TRUE/FALSE. Write 'T' if the statement is true and 'F' if the ...

[Pages:27]Exam Name___________________________________

TRUE/FALSE. Write 'T' if the statement is true and 'F' if the statement is false.

1) The potential for unauthorized access is usually limited to the communications lines of a

network.

Answer: True

False

1) _______

2) Large public networks, such as the Internet, are less vulnerable than internal networks because

they are virtually open to anyone.

Answer: True

False

2) _______

3) Malicious software programs are referred to as badware and include a variety of threats, such as

computer viruses, worms, and Trojan horses.

Answer: True

False

3) _______

4) A computer bacteria is a rogue software program that attaches itself to other software programs

or data files in order to be executed, usually without user knowledge or permission.

Answer: True

False

4) _______

5) Web 2.0 applications, such as blogs, wikis, and social networking sites such as Facebook and

MySpace, have are not conduits for malware or spyware.

Answer: True

False

5) _______

6) A Trojan horse is a software program that appears threatening but is really benign.

Answer: True

False

6) _______

7) Keyloggers record every keystroke made on a computer to steal serial numbers for software, to

launch Internet attacks, to gain access to e-mail accounts, to obtain passwords to protected

computer systems, or to pick up personal information such as credit card numbers.

Answer: True

False

7) _______

8) A hacker is an individual who intends to gain unauthorized access to a computer system.

Answer: True

False

8) _______

9) The term cracker is typically used to denote a hacker with criminal intent.

Answer: True

False

9) _______

10) The term cybervandalism, is the intentional disruption, defacement, or even destruction of a

Web site or corporate information system.

Answer: True

False

10) ______

11) Computer crime is defined as "any criminal activity involving the copy of, use of, removal of,

interference with, access to, manipulation of computer systems, and/or their related functions,

data or programs".

Answer: True

False

11) ______

12) Identity theft is a crime in which an imposter obtains key pieces of personal information, such as

social insurance numbers, driver's licence numbers, or credit card numbers, to impersonate

someone else.

Answer: True

False

12) ______

13) Pharming redirects users to a bogus Web page, even when the individual types the correct Web

page address into his or her browser.

Answer: True

False

13) ______

14) One increasingly popular tactic is a form of spoofing called phishing.

Answer: True

False

14) ______

15) Social Bookmarking is tricking people into revealing their passwords or other information by

pretending to be legitimate users or members of a company in need of information.

Answer: True

False

15) ______

16) Software errors are no threat to information systems, that could cause untold losses in

productivity.

Answer: True

False

16) ______

17) Many firms spend heavily on security because it is directly related to sales revenue.

Answer: True

False

17) ______

18) Computer forensics is the scientific collection, examination, authentication, preservation, and

analysis of data held on or retrieved from computer storage media in such a way that the

information can be used as evidence in a court of law.

Answer: True

False

18) ______

19) General controls govern the design, security, and use of computer programs and the security of

data files throughout the organization's IT infrastructure.

Answer: True

False

19) ______

20) Application controls are specific controls unique to each computerized application, such as

payroll or order processing.

Answer: True

False

20) ______

21) Output controls check data for accuracy and completeness when they enter the system.

Answer: True

False

21) ______

22) A risk audit includes statements ranking information risks, identifying acceptable security goals,

and identifying the mechanisms for achieving these goals.

Answer: True

False

22) ______

23) Disaster recovery planning devises plans for the restoration of computing and communications

services before they have been disrupted.

Answer: True

False

23) ______

24) An MIS audit examines the firm's overall security environment as well as controls governing

individual information systems.

Answer: True

False

24) ______

25) Authentication refers to the ability to know that a person is who he or she claims to be.

Answer: True

False

25) ______

26) An MIS audit examines the firm's overall security environment as well as controls governing

individual information systems.

Answer: True

False

26) ______

27) A firewall is a combination of hardware and software that controls the flow of incoming and

outgoing network traffic.

