Question 1

The objective of IT security management practices is to defend __________.

Accepted Answer

A) data and data processing capabilities 
B) hardware and software applications and wireless devices 
C) data and networks 
D) data,hardware,software applications,and networks 
A) data and data processing capabilities 
B) hardware and software applications and wireless devices 
C) data and networks 
D) data,hardware,software applications,and networks D

Question 2

__________,such as AirSnort and WEPcrack,are readily available tools that can be used to gain unauthorized access to networks putting them at great risk.

Accepted Answer

A) Wireless packet analyzers 
B) Password crackers 
C) Firewall sniffers 
D) Intrusion detectors 
A) Wireless packet analyzers 
B) Password crackers 
C) Firewall sniffers 
D) Intrusion detectors A

Question 3

__________ is the elapsed time between when vulnerability is discovered and when it's exploited and has shrunk from months to __________.

Accepted Answer

A) Time-to-exploitation;weeks 
B) Time-to-exploitation;minutes 
C) Denial of service;days 
D) Denial of service;seconds 
A) Time-to-exploitation;weeks 
B) Time-to-exploitation;minutes 
C) Denial of service;days 
D) Denial of service;seconds B

Question 4

Locking a Blackberry does not provide strong data protection.Why?

Accepted Answer

A) Security company IronKey reported that password cracking software can quickly copy the contents of a BlackBerry's SD card and crack a 4-digit PIN in 30 seconds. 
B) Password cracking software can crack security on a handheld device without alerting the owner that the device's security has been compromised. 
C) password cracking software can store log-in information for the cracked handheld,allowing a hacker to access the hacked device again,unless the user changes the password. 
D) All of the above. 
A) Security company IronKey reported that password cracking software can quickly copy the contents of a BlackBerry's SD card and crack a 4-digit PIN in 30 seconds. 
B) Password cracking software can crack security on a handheld device without alerting the owner that the device's security has been compromised. 
C) password cracking software can store log-in information for the cracked handheld,allowing a hacker to access the hacked device again,unless the user changes the password. 
D) All of the above.

Question 5

Firewalls and intrusion detection systems are placed throughout networks to monitor and control traffic into and out of a network.

Accepted Answer

A) True 
 B)False

Question 6

Why are internal threats a major challenge for organizations? How can internal threats be minimized?

Accepted Answer

Threats from employees,referred to as in

Question 7

The theft of confidential account data from HSBC Private Bank in Switzerland in 2007 had been done by hackers because of inadequate security controls.

Accepted Answer

A) True 
 B)False

Question 8

All Internet traffic,which travels as packets,should have to pass through a(n)__________ ,but that is rarely the case for instant messages and wireless traffic.

Accepted Answer

The answer of All Internet traffic,which travels as packets,should have...

Question 9

Network security involves three types of defenses,which are referred to as layers.Those layers consist of each of the following except:

Accepted Answer

A) perimeter security layer to control access to the network. 
B) authentication layer to verify the identity of the person requesting access to the network. 
C) biometrics layer to monitor network usage. 
D) authorization layer to control what authenticated users can do once they are given access to the network. 
A) perimeter security layer to control access to the network. 
B) authentication layer to verify the identity of the person requesting access to the network. 
C) biometrics layer to monitor network usage. 
D) authorization layer to control what authenticated users can do once they are given access to the network.

Question 10

Internal fraud prevention and detection measures are based on __________ and __________.

Accepted Answer

A) a detailed recovery plan;containment,including a fault-tolerant system 
B) perimeter defense technologies,such as e-mail scanners;human resource procedures,such as recruitment screening 
C) general controls;application controls 
D) physical controls,including authorization;authentication systems 
A) a detailed recovery plan;containment,including a fault-tolerant system 
B) perimeter defense technologies,such as e-mail scanners;human resource procedures,such as recruitment screening 
C) general controls;application controls 
D) physical controls,including authorization;authentication systems

Question 11

Implementing security programs raises many ethical issues.Identify two of these ethical issues.

Accepted Answer

Answers will vary.Implementing security

Question 12

A __________ is a system,or group of systems,that enforces an access-control policy between two networks.

Accepted Answer

A) firewall 
B) switch 
C) router 
D) gateway 
A) firewall 
B) switch 
C) router 
D) gateway

Question 13

Bernard Madoff is in jail after pleading guilty in 2009 to the biggest fraud in Wall Street history.Madoff carried out his fraud over four decades by relying on __________.

Accepted Answer

A) financial expertise and human error 
B) social engineering and the predictability of human nature 
C) red flags and accounting loopholes 
D) unbelievable returns that defied the market 
A) financial expertise and human error 
B) social engineering and the predictability of human nature 
C) red flags and accounting loopholes 
D) unbelievable returns that defied the market

Question 14

A fiduciary responsibility is both a legal and an ethical obligation.

Accepted Answer

A) True 
 B)False

Question 15

Corporate and government secrets are currently being stolen by a serious threat called advanced persistent threat (APT),which are designed for long-term espionage.Once installed on a network,ATPs transmit copies of documents,such as Microsoft Office files and PDFs,in stealth mode.

Accepted Answer

A) True 
 B)False

Question 16

__________ is the chain of events linking the business continuity plan to protection and to recovery.

Accepted Answer

A) Disaster recovery 
B) Auditing 
C) Date recovery 
D) Internal control 
A) Disaster recovery 
B) Auditing 
C) Date recovery 
D) Internal control

Question 17

Despite the challenges organizations face trying to protect against threats from employees,insider incidents can be minimized with a layered defense strategy consisting of security procedures,acceptable use policies,and technology controls.

Accepted Answer

A) True 
 B)False

Question 18

When new vulnerabilities are found in operating systems,applications,or wired and wireless networks,vendors of those products release __________ or __________ to fix the vulnerabilities.

Accepted Answer

A) patches;service packs 
B) patches;downloads 
C) firewalls;spyware 
D) service packs;firewalls 
A) patches;service packs 
B) patches;downloads 
C) firewalls;spyware 
D) service packs;firewalls

Question 19

Physical security includes several controls.Which of the following is not a type of physical control?

Accepted Answer

A) Security bonds or malfeasance insurance for key employees 
B) Emergency power shutoff and backup batteries 
C) Shielding against electromagnetic fields 
D) Properly designed and maintained air-conditioning systems 
A) Security bonds or malfeasance insurance for key employees 
B) Emergency power shutoff and backup batteries 
C) Shielding against electromagnetic fields 
D) Properly designed and maintained air-conditioning systems

Question 20

The Sarbanes-Oxley Act (SOX):

Accepted Answer

A) is an antifraud law. 
B) forces more accurate business reporting and disclosure of GAAP (generally accepted accounting principles)violations. 
C) makes it necessary to find and root out fraud. 
D) All of the above 
A) is an antifraud law. 
B) forces more accurate business reporting and disclosure of GAAP (generally accepted accounting principles)violations. 
C) makes it necessary to find and root out fraud. 
D) All of the above

The objective of IT security management practices is to defend __________.

__________,such as AirSnort and WEPcrack,are readily available tools that can be used to gain unauthorized access to networks putting them at great risk.

is the elapsed time between when vulnerability is discovered and when it's exploited and has shrunk from months to .

Locking a Blackberry does not provide strong data protection.Why?

Firewalls and intrusion detection systems are placed throughout networks to monitor and control traffic into and out of a network.

Why are internal threats a major challenge for organizations? How can internal threats be minimized?

The theft of confidential account data from HSBC Private Bank in Switzerland in 2007 had been done by hackers because of inadequate security controls.

All Internet traffic,which travels as packets,should have to pass through a(n)__________ ,but that is rarely the case for instant messages and wireless traffic.

Network security involves three types of defenses,which are referred to as layers.Those layers consist of each of the following except:

Internal fraud prevention and detection measures are based on and .

Implementing security programs raises many ethical issues.Identify two of these ethical issues.

A __________ is a system,or group of systems,that enforces an access-control policy between two networks.

