encryption for computer systems.

The process of hardening a Web site is a ________ safeguard.

In the context of malware protection, the program code that causes the unwanted actions is called the ________.

Key escrow is a(n)________.

Spoofing occurs when a person receives a confidential text message by mistake.

The computers that run the DBMS and all devices that store database data should reside in locked, controlled-access facilities. This is done to ________.

What is a virus? Differentiate between Trojan horses and worms.

The Importance of Mis

Collaboration Information Systems

Strategy and Information Systems

Hardware, Software, and Mobile Systems

Database Processing

The Cloud

Processes, Organizations, and Information Systems

Social Media Information Systems

Business Intelligence Systems

Information Systems Management

Information Systems Development

Filters