Upload
wilfrid-warner
View
222
Download
7
Tags:
Embed Size (px)
Citation preview
1.1. Too many usersToo many users
2.2. Technical factorsTechnical factors
3.3. Organizational factorsOrganizational factors
4.4. Environmental factorsEnvironmental factors
5.5. Poor management decisionsPoor management decisions
Which of the following Which of the following
is is notnot a source of a source of
common threats against common threats against
contemporary contemporary
information systems? information systems?
1.1. Too many usersToo many users
2.2. Technical factorsTechnical factors
3.3. Organizational factorsOrganizational factors
4.4. Environmental factorsEnvironmental factors
5.5. Poor management decisionsPoor management decisions
Which of the following Which of the following
is is notnot a source of a source of
common threats against common threats against
contemporary contemporary
information systems?information systems?
In the multitier client/server computing environment, vulnerabilities In the multitier client/server computing environment, vulnerabilities exist at each layer and in the communications between the layers.exist at each layer and in the communications between the layers.
1.1. eavesdropping.eavesdropping.
2.2. war driving.war driving.
3.3. driving interception.driving interception.
4.4. wireless interception.wireless interception.
5.5. Not sureNot sure
The act of The act of
eavesdroppers eavesdroppers
driving by buildings driving by buildings
or parking outside or parking outside
and intercepting and intercepting
wireless network wireless network
traffic is called…traffic is called…
1.1. eavesdropping.eavesdropping.
2.2. war driving.war driving.
3.3. driving interception.driving interception.
4.4. wireless interception.wireless interception.
5.5. Not sureNot sure
The act of The act of
eavesdroppers eavesdroppers
driving by buildings driving by buildings
or parking outside or parking outside
and intercepting and intercepting
wireless networkwireless network
traffic is called… traffic is called…
Wireless networks in many locations do not have basic protections against Wireless networks in many locations do not have basic protections against war driving, thereby leaving the networks susceptible to eavesdropping and war driving, thereby leaving the networks susceptible to eavesdropping and transmission interceptions.transmission interceptions.
1.1. spyware.spyware.
2.2. spam.spam.
3.3. groupware.groupware.
4.4. malware.malware.
5.5. macroware.macroware.
Computer viruses, Computer viruses,
worms, and Trojan worms, and Trojan
horses are collectively horses are collectively
called…called…
1.1. spyware.spyware.
2.2. spam.spam.
3.3. groupware.groupware.
4.4. malware.malware.
5.5. macroware.macroware.
Computer viruses, Computer viruses,
worms, and Trojan worms, and Trojan
horses are collectively horses are collectively
called…called…
Malicious software programs are referred to as malware and constitute major threats to corporate and private systems.
1.1. Trojan horse.Trojan horse.
2.2. worm.worm.
3.3. virus.virus.
4.4. spoofer.spoofer.
5.5. spammer. spammer.
A rogue software A rogue software
program that attaches program that attaches
itself to other software itself to other software
programs or data files programs or data files
in order to be executed in order to be executed
is called a…is called a…
1.1. Trojan horse.Trojan horse.
2.2. worm.worm.
3.3. virus.virus.
4.4. spoofer.spoofer.
5.5. spammer .spammer .
A rogue software A rogue software
program that attaches program that attaches
itself to other software itself to other software
programs or data files programs or data files
in order to be executed in order to be executed
is called a…is called a…
Most computer viruses deliver a “payload” that may be relatively benign or highly destructive. Viruses typically spread from computer to computer when humans send an infected e-mail or copy an infected file.
1.1. Trojan horse.Trojan horse.
2.2. worm.worm.
3.3. virus.virus.
4.4. spoofer.spoofer.
5.5. spammer.spammer.
A software program A software program
that appears to be that appears to be
benign, but then does benign, but then does
something other than something other than
expected is called a…expected is called a…
1.1. Trojan horse.Trojan horse.
2.2. worm.worm.
3.3. virus.virus.
4.4. spoofer.spoofer.
5.5. spammer. spammer.
A software program A software program
that appears to be that appears to be
benign, but then does benign, but then does
something other than something other than
expected is called a…expected is called a…
A Trojan horse is not itself a virus because it does not replicate, but is often a way for viruses or other malicious code to be introduced into a computer system.
1.1. Trojan horseTrojan horse
2.2. worm.worm.
3.3. virus.virus.
4.4. spoofer.spoofer.
5.5. spammer.spammer.
An independent computer An independent computer
program that copies itself program that copies itself
from one computer to from one computer to
others over a network and others over a network and
operates on its own is operates on its own is
referred to as a … referred to as a …
1.1. Trojan horse.Trojan horse.
2.2. worm.worm.
3.3. virus.virus.
4.4. spoofer.spoofer.
5.5. spammer.spammer.
An independent computer An independent computer
program that copies itself program that copies itself
from one computer to from one computer to
others over a network and others over a network and
operates on its own is operates on its own is
referred to as a …referred to as a …
Worms rely less on human behavior in order to spread from computer to computer than do viruses. This explains why computer worms spread much more rapidly than computer viruses.
1.1. a spoofer.a spoofer.
2.2. a sniffer.a sniffer.
3.3. spyware.spyware.
4.4. spam.spam.
5.5. spybot.spybot.
A type of eavesdropping A type of eavesdropping
program that monitors program that monitors
information traveling information traveling
over a network is known over a network is known
as… as…
1.1. a spoofer.a spoofer.
2.2. a sniffer.a sniffer.
3.3. spyware.spyware.
4.4. spam.spam.
5.5. spybot.spybot.
A type of eavesdropping A type of eavesdropping
program that monitors program that monitors
information traveling information traveling
over a network is known over a network is known
as…as…
When used legitimately, sniffers can help identify potential network trouble-spots or criminal activity on networks, but when used for criminal purposes, they can be damaging and difficult to detect.
1.1. spoofing.spoofing.
2.2. identity theft.identity theft.
3.3. denial of service attack.denial of service attack.
4.4. fraud.fraud.
5.5. breach of confidentiality.breach of confidentiality.
A crime in which an A crime in which an
imposter obtains key imposter obtains key
pieces of personal pieces of personal
information in order to information in order to
impersonate another impersonate another
person is known as…person is known as…
1.1. spoofing.spoofing.
2.2. identity theft.identity theft.
3.3. denial of service attack.denial of service attack.
4.4. fraud.fraud.
5.5. breach of confidentiality.breach of confidentiality.
A crime in which an A crime in which an
imposter obtains key imposter obtains key
pieces of personal pieces of personal
information in order to information in order to
impersonate another impersonate another
person is known as…person is known as…
Identity theft is the fastest growing crime in the United States. Stolen information can be used to obtain credit, merchandise, or services in the name of the victim or to provide the thief with false credentials.
1.1. phishing.phishing.
2.2. faking.faking.
3.3. spotting.spotting.
4.4. denial of service.denial of service.
5.5. theft.theft.
The act of setting up fake The act of setting up fake
Web sites or sending Web sites or sending
emails that look like those emails that look like those
of legitimate businesses of legitimate businesses
asking users for asking users for
confidential personal data confidential personal data
is called…is called…
1.1. phishing.phishing.
2.2. faking.faking.
3.3. spotting.spotting.
4.4. denial of service.denial of service.
5.5. theft. theft.
The act of setting up fake The act of setting up fake
Web sites or sending Web sites or sending
e-mails that look like those e-mails that look like those
of legitimate businesses of legitimate businesses
asking users for asking users for
confidential personal data confidential personal data
is called…is called…
The e-mail instructs recipients to update or confirm records by providing social security numbers, bank and credit card information, and other confidential data by responding to the
e-mail or by entering the information at a bogus Web site.
1.1. the competition.the competition.
2.2. customers.customers.
3.3. suppliers.suppliers.
4.4. the government.the government.
5.5. insiders.insiders.
The largest financial The largest financial
threats to business threats to business
institutions come institutions come
from… from…
1.1. the competition.the competition.
2.2. customers.customers.
3.3. suppliers.suppliers.
4.4. the government.the government.
5.5. insiders.insiders.
The largest financial The largest financial
threats to business threats to business
institutions come institutions come
from…from…
Some of the largest disruptions to service, destruction of e-commerce sites, and diversion of customer credit data and personal information have come from insiders—once trusted employees.
1.1. suppliers.suppliers.