Answer: True

False

27) ______

28) Computers using cable modems to connect to the Internet are more open to penetration than

those connecting via dial-up.

Answer: True

False

28) ______

29) Wireless networks are vulnerable to penetration because radio frequency bands are easy to scan. 29) ______

Answer: True

False

30) The range of Wi-Fi networks can be extended up to two miles by using external antennae.

Answer: True

False

30) ______

31) The WEP specification calls for an access point and its users to share the same 40-bit encrypted

password.

Answer: True

False

31) ______

32) Viruses can be spread through e-mail.

Answer: True

False

32) ______

33) Computer worms spread much more rapidly than computer viruses.

Answer: True

False

33) ______

34) One form of spoofing involves forging the return address on an e-mail so that the e-mail

message appears to come from someone other than the sender.

Answer: True

False

34) ______

35) Sniffers enable hackers to steal proprietary information from anywhere on a network, including

e-mail messages, company files, and confidential reports.

Answer: True

False

35) ______

36) DoS attacks are used to destroy information and access restricted areas of a company's

information system.

Answer: True

False

36) ______

37) The most economically damaging kinds of computer crime are e-mail viruses.

Answer: True

False

37) ______

38) Zero defects cannot be achieved in larger software programs because fully testing programs that

contain thousands of choices and millions of paths would require thousands of years.

Answer: True

False

38) ______

39) An acceptable use policy defines the acceptable level of access to information assets for different

users.

Answer: True

False

39) ______

40) Biometric authentication is the use of physical characteristics such as retinal images to provide

identification.

Answer: True

False

40) ______

41) Packet filtering catches most types of network attacks.

Answer: True

False

41) ______

42) NAT conceals the IP addresses of the organization's internal host computers to deter sniffer

programs.

Answer: True

False

42) ______

43) SSL is a protocol used to establish a secure connection between two computers.

Answer: True

False

43) ______

44) Public key encryption uses two keys.

Answer: True

False

44) ______

45) Fault-tolerant computers contain redundant hardware, software, and power supply components. 45) ______

Answer: True

False

46) High-availability computing is also referred to as fault tolerance.

Answer: True

False

46) ______

MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.

47) ________ are methods, policies, and organizational procedures that ensure the safety of the

47) ______

organization's assets, the accuracy and reliability of its records, and operational adherence to

management standards.

A) "Algorithms"

B) "Controls"

C) "Security"

D) "Benchmarking"

Answer: B

48) John clicks into his online banking website. He is already to type in his password when he

notices that something is just not right. Upon further examination he notices that it is not the

actual bank site but one that looks almost identical. John was almost a victim of ________.

A) a Trojan horse

B) spoofing

C) worms

D) keyloggers

Answer: B

48) ______

49) Betty downloaded a peer to peer file sharing program. She is worried that it might have come

with spyware attached to it. She had a friend who had a spyware problem where all of her

keystrokes were stolen which included her bank passwords. Betty's friend was a victim of

________.

A) spoofing

B) a Trojan horse

C) worms

D) keyloggers

Answer: D

49) ______

50) Helen downloaded a greeting card program from the internet. She was surprised that it really

didn't do what it was supposed to do. What the program did was send nasty, profane emails to

all the people in her contact list. Helen is the victim of ________.

A) spoofing

B) a Trojan horse

C) keyloggers

D) worms

Answer: B

50) ______

51) Robert knows that he got an independent program off of his network on his computer. It

deleted all of his spreadsheet files on his hard drive. Robert feels that this problem may have

resulted from him opening up an attachment file on his email. Robert is the victim of ________.

A) spoofing

B) worms

C) a Trojan horse

D) keyloggers

Answer: B

51) ______

52) A ________ is a type of eavesdropping program that monitors information travelling over a

network.

A) worms

B) keyloggers

C) sniffer

D) a Trojan horse

Answer: C

52) ______

53) ________ involves setting up fake Web sites or sending e-mail messages that look like those of

legitimate businesses to ask users for confidential personal data.

A) Fishing

B) Farming

C) Phishing

D) Pharming

Answer: C

53) ______

54) Jimmy Clark is sitting home one night and is very bored. He gets on his computer and starts to

surf the net. He comes to a military site. He thinks he might be able to get around the security

of the site and into the military computer system. He spends the next two hours trying to find

his way into their system. Jimmy is ________.

A) a dumpster diver

B) a cracker

C) a social engineer

D) a hacker

Answer: D

54) ______

55) Daniel is sitting home one night and is very bored. He gets on his computer and starts to surf

the net. He comes to a bank site. He thinks he might be able to get around the security of the

site and into the bank computer system. He spends the next two hours trying to find his way

into their system. Daniel gets into the system and puts $200 into his account from just some

random name he found in the banking system. Daniel is ________.

A) a dumpster diver

B) a hacker

C) a social engineer

D) a cracker

Answer: D

55) ______

56) Bart Black walks into a local bank. He does not work there but he has a tag on his shirt that

reads "IT Department". He goes up to a loans officer and tells him he needs to check the

security on the loan officer's computer. Bart sits in front of the keyboard and asks the officer for

his username and password. The loan officer gives him the information. Bart then thanks him

and leaves the bank. Outside in his car Bart Black gets into the bank system using the

information. This loan officer is a victim of ________.

A) a hacker

B) a cracker

C) social engineering

D) dumpster diving

Answer: C

56) ______

57) ________ defects cannot be achieved in larger programs.

A) Zero

B) Thirty

C) Two

Answer: A

D) One hundred

57) ______

58) Many firms are reluctant to spend heavily on security because ________. A) it is not directly related to sales expense. B) it is not directly related to sales forecasting. C) it is not directly related to sales revenue D) it is not directly related to sales tax.

Answer: C

58) ______

59) ________ govern the design, security, and use of computer programs and the security of data

files throughout the organization's IT infrastructure.

A) Application controls

B) Input controls

C) General controls

D) Output controls

59) ______

Answer: C

60) ________ are specific controls unique to each computerized application, such as payroll or order

processing.

A) Output controls

B) Application controls

C) Input controls

D) General controls

Answer: B

60) ______

61) ________ consists of all the policies and procedures a company uses to prevent improper access

to systems by unauthorized insiders and outsiders.

A) Output control

B) Access control

C) Input control

D) General control

Answer: B

61) ______

62) ________ is the process of transforming plain text or data into cipher text that cannot be read by

anyone other than the sender and the intended receiver.

A) Risk audit

B) Encryption

C) Application control

D) Spoofing

Answer: B

62) ______

63) ________ refers to policies, procedures, and technical measures used to prevent unauthorized

access, alternation, theft, or physical damage to information systems.

A) "Controls"

B) "Benchmarking"

C) "Security"

D) "Algorithms"

Answer: C

63) ______

64) ________ refers to all of the methods, policies, and organizational procedures that ensure the

safety of the organization's assets, the accuracy and reliability of its accounting records, and

operational adherence to management standards.

A) "SSID standards"

B) "Vulnerabilities"

C) "Controls"

D) "Legacy systems"

Answer: C

64) ______

65) Large amounts of data stored in electronic form are ________ than the same data in manual

form.

A) more critical to most businesses

B) vulnerable to many more kinds of

threats

C) less vulnerable to damage

D) more secure

Answer: B

65) ______

66) Electronic data are more susceptible to destruction, fraud, error, and misuse because information systems concentrate data in computer files that A) are not secure because the technology to secure them did not exist at the time the files were created. B) have the potential to be accessed by large numbers of people and by groups outside of the organization. C) are frequently available on the Internet. D) are usually bound up in legacy systems that are difficult to access and difficult to correct in case of error. Answer: B

66) ______

67) Specific security challenges that threaten the communications lines in a client/server environment include

67) ______

A) hacking; vandalism; denial of service attacks. B) theft, copying, alteration of data; hardware or software failure. C) unauthorized access; errors; spyware. D) tapping; sniffing; message alteration; radiation. Answer: D

68) Specific security challenges that threaten clients in a client/server environment include A) hacking; vandalism; denial of service attacks. B) tapping; sniffing; message alteration; radiation. C) theft, copying, alteration of data; hardware or software failure. D) unauthorized access; errors; spyware.

Answer: D

69) Specific security challenges that threaten corporate servers in a client/server environment include A) tapping; sniffing; message alteration; radiation. B) theft, copying, alteration of data; hardware or software failure. C) unauthorized access; errors; spyware. D) hacking; vandalism; denial of service attacks. Answer: D

70) The Internet poses specific security problems because

A) Internet standards are universal.

B) everyone uses the Internet.

C) it changes so rapidly.

D) it was designed to be easily accessible.

Answer: D

71) The main security problem on the Internet is A) hackers. C) natural disasters, such as floods and fires.

Answer: A

B) bandwidth theft. D) radiation.

72) An independent computer program that copies itself from one computer to another over a

network is called a

A) bug.

B) Trojan horse.

C) pest.

D) worm.

Answer: D

73) Sobig.F and MyDoom.A are A) worms attached to e-mail that spread from computer to computer. B) multipartite viruses that can infect files as well as the boot sector of the hard drive. C) viruses that use Microsoft Outlook to spread to other systems. D) Trojan horses used to create bot nets.

Answer: A

74) In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the

vendor's site, a small program called Mitglieder was downloaded to the user's machine. The

program enabled outsiders to infiltrate the user's machine. What type of malware is this an

example of?

A) spyware

B) worm

C) Trojan horse

D) virus

Answer: C

75) Redirecting a Web link to a different address is a form of

68) ______ 69) ______

70) ______ 71) ______ 72) ______ 73) ______ 74) ______ 75) ______

A) sniffing. Answer: C

B) war driving.

C) spoofing.

D) snooping.

76) A key logger is a type of A) spyware.

Answer: A

B) worm.

C) Trojan horse.

D) virus.

76) ______

77) How do hackers create a botnet? A) by infecting Web search bots with malware B) by causing other people's computers to become "zombie" PCs following a master computer C) by using Web search bots to infect other computers D) by infecting corporate servers with "zombie" Trojan horses that allow undetected access through a back door

Answer: B

77) ______

78) Using numerous computers to inundate and overwhelm the network from numerous launch

points is called a ________ attack.

A) DDoS

B) pharming

C) phishing

D) DoS

Answer: A

78) ______

79) Which of the following is NOT an example of a computer used as a target of crime? A) threatening to cause damage to a protected computer B) accessing a computer system without authority C) illegally accessing stored electronic communication D) knowingly accessing a protected computer to commit fraud

Answer: C

79) ______

80) Which of the following is NOT an example of a computer used as an instrument of crime? A) breaching the confidentiality of protected computerized data B) intentionally attempting to intercept electronic communication C) unauthorized copying of software D) theft of trade secrets

Answer: A

80) ______

81) Phishing is a form of A) sniffing.

Answer: C

B) spinning.

C) spoofing.

D) snooping.

81) ______

82) Phishing involves A) using e-mails for threats or harassment. B) pretending to be a legitimate business's representative in order to garner information about a security system. C) setting up bogus Wi-Fi hot spots. D) setting up fake Web sites to ask users for confidential information.

Answer: D

82) ______

83) Evil twins are A) fraudulent Web sites that mimic a legitimate business's Web site. B) e-mail messages that mimic the e-mail messages of a legitimate business. C) Trojan horses that appears to the user to be a legitimate commercial software application. D) bogus wireless networks that look legitimate to users.

Answer: D

83) ______

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download