Question 1

The security of each computer on the Internet is independent of the security of all other computers on the Internet.

Accepted Answer

A) True 
 B)False

Question 2

Contrast spyware and spamware.

Accepted Answer

The answer of Contrast spyware and spamware....

Question 3

_____ involves building an inappropriate trust relationship with employees for the purpose of gaining sensitive information or unauthorized access privileges.

Accepted Answer

A)  Tailgating 
B)  Hacking 
C)  Spoofing 
D)  Social engineering 
E)  Spamming 
A)  Tailgating 
B)  Hacking 
C)  Spoofing 
D)  Social engineering 
E)  Spamming

Question 4

In its study of various organizations, the Ponemon Institute found that the most common cause of data breaches was:

Accepted Answer

A)  weak passwords. 
B)  unattended computers. 
C)  employee negligence. 
D)  contract labor, such as consultants. 
E)  poor antivirus software. 
A)  weak passwords. 
B)  unattended computers. 
C)  employee negligence. 
D)  contract labor, such as consultants. 
E)  poor antivirus software.

Question 5

Which of the following statements is false?

Accepted Answer

A)  Credit card companies usually block stolen credit cards rather than prosecute. 
B)  People tend to shortcut security procedures because the procedures are inconvenient. 
C)  It is easy to assess the value of a hypothetical attack. 
D)  The online commerce industry isn't willing to install safeguards on credit card transactions. 
E)  The cost of preventing computer crimes can be very high. 
A)  Credit card companies usually block stolen credit cards rather than prosecute. 
B)  People tend to shortcut security procedures because the procedures are inconvenient. 
C)  It is easy to assess the value of a hypothetical attack. 
D)  The online commerce industry isn't willing to install safeguards on credit card transactions. 
E)  The cost of preventing computer crimes can be very high.

Question 6

Discuss the possible consequences of a terrorist attack on a supervisory control and data acquisition (SCADA) system.

Accepted Answer

The answer of Discuss the possible consequences of a terrorist...

Question 7

Which of the following is not a characteristic of strong passwords?

Accepted Answer

A)  They are difficult to guess. 
B)  They contain special characters. 
C)  They are not a recognizable word. 
D)  They are not a recognizable string of numbers 
E)  They tend to be short so they are easy to remember. 
A)  They are difficult to guess. 
B)  They contain special characters. 
C)  They are not a recognizable word. 
D)  They are not a recognizable string of numbers 
E)  They tend to be short so they are easy to remember.

Question 8

Which of the following is not a strategy for mitigating the risk of threats against information?

Accepted Answer

A)  Continue operating with no controls and absorb any damages that occur 
B)  Transfer the risk by purchasing insurance. 
C)  Implement controls that minimize the impact of the threat 
D)  Install controls that block the risk. 
E)  All of the above are strategies for mitigating risk. 
A)  Continue operating with no controls and absorb any damages that occur 
B)  Transfer the risk by purchasing insurance. 
C)  Implement controls that minimize the impact of the threat 
D)  Install controls that block the risk. 
E)  All of the above are strategies for mitigating risk.

Question 9

Describe how a digital certificate works.

Accepted Answer

The answer of Describe how a digital certificate works....

Question 10

Organizations utilize layers of controls because they face so many diverse threats to information security.

Accepted Answer

A) True 
 B)False

Question 11

Dumpster diving is always illegal because it involves trespassing on private property.

Accepted Answer

A) True 
 B)False

Question 12

A _____ is any danger to which an information resource may be exposed.

Accepted Answer

A)  vulnerability 
B)  risk 
C)  control 
D)  threat 
E)  compromise 
A)  vulnerability 
B)  risk 
C)  control 
D)  threat 
E)  compromise

Question 13

Unintentional threats to information systems include all of the following except:

Accepted Answer

A)  malicious software 
B)  tailgating 
C)  power outage 
D)  lack of user experience 
E)  tornados 
A)  malicious software 
B)  tailgating 
C)  power outage 
D)  lack of user experience 
E)  tornados

Question 14

An information system's _____ is the possibility that the system will be harmed by a threat.

Accepted Answer

A)  vulnerability 
B)  risk 
C)  control 
D)  danger 
E)  compromise 
A)  vulnerability 
B)  risk 
C)  control 
D)  danger 
E)  compromise

Question 15

Biometrics are an example of:

Accepted Answer

A)  something the user is. 
B)  something the user wants. 
C)  something the user has. 
D)  something the user knows. 
E)  something the user does. 
A)  something the user is. 
B)  something the user wants. 
C)  something the user has. 
D)  something the user knows. 
E)  something the user does.

Question 16

Refer to IT's About Business 4.4 - Information Security at City National Bank and Trust: Using the M86 Security software allowed City National Bank and Trust to do all of the following except:

Accepted Answer

A)  Apply policy-based standards for e-mail. 
B)  Comply with Sarbanes-Oxley. 
C)  Categorize Web sites and block questionable ones. 
D)  Provide all employees with secure access to external e-mail. 
E)  Prevent employees from downloading potentially dangerous files. 
A)  Apply policy-based standards for e-mail. 
B)  Comply with Sarbanes-Oxley. 
C)  Categorize Web sites and block questionable ones. 
D)  Provide all employees with secure access to external e-mail. 
E)  Prevent employees from downloading potentially dangerous files.

Question 17

Voice recognition is an example of "something a user does" authentication.

Accepted Answer

A) True 
 B)False

Question 18

Explain why anti-malware software is classified as reactive.

Accepted Answer

The answer of Explain why anti-malware software is classified as...

Question 19

Refer to IT's About Business 4.3 - The Stuxnet Worm: Which of the following statements is true?

Accepted Answer

A)  The worm targeted large data warehouses. 
B)  The worm was fairly simplistic. 
C)  The worm spread from Iran to other countries. 
D)  The worm probably only took a month to build. 
E)  The worm specifically targeted nuclear facilities. 
A)  The worm targeted large data warehouses. 
B)  The worm was fairly simplistic. 
C)  The worm spread from Iran to other countries. 
D)  The worm probably only took a month to build. 
E)  The worm specifically targeted nuclear facilities.

Question 20

A _____ attack uses deception to fraudulently acquire sensitive personal information by masquerading as an official e-mail.

Accepted Answer

A)  Zero-day 
B)  Denial-of-service 
C)  Distributed denial-of-service 
D)  Phishing 
E)  Brute force dictionary 
A)  Zero-day 
B)  Denial-of-service 
C)  Distributed denial-of-service 
D)  Phishing 
E)  Brute force dictionary

The security of each computer on the Internet is independent of the security of all other computers on the Internet.

Contrast spyware and spamware.

_____ involves building an inappropriate trust relationship with employees for the purpose of gaining sensitive information or unauthorized access privileges.

In its study of various organizations, the Ponemon Institute found that the most common cause of data breaches was:

Which of the following statements is false?

Discuss the possible consequences of a terrorist attack on a supervisory control and data acquisition (SCADA) system.

Which of the following is not a characteristic of strong passwords?

Which of the following is not a strategy for mitigating the risk of threats against information?

Describe how a digital certificate works.

Organizations utilize layers of controls because they face so many diverse threats to information security.

Dumpster diving is always illegal because it involves trespassing on private property.

A _____ is any danger to which an information resource may be exposed.

Unintentional threats to information systems include all of the following except:

An information system's _____ is the possibility that the system will be harmed by a threat.

Biometrics are an example of:

Refer to IT's About Business 4.4 - Information Security at City National Bank and Trust: Using the M86 Security software allowed City National Bank and Trust to do all of the following except:

Voice recognition is an example of "something a user does" authentication.

Explain why anti-malware software is classified as reactive.

Refer to IT's About Business 4.3 - The Stuxnet Worm: Which of the following statements is true?

A _____ attack uses deception to fraudulently acquire sensitive personal information by masquerading as an official e-mail.

Introduction to Information Systems

Organizational Strategy, Competitive Advantage, and Information Systems

Ethics and Privacy

Data and Knowledge Management

Telecommunications and Networking

E-Business and E-Commerce

Wireless, Mobile Computing, and Mobile Commerce

Social Computing

Information Systems Within the Organization

Customer Relationship Management and Supply Chain Management

Business Intelligence

Acquiring Information Systems and Applications

Technology Guide 1 Hardware

Technology Guide 2 Software

Technology Guide 3 Cloud Computing

Technology Guide 4 Intelligent Systems

Technology Guide 5 Protecting Your Information Assets

Filters

Exam 4: Information Security and Controls

The security of each computer on the Internet is independent of the security of all other computers on the Internet.

Contrast spyware and spamware.

_____ involves building an inappropriate trust relationship with employees for the purpose of gaining sensitive information or unauthorized access privileges.

In its study of various organizations, the Ponemon Institute found that the most common cause of data breaches was:

Which of the following statements is false?

Discuss the possible consequences of a terrorist attack on a supervisory control and data acquisition (SCADA) system.

Which of the following is not a characteristic of strong passwords?

Which of the following is not a strategy for mitigating the risk of threats against information?

Describe how a digital certificate works.

Organizations utilize layers of controls because they face so many diverse threats to information security.

Dumpster diving is always illegal because it involves trespassing on private property.

A _____ is any danger to which an information resource may be exposed.

Unintentional threats to information systems include all of the following except:

An information system's _____ is the possibility that the system will be harmed by a threat.

Biometrics are an example of:

Refer to IT's About Business 4.4 - Information Security at City National Bank and Trust: Using the M86 Security software allowed City National Bank and Trust to do all of the following except:

Voice recognition is an example of "something a user does" authentication.

Explain why anti-malware software is classified as reactive.

Refer to IT's About Business 4.3 - The Stuxnet Worm: Which of the following statements is true?

A _____ attack uses deception to fraudulently acquire sensitive personal information by masquerading as an official e-mail.

Introduction to Information Systems

Organizational Strategy, Competitive Advantage, and Information Systems

Ethics and Privacy

Data and Knowledge Management

Telecommunications and Networking

E-Business and E-Commerce

Wireless, Mobile Computing, and Mobile Commerce

Social Computing

Information Systems Within the Organization

Customer Relationship Management and Supply Chain Management

Business Intelligence

Acquiring Information Systems and Applications

Technology Guide 1 Hardware

Technology Guide 2 Software

Technology Guide 3 Cloud Computing

Technology Guide 4 Intelligent Systems

Technology Guide 5 Protecting Your Information Assets

Filters