2.2. customers.customers.
3.3. business partners.business partners.
4.4. employees.employees.
5.5. networks.networks.
A major source of errors A major source of errors
introduced into an introduced into an
information system comes information system comes
from…from…
1.1. suppliers.suppliers.
2.2. customers.customers.
3.3. business partners.business partners.
4.4. employees.employees.
5.5. networks.networks.
A major source of errors A major source of errors
introduced into an introduced into an
information system comes information system comes
from…from…
Employees—both end users and information systems specialists—can introduce errors by entering faulty data or by not following the proper instructions for processing data and using computer equipment.
1.1. customer input.customer input.
2.2. supplier access.supplier access.
3.3. presence of hidden bugs.presence of hidden bugs.
4.4. network access points.network access points.
5.5. business partner input.business partner input.
A major problem with A major problem with
software is…software is…
1.1. customer input.customer input.
2.2. supplier access.supplier access.
3.3. presence of hidden bugs.presence of hidden bugs.
4.4. network access points.network access points.
5.5. business partner input.business partner input.
A major problem with A major problem with
software is…software is…
Studies have shown that it is virtually impossible to eliminate all bugs from large programs. The main source of bugs is the complexity of decision-making code.
1.1. HIPAAHIPAA
2.2. Gramm-Leach-Bliley ActGramm-Leach-Bliley Act
3.3. Sarbanes-Oxley Act of 2002Sarbanes-Oxley Act of 2002
4.4. ISO 17799ISO 17799
5.5. Child Decency ActChild Decency Act
Which of the following Which of the following
pieces of government pieces of government
legislation was designed legislation was designed
to protect investors from to protect investors from
financial scandals? financial scandals?
1.1. HIPAAHIPAA
2.2. Gramm-Leach-Bliley ActGramm-Leach-Bliley Act
3.3. Sarbanes-Oxley Act of 2002Sarbanes-Oxley Act of 2002
4.4. ISO 17799ISO 17799
5.5. Child Decency ActChild Decency Act
Which of the following Which of the following
pieces of government pieces of government
legislation was designed legislation was designed
to protect investors from to protect investors from
financial scandals?financial scandals?
This Act imposes responsibility on companies and their management to safeguard the integrity of the information that is used internally and released externally. The Act has had a significant impact on how information systems are structured and maintained.
1.1. general controls.general controls.
2.2. input controls.input controls.
3.3. processing controls.processing controls.
4.4. output controls.output controls.
5.5. network controls.network controls.
The type of control The type of control
associated with the associated with the
accuracy and accuracy and
completeness of data completeness of data
when they enter the when they enter the
system is referred to as… system is referred to as…
1.1. general controls.general controls.
2.2. input controls.input controls.
3.3. processing controls.processing controls.
4.4. output controls.output controls.
5.5. network controls.network controls.
The type of control The type of control
associated with the associated with the
accuracy and accuracy and
completeness of data completeness of data
when they enter the when they enter the
system is referred to as…system is referred to as…
There are specific input controls for input authorization, data conversion, data editing, and error handling.
1.1. Value of information assetsValue of information assets
2.2. Points of vulnerabilityPoints of vulnerability
3.3. Likely frequency of a problemLikely frequency of a problem
4.4. Potential for damagePotential for damage
5.5. Cost of erroneous dataCost of erroneous data
Which of the following is Which of the following is
notnot an element of a risk an element of a risk
assessment? assessment?
1.1. Value of information assetsValue of information assets
2.2. Points of vulnerabilityPoints of vulnerability
3.3. Likely frequency of a problemLikely frequency of a problem
4.4. Potential for damagePotential for damage
5.5. Cost of erroneous dataCost of erroneous data
Which of the following is Which of the following is
notnot an element of a risk an element of a risk
assessment?assessment?
A risk assessment determines the level of risk to the firm if a specific activity or process is not properly controlled.
1.1. Ranking information risksRanking information risks
2.2. Identifying acceptable security Identifying acceptable security goalsgoals
3.3. Level of acceptable riskLevel of acceptable risk
4.4. Number of network access Number of network access pointspoints
5.5. Identifying security goalsIdentifying security goals
Which of the following is Which of the following is
notnot an integral part of a an integral part of a
well-formulated security well-formulated security
policy?policy?