Bernard Madoff is in jail after pleading guilty in 2009 to the biggest fraud in Wall Street history.Madoff carried out his fraud over four decades by relying on __________.

A fiduciary responsibility is both a legal and an ethical obligation.

Corporate and government secrets are currently being stolen by a serious threat called advanced persistent threat (APT),which are designed for long-term espionage.Once installed on a network,ATPs transmit copies of documents,such as Microsoft Office files and PDFs,in stealth mode.

__________ is the chain of events linking the business continuity plan to protection and to recovery.

Despite the challenges organizations face trying to protect against threats from employees,insider incidents can be minimized with a layered defense strategy consisting of security procedures,acceptable use policies,and technology controls.

When new vulnerabilities are found in operating systems,applications,or wired and wireless networks,vendors of those products release or to fix the vulnerabilities.

Physical security includes several controls.Which of the following is not a type of physical control?

The Sarbanes-Oxley Act (SOX):

Information Systems in the 2010s

Infrastructure and Support Systems

Data,text,and Document Management

Network Management and Mobility

E-Business and E-Commerce

Mobile Computing and Commerce

Web 2.0 and Social Media

Operational Planning and Control Systems

Enterprise Information Systems

Business Intelligence and Decision Support

IT Strategic Planning

Business Process Management and Systems Development

Global Ecology, Ethics, and Social Responsibility

Filters

Exam 5: IT Security,crime,compliance,and Continuity

The objective of IT security management practices is to defend __________.

__________,such as AirSnort and WEPcrack,are readily available tools that can be used to gain unauthorized access to networks putting them at great risk.

__________ is the elapsed time between when vulnerability is discovered and when it's exploited and has shrunk from months to __________.

Locking a Blackberry does not provide strong data protection.Why?

Firewalls and intrusion detection systems are placed throughout networks to monitor and control traffic into and out of a network.

Why are internal threats a major challenge for organizations? How can internal threats be minimized?

The theft of confidential account data from HSBC Private Bank in Switzerland in 2007 had been done by hackers because of inadequate security controls.

All Internet traffic,which travels as packets,should have to pass through a(n)__________ ,but that is rarely the case for instant messages and wireless traffic.

Network security involves three types of defenses,which are referred to as layers.Those layers consist of each of the following except:

Internal fraud prevention and detection measures are based on __________ and __________.

Implementing security programs raises many ethical issues.Identify two of these ethical issues.

A __________ is a system,or group of systems,that enforces an access-control policy between two networks.

Bernard Madoff is in jail after pleading guilty in 2009 to the biggest fraud in Wall Street history.Madoff carried out his fraud over four decades by relying on __________.

A fiduciary responsibility is both a legal and an ethical obligation.

Corporate and government secrets are currently being stolen by a serious threat called advanced persistent threat (APT),which are designed for long-term espionage.Once installed on a network,ATPs transmit copies of documents,such as Microsoft Office files and PDFs,in stealth mode.

__________ is the chain of events linking the business continuity plan to protection and to recovery.

Despite the challenges organizations face trying to protect against threats from employees,insider incidents can be minimized with a layered defense strategy consisting of security procedures,acceptable use policies,and technology controls.

When new vulnerabilities are found in operating systems,applications,or wired and wireless networks,vendors of those products release __________ or __________ to fix the vulnerabilities.

Physical security includes several controls.Which of the following is not a type of physical control?

The Sarbanes-Oxley Act (SOX):

Information Systems in the 2010s

Infrastructure and Support Systems

Data,text,and Document Management

Network Management and Mobility

E-Business and E-Commerce

Mobile Computing and Commerce

Web 2.0 and Social Media

Operational Planning and Control Systems

Enterprise Information Systems

Business Intelligence and Decision Support

IT Strategic Planning

Business Process Management and Systems Development

Global Ecology, Ethics, and Social Responsibility

Filters

is the elapsed time between when vulnerability is discovered and when it's exploited and has shrunk from months to .

Internal fraud prevention and detection measures are based on and .

When new vulnerabilities are found in operating systems,applications,or wired and wireless networks,vendors of those products release or to fix the vulnerabilities.