Information Systems Test. Chap 7

50 terms by sheena-kohli 

Ready to study?
Start with Flashcards

Create a new folder

Advertisement Upgrade to remove ads

________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alternation,theft, or physical damage to information systems

Security

________ refers to all of the methods, policies, and organizational procedures that ensure the safety of theorganization's assets, the accuracy and reliability of its accounting records, and operational adherence tomanagement standards

Controls

Large amounts of data stored in electronic form are ________ than the same data in manual form

vulnerable to many more kinds of threats

Electronic data are more susceptible to destruction, fraud, error, and misuse because information systemsconcentrate data in computer files that:

have the potential to be accessed by large numbers of people and by groups outside of the organization

Specific security challenges that threaten the communications lines in a client/server environment include

tapping; sniffing; message alteration; radiation

Specific security challenges that threaten clients in a client/server environment include

unauthorized access; errors; spyware

Specific security challenges that threaten corporate servers in a client/server environment include:

hacking; vandalism; denial of service attacks

The Internet poses specific security problems because

it was designed to be easily accessible

Which of the following statements about the Internet security is
not
true?

A corporate network without access to the Internet is more secure than one provides access.

An independent computer program that copies itself from one computer to another over a network is called a

worm

Asalesperson clicks repeatedly on the online ads of a competitor's in order to drive the competitor's advertisingcosts up. This is an example of

click fraud

In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, asmall program called Mitglieder was downloaded to the user's machine. The program enabled outsiders to infiltratethe user's machine. What type of malware is this an example of?

Trojan horse

Redirecting a Web link to a different address is a form of

spoofing

a keylogger is a type of a

worm

hackers create a botnet by

by causing other people's computers to become "zombie" PCs following a master computer.

Using numerous computers to inundate and overwhelm the network from numerous launch points is called a ________ attack

DDoS

Which of the following is
not
an example of a computer used as a target of crime?

Illegally accessing stored electronic communication

Which of the following is
not
an example of a computer used as an instrument of crime?

Intentionally attempting to intercept electronic communication

Phishing is a form of

Spoofing

An example of phishing is:

Setting up fake medical web site that asks for users for confidential information.

Evil Twins are

Bogus wireless network access points that look legitimate to others

Pharming involves:

Pretending to be a legitimate business representative in order to garner info about a security system.

You have been hired as a security consultant for a law firm. Which of the following constitutes the greatestsource of security threats to the firm?

Employees

Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called

Social Engineering

How do software vendors correct flaws in their software after it has been distributed?

Issue Patches

The HIPAA act of 1997

outlines medical security and privacy rules.

The Gramm-Leach-Bliley Act

requires financial institutions to ensure the security of customer data.

The Sarbanes-Oxley Act:

imposes responsibility on companies and management to safeguard the accuracy of financial information

The most common type of electronic evidence is

email

Electronic evidence on computer storage media that is not visible to the average user is called ________ data

ambient

Application controls:

can be classified as input, processing, and output controls.

________ controls ensure that valuable business data files on either disk or tape are not subject to unauthorizedaccess, change, or destruction while they are in use or in storage

Data Security.

Analysis of an information system that rates the likelihood of a security incident occurring and its cost isincluded in a(n)

Risk Assessment

Statements ranking information risks and identifying security goals are included in a(n):

Security Policy

An analysis of the firm's most critical systems and the impact a system's outage would have on the business isincluded in a(n):

business impact analysis

Rigorous password systems:

are one of the most effective security tools

An authentication token is an:

device the size of a credit card that contains access permission data.

Biometric authentication:

only uses physical measurements for identification.

A firewall allows the organization to:

enforce a security policy on traffic between its network and the internet.

In which technique are network communications are analyzed to see whether packets are part of an ongoingdialogue between a sender and a receiver?

Stateful inspection

________ use scanning software to look for known problems such as bad passwords, the removal of importantfiles, security attacks in progress, and system administration errors.

stateful inspection

Currently, the protocols used for secure information transfer over the Internet are

SSL, TLS, and S-HTTP

Most antivirus software is effective against:

only those viruses already known when the software is written.

In which method of encryption is a single encryption key sent to the receiver so both sender and receiver sharethe same key?

Symmetric Key encryption.

A digital certificate system:

uses third-party CAs to validate a user's identity.

Downtime refers to periods of time in which a

computer system is not operational.

For 100% availability, online transactions processing requires:

fault-tolerant computer systems.

In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine datafiles and sort low-priority data from high-priority data.

deep-packet inspection.

The development and use of methods to make computer systems resume their activities more quickly after mishaps is called

recovery oriented computing

Smaller firms may outsource some or many security functions to:

MSSPs

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again

Example:

Reload the page to try again!

Reload

Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording

Create Set