1.1. Ranking information risksRanking information risks
2.2. Identifying acceptable Identifying acceptable security goalssecurity goals
3.3. Level of acceptable riskLevel of acceptable risk
4.4. Number of network access Number of network access pointspoints
5.5. Identifying security goalsIdentifying security goals
Which of the following is Which of the following is
notnot an integral part of an integral part of
a well-formulated security a well-formulated security
policy?policy?
The chief security officer is responsible for enforcing the firm’s security policy.
1.1. Fault-tolerant systemsFault-tolerant systems
2.2. High-availability systemsHigh-availability systems
3.3. Limiting the number of usersLimiting the number of users
4.4. Load balancingLoad balancing
5.5. Mirroring Mirroring
Which of the following is Which of the following is
notnot a method of ensuring a method of ensuring
business continuity business continuity
associated with associated with
information systems?information systems?
1.1. Fault-tolerant systemsFault-tolerant systems
2.2. High-availability systemsHigh-availability systems
3.3. Limiting the number of usersLimiting the number of users
4.4. Load balancingLoad balancing
5.5. Mirroring Mirroring
Which of the following is Which of the following is
notnot a method of ensuring a method of ensuring
business continuity business continuity
associated with associated with
information systems?information systems?
As companies increasingly rely on digital networks for their revenue and operations, they need to take additional steps to ensure that their systems and applications are always available.
1.1. Access controlAccess control
2.2. AuthenticationAuthentication
3.3. Biometric authenticationBiometric authentication
4.4. FirewallsFirewalls
5.5. Spyware Spyware
Which of the following Which of the following
consists of all the policies consists of all the policies
and procedures a and procedures a
company uses to prevent company uses to prevent
improper system access improper system access
by unauthorized by unauthorized
outsiders?outsiders?
1.1. Access controlAccess control
2.2. AuthenticationAuthentication
3.3. Biometric authenticationBiometric authentication
4.4. FirewallsFirewalls
5.5. Spyware Spyware
Which of the following Which of the following
consists of all the policies consists of all the policies
and procedures a and procedures a
company uses to prevent company uses to prevent
improper system access improper system access
by unauthorized outsiders?by unauthorized outsiders?
To gain access to a system, a user must be authorized and authenticated. Access control is the first step to ensure that happens.
1.1. Intrusion Detection systemsIntrusion Detection systems
2.2. AuthenticationAuthentication
3.3. Biometric authenticationBiometric authentication
4.4. FirewallsFirewalls
5.5. SpywareSpyware
Which of the following Which of the following
access controls is access controls is
based on the based on the
measurement of a measurement of a
physical or behavioral physical or behavioral
trait that makes each trait that makes each
individual unique?individual unique?
1.1. Intrusion Detection systemsIntrusion Detection systems
2.2. AuthenticationAuthentication
3.3. Biometric authenticationBiometric authentication
4.4. FirewallsFirewalls
5.5. SpywareSpyware
Which of the following Which of the following
access controls is access controls is
based on the based on the
measurement of a measurement of a
physical or behavioral physical or behavioral
trait that makes each trait that makes each
individual unique?individual unique?
Biometric authentication represents a promising new technology that can overcome some of the limitations of passwords for authenticating system users.
1.1. secure sockets layer.secure sockets layer.
2.2. public key infrastructure.public key infrastructure.
3.3. secure hypertext transfer protocol.secure hypertext transfer protocol.
4.4. transport layer security.transport layer security.
5.5. digital certificates.digital certificates.
A method for A method for
encrypting data encrypting data
flowing over the flowing over the
Internet, but limited to Internet, but limited to
Web documents is… Web documents is…
1.1. secure sockets layer.secure sockets layer.
2.2. public key infrastructure.public key infrastructure.
3.3. secure hypertext transfer protocol.secure hypertext transfer protocol.
4.4. transport layer security.transport layer security.
5.5. digital certificates.digital certificates.
A method for A method for
encrypting data encrypting data
flowing over the flowing over the
Internet, but limited to Internet, but limited to
Web documents is…Web documents is…
S-HTTP encrypts data flowing over the Internet from Web documents. Secure sockets layer and transport layer security encrypt all data being passed between client and server.