Deck 7: Information Security

A)vulnerability
B)risk
C)control
D)danger
E)compromise

A)More information systems and computer science departments are teaching courses on hacking so that their graduates can recognize attacks on information assets.
B)Computer attack programs, called scripts, are available for download from the Internet.
C)International organized crime is training hackers.
D)Cybercrime is much more lucrative than regular white-collar crime.
E)Almost anyone can buy or access a computer today.

A)human resources, finance
B)human resources, management information systems
C)finance, marketing
D)operations management, management information systems
E)finance, management information systems

A)social engineering.
B)tailgating.
C)poor security.
D)dumpster diving
E)phishing.

A)malicious software
B)tailgating
C)power outage
D)lack of user experience
E)tornados

A)Loss of intellectual property
B)Loss of data
C)Backup costs
D)Loss of productivity
E)Replacement cost

A)vulnerability
B)risk
C)control
D)threat
E)compromise

A)Tailgating
B)Hacking
C)Spoofing
D)Social engineering
E)Spamming

A)social engineering.
B)tailgating.
C)dumpster diving
D)phishing.

A)application that runs on webcams.
B)web tool used to search the Internet for devices that are programmed answer it.
C)brand of baby monitors.
D)application that blocks access to webcams.

A)robbery - white collar crime - cybercrime
B)white collar crime - extortion - robbery
C)cybercrime - white collar crime - robbery
D)cybercrime - robbery - white collar crime
E)white collar crime - burglary - robbery

A)smaller computing devices
B)downstream liability
C)the Internet
D)limited storage capacity on portable devices
E)due diligence

A)International organized crime taking over cybercrime
B)Lack of management support
C)Increasing skills necessary to be a computer hacker.
D)Today's interconnected, interdependent, wirelessly networked business environment

A)consultants and temporary hires.
B)secretaries and consultants.
C)contract laborers and executive assistants.
D)janitors and guards.
E)executives and executive secretaries.

A)Copyrighted material
B)Patented material
C)A trade secret
D)A knowledge base
E)Public property

A)copyright
B)patent
C)trade secret
D)knowledge base
E)private property

A)Theft
B)Espionage
C)Extortion
D)Vandalism

A)Theft
B)Espionage
C)Extortion
D)Vandalism

A)virus
B)worm
C)phishing
D)zero-day
E)spear phishing

A)copyright
B)patent
C)trade secret
D)knowledge base
E)private property notice

A)Encrypt the hard drive located in the ATM.
B)Monitor the ATM via closed-circuit TV.
C)Providing better physical protection to the ATM.
D)Switching to Apple's OSx

A)Theft
B)Espionage
C)Sabotage
D)Extortion

A)Infiltrating an organization that stores large amounts of personal information.
B)Phishing.
C)Hacking into a corporate database.
D)Stealing mail.
E)All of the choices are strategies to obtain information to assume another person's identity.

A)keyloggers, screen scrapers
B)screen scrapers, uninstallers
C)keyloggers, spam
D)screen scrapers, keyloggers
E)spam, keyloggers

A)always illegal because it is considered trespassing.
B)never illegal because it is not considered trespassing.
C)typically committed for the purpose of identity theft.
D)always illegal because individuals own the material in the dumpster.
E)always legal because the dumpster is not owned by private citizens.

A)phishing
B)zero-day
C)worm
D)back door
E)distributed denial-of-service

A)Spyware
B)Spamware
C)Adware
D)Viruses
E)Worms

A)Alien software
B)Virus
C)Worm
D)Back door
E)Logic bomb

A)Viruses
B)Worms
C)Trojan horses
D)Back doors
E)Logic bombs

A)the operating system that runs on most ATM machines.
B)malware that runs on the computers banks use to connect to their ATMs.
C)a malware that is engineered to compromise certain types of ATMs.
D)can easily uploaded to all ATMs.

A)Zero-day
B)Denial-of-service
C)Distributed denial-of-service
D)Phishing
E)Brute force dictionary

A)target information from government institutions.
B)target information from home personal computers.
C)target information from personal computers used by college students.
D)target information from mom-and-pop type businesses..

A)Viruses
B)Worms
C)Trojan horses
D)Back doors
E)Logic bombs

A)Viruses
B)Worms
C)Trojan horses
D)Back doors
E)Logic bombs

A)The site will not have any servers.
B)The site will not have any workstations, so you need to bring your laptop.
C)The site is probably in the next town.
D)The site should be an almost exact replica of the IT configuration at headquarters.
E)The site will not have up-to-date data.

A)The site will not have any servers.
B)The site will not have any workstations, so you need to bring your laptop.
C)The site is probably in the next town.
D)The site will not have any of the company's applications.
E)The site will not have up-to-date data.

A)something the user is.
B)something the user wants.
C)something the user has.
D)something the user knows.
E)something the user does.

A)public, public
B)public, private
C)private, private
D)private, public
E)none of these

A)something the user is.
B)something the user wants.
C)something the user has.
D)something the user knows.
E)something the user does.

A)A cold site has no equipment.
B)A warm site has no user workstations.
C)A hot site needs to be located close to the organization's offices.
D)A hot site duplicates all of the organization's resources.
E)A warm site does not include actual applications.

A)Access
B)Physical
C)Data security
D)Administrative
E)Input

A)IloveIT
B)08141990
C)9AmGt/*
D)Rainer
E)Information Security

A)whitelisting, blacklisting
B)whitelisting, encryption
C)encryption, whitelisting
D)encryption, blacklisting
E)blacklisting, whitelisting

A)They are difficult to guess.
B)They contain special characters.
C)They are not a recognizable word.
D)They are not a recognizable string of numbers
E)They tend to be short so they are easy to remember.

A)risk management
B)risk analysis
C)risk mitigation
D)risk acceptance
E)risk transference

A)Credit card companies usually block stolen credit cards rather than prosecute.
B)People tend to shortcut security procedures because the procedures are inconvenient.
C)It is easy to assess the value of a hypothetical attack.
D)The online commerce industry isn't willing to install safeguards on credit card transactions.
E)The cost of preventing computer crimes can be very high.

A)Risk management
B)Risk analysis
C)Risk mitigation
D)Risk acceptance
E)Risk transference

A)risk management
B)risk analysis
C)risk mitigation
D)risk acceptance
E)risk transference

A)something the user is.
B)something the user wants.
C)something the user has.
D)something the user knows.
E)something the user does.

A)Computing resources are typically decentralized.
B)Computer crimes often remain undetected for a long period of time.
C)Rapid technological changes ensure that controls are effective for years.
D)Employees typically do not follow security procedures when the procedures are inconvenient.
E)Computer networks can be located outside the organization.

A)Continue operating with no controls and absorb any damages that occur
B)Transfer the risk by purchasing insurance.
C)Implement controls that minimize the impact of the threat
D)Install controls that block the risk.
E)Installing an updated operating system.

A)Firewalls prevent unauthorized Internet users from accessing private networks.
B)Firewalls examine every message that enters or leaves an organization's network.
C)Firewalls filter network traffic according to categories of activities that are likely to cause problems.
D)Firewalls filter messages the same way as anti-malware systems do.
E)Firewalls are sometimes located inside an organization's private network.

A)a small-time hacker working from home.
B)a national intelligence agency.
C)a Spanish speaking national intelligence agency.
D)the National Security Agency.

A)biometrics, signature recognition
B)authentication, authorization
C)iris scanning, voice recognition
D)strong passwords, biometrics
E)authorization, authentication