Question 1

As described in the chapter case, which of the following did hackers use to gain access to the DNC network?

Accepted Answer

A)  Trojan horse 
B)  Phishing emails 
C)  SQL injection attack 
D)  Computer worm 
E)  Pharming attack 
A)  Trojan horse 
B)  Phishing emails 
C)  SQL injection attack 
D)  Computer worm 
E)  Pharming attack

Question 2

Comprehensive security management products, with tools for firewalls, VPNs, intrusion detection systems, and more, are called ________ systems.

Accepted Answer

A)  DPI 
B)  MSSP 
C)  NSP 
D)  PKI 
E)  UTM 
A)  DPI 
B)  MSSP 
C)  NSP 
D)  PKI 
E)  UTM

Question 3

In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.

Accepted Answer

A)  high availability computing 
B)  deep packet inspection 
C)  application proxy filtering 
D)  stateful inspection 
E)  unified threat management 
A)  high availability computing 
B)  deep packet inspection 
C)  application proxy filtering 
D)  stateful inspection 
E)  unified threat management

Question 4

An analysis of an information system that rates the likelihood of a security incident occurring and its cost would be included in which of the following?

Accepted Answer

A)  Security policy 
B)  AUP 
C)  Risk assessment 
D)  Business impact analysis 
E)  Business continuity plan 
A)  Security policy 
B)  AUP 
C)  Risk assessment 
D)  Business impact analysis 
E)  Business continuity plan

Question 5

Which of the following refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems?

Accepted Answer

A)  Security 
B)  Controls 
C)  Benchmarking 
D)  Algorithms 
E)  Identity management 
A)  Security 
B)  Controls 
C)  Benchmarking 
D)  Algorithms 
E)  Identity management

Question 6

All of the following are specific security challenges that threaten the communications lines in a client/server environment except:

Accepted Answer

A)  errors. 
B)  tapping. 
C)  theft and fraud. 
D)  radiation. 
E)  sniffing. 
A)  errors. 
B)  tapping. 
C)  theft and fraud. 
D)  radiation. 
E)  sniffing.

Question 7

Which of the following statements about passwords is not true?

Accepted Answer

A)  Authentication cannot be established by the use of a password. 
B)  Password systems that are too rigorous may hinder employee productivity. 
C)  Passwords can be stolen through social engineering. 
D)  Passwords are often disregarded by employees. 
E)  Passwords can be sniffed when being transmitted over a network. 
A)  Authentication cannot be established by the use of a password. 
B)  Password systems that are too rigorous may hinder employee productivity. 
C)  Passwords can be stolen through social engineering. 
D)  Passwords are often disregarded by employees. 
E)  Passwords can be sniffed when being transmitted over a network.

Question 8

According to Ponemon Institute's 2016 Annual Cost of Cyber Crime Study, the average annualized cost of cybercrime for benchmarked companies in six different countries was approximately:

Accepted Answer

A)  $900,000. 
B)  $9 million. 
C)  $90 million. 
D)  $9 billion. 
E)  $90 billion. 
A)  $900,000. 
B)  $9 million. 
C)  $90 million. 
D)  $9 billion. 
E)  $90 billion.

Question 9

Which of the following techniques stops data packets originating outside the organization, inspects them, and passes the packets to the other side of an organizations firewall?

Accepted Answer

A)  NAT 
B)  Packet filtering 
C)  Deep packet inspection 
D)  Stateful inspection 
E)  Application proxy filtering 
A)  NAT 
B)  Packet filtering 
C)  Deep packet inspection 
D)  Stateful inspection 
E)  Application proxy filtering

Question 10

Which of the following statements about Internet security is not true?

Accepted Answer

A)  The use of P2P networks can expose a corporate computer to outsiders. 
B)  A corporate network without access to the Internet is more secure than one that provides access. 
C)  VoIP is more secure than the switched voice network. 
D)  Instant messaging can provide hackers access to an otherwise secure network. 
E)  Smartphones have the same security weaknesses as other Internet devices. 
A)  The use of P2P networks can expose a corporate computer to outsiders. 
B)  A corporate network without access to the Internet is more secure than one that provides access. 
C)  VoIP is more secure than the switched voice network. 
D)  Instant messaging can provide hackers access to an otherwise secure network. 
E)  Smartphones have the same security weaknesses as other Internet devices.

Question 11

Define computer forensics and describe the types of problems it is designed to address.

Accepted Answer

Computer forensics involves the scientif

Question 12

What is a digital certificate? How does it work?

Accepted Answer

Digital certificates are data files used

Question 13

Symmetric encryption uses two keys.

Accepted Answer

A) True 
 B)False

Question 14

All of the following are types of information systems general controls except:

Accepted Answer

A)  application controls. 
B)  computer operations controls. 
C)  hardware controls. 
D)  software controls. 
E)  administrative controls. 
A)  application controls. 
B)  computer operations controls. 
C)  hardware controls. 
D)  software controls. 
E)  administrative controls.

Question 15

Is the cloud a safer and more secure computing environment than an in-house network? Why or why not?

Accepted Answer

Student evaluations will vary, but shoul

Question 16

Implementation controls:

Accepted Answer

A)  can be classified as input controls, processing controls, and output controls. 
B)  govern the design, security, and use of computer programs and the security of data files in general throughout the organization. 
C)  apply to all computerized applications and consist of a combination of hardware, software, and manual procedures that create an overall control environment. 
D)  include software controls, computer operations controls, and implementation controls. 
E)  Audit the systems development process at various points to ensure that the process is properly controlled and managed. 
A)  can be classified as input controls, processing controls, and output controls. 
B)  govern the design, security, and use of computer programs and the security of data files in general throughout the organization. 
C)  apply to all computerized applications and consist of a combination of hardware, software, and manual procedures that create an overall control environment. 
D)  include software controls, computer operations controls, and implementation controls. 
E)  Audit the systems development process at various points to ensure that the process is properly controlled and managed.

Question 17

________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.

Accepted Answer

A)  Stateful inspections 
B)  Intrusion detection systems 
C)  Application proxy filtering technologies 
D)  Packet filtering technologies 
E)  Firewalls 
A)  Stateful inspections 
B)  Intrusion detection systems 
C)  Application proxy filtering technologies 
D)  Packet filtering technologies 
E)  Firewalls

Question 18

A Trojan horse:

Accepted Answer

A)  is software that appears to be benign but does something other than expected. 
B)  is a virus that replicates quickly. 
C)  is malware named for a breed of fast-moving Near-Eastern horses. 
D)  installs spyware on users' computers. 
E)  is a type of sniffer used to infiltrate corporate networks. 
A)  is software that appears to be benign but does something other than expected. 
B)  is a virus that replicates quickly. 
C)  is malware named for a breed of fast-moving Near-Eastern horses. 
D)  installs spyware on users' computers. 
E)  is a type of sniffer used to infiltrate corporate networks.

Question 19

When a hacker discovers a security hole in software that is unknown to the software vendor it is an example of:

Accepted Answer

A)  sniffing. 
B)  social engineering. 
C)  phishing. 
D)  zero-day vulnerability 
E)  snooping 
A)  sniffing. 
B)  social engineering. 
C)  phishing. 
D)  zero-day vulnerability 
E)  snooping

Question 20

In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?

Accepted Answer

A)  SSL/TLS 
B)  Symmetric key encryption 
C)  Public key encryption 
D)  Private key encryption 
E)  Distributed encryption 
A)  SSL/TLS 
B)  Symmetric key encryption 
C)  Public key encryption 
D)  Private key encryption 
E)  Distributed encryption

As described in the chapter case, which of the following did hackers use to gain access to the DNC network?

Comprehensive security management products, with tools for firewalls, VPNs, intrusion detection systems, and more, are called ________ systems.

In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.

An analysis of an information system that rates the likelihood of a security incident occurring and its cost would be included in which of the following?

Which of the following refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems?

All of the following are specific security challenges that threaten the communications lines in a client/server environment except:

Which of the following statements about passwords is not true?

According to Ponemon Institute's 2016 Annual Cost of Cyber Crime Study, the average annualized cost of cybercrime for benchmarked companies in six different countries was approximately:

Which of the following techniques stops data packets originating outside the organization, inspects them, and passes the packets to the other side of an organizations firewall?

Which of the following statements about Internet security is not true?

Define computer forensics and describe the types of problems it is designed to address.

What is a digital certificate? How does it work?

Symmetric encryption uses two keys.

All of the following are types of information systems general controls except:

Is the cloud a safer and more secure computing environment than an in-house network? Why or why not?

Implementation controls:

________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.

A Trojan horse:

When a hacker discovers a security hole in software that is unknown to the software vendor it is an example of:

In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?

Business Information Systems in Your Career

Global E-Business and Collaboration

Achieving Competitive Advantage With Information Systems

Ethical and Social Issues in Information Systems

It Infrastructure: Hardware and Software

Foundations of Business Intelligence: Databases and Information Management

Telecommunications, the Internet, and Wireless Technology

Achieving Operational Excellence and Customer Intimacy: Enterprise Applications

E-Commerce: Digital Markets, Digital Goods

Improving Decision Making and Managing Knowledge

Building Information Systems and Managing Projects

Filters

Exam 8: Securing Information Systems

As described in the chapter case, which of the following did hackers use to gain access to the DNC network?

Comprehensive security management products, with tools for firewalls, VPNs, intrusion detection systems, and more, are called ________ systems.

In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.

An analysis of an information system that rates the likelihood of a security incident occurring and its cost would be included in which of the following?

Which of the following refers to policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems?

All of the following are specific security challenges that threaten the communications lines in a client/server environment except:

Which of the following statements about passwords is not true?

According to Ponemon Institute's 2016 Annual Cost of Cyber Crime Study, the average annualized cost of cybercrime for benchmarked companies in six different countries was approximately:

Which of the following techniques stops data packets originating outside the organization, inspects them, and passes the packets to the other side of an organizations firewall?

Which of the following statements about Internet security is not true?

Define computer forensics and describe the types of problems it is designed to address.

What is a digital certificate? How does it work?

Symmetric encryption uses two keys.

All of the following are types of information systems general controls except:

Is the cloud a safer and more secure computing environment than an in-house network? Why or why not?

Implementation controls:

________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.

A Trojan horse:

When a hacker discovers a security hole in software that is unknown to the software vendor it is an example of:

In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?

Business Information Systems in Your Career

Global E-Business and Collaboration

Achieving Competitive Advantage With Information Systems

Ethical and Social Issues in Information Systems

It Infrastructure: Hardware and Software

Foundations of Business Intelligence: Databases and Information Management

Telecommunications, the Internet, and Wireless Technology

Achieving Operational Excellence and Customer Intimacy: Enterprise Applications

E-Commerce: Digital Markets, Digital Goods

Improving Decision Making and Managing Knowledge

Building Information Systems and Managing Projects

Filters