DS Exam 3 (Ch. 8)

64 terms by aedorsett42 

Create a new folder

Advertisement Upgrade to remove ads

In addition to e-mail, instant messages and P2P file-sharing can also pose security threats to computer systems and networks.

TRUE

Computers using cable modems to connect to the internet are more open to penetration than those connecting via dial-up.

TRUE

Wireless networks are vulnerable to penetration because radio frequency bands are easy to scan.

TRUE

The WEP specification calls for an access point and its users to share the same 40-bit encrypted password.

TRUE

Viruses can be spread through e-mail.

TRUE

Computer worms spread much more rapidly than computer viruses.

TRUE

Sniffers enable hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files, and confidential reports.

TRUE

DoS attacks are one of the most economically damaging kinds of computer crime.

TRUE

Zero defects cannot be achieved in larger software programs because fully testing programs contain thousands of choices and millions of paths would require thousands of years.

TRUE

Biometric authentication is the use of physical characteristics such as retinal images to provide identification

TRUE

NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.

TRUE

SSL is a protocol used to establish a secure connection between two computers.

TRUE

Public key encryption uses two keys

TRUE

Both software metrics and software testing are techniques used to improve software quality.

TRUE

____________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alternation, theft, or physical damage to information systems.

Security

___________ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards.

Controls

Which of the following does not pose a security threat to wireless networks?

geographic range of wireless signals

Electronic data are more susceptible to destruction, fraud, error, and misuse because information systems concentrate data in computer files that

have the potential to be accessed by large numbers of people and by groups outside of the organization.

Unauthorized access is a security challenge that is most likely to occur in which of the following points of a corporate network?

client computer

Sniffing is a security challenge that is most likely to occur in which of the following points or a corporate network?

communication lines

Inputting data into a poorly programmed web form in order to disrupt a company's systems and networks is called

an SQL injection attack

The internet poses specific security problems because

internet data is not run over secure lines

Which of the following statements about the internet security is not true?

VoIP is more secure than the switched voice network

An independent computer program that copies itself from one computer to another over a network is called a

worm

A salesperson clicks repeatedly on the online ads of a competitor in order to drive the competitor's advertising costs up. This is an example of

click fraud

In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, a small program called Mitglieder was downloaded to the user's machine. The program enabled outsiders to infiltrate the user's machine. What type of maleware is this an example of?

Trojan horse

Redirecting a web link to a different address is a form of

spoofing

A keylogger is a type of

spyware

Hackers create a botnet by

using web search bots to infect other computers

Using numerous computers to inundate and overwhelm the network from numerous launch points is called a ____________ attack.

DDoS

Which of the following is not an example of a computer used as a target of crime?

illegally accessing stored electronic communication

Which of the following is not an example of a computer used as an instrument of crime?

breaching the confidentiality of protected computerized data

Phishing is a form of

spoofing

An example of phishing is

setting up a fake medical website that asks users for confidential information.

Evil twins are

bogus wireless network access points that look legitimate to users

Pharming involves

redirecting users to a fraudulent web site even when the user has typed in the correct address in the web browser

You have been hired as a security consultant for a law firm. Which of the following constitutes the greatest source of security threats for the firm?

employees

Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called

social engineering

How do software vendors correct flaws in their software after it has been distributed?

issue patches

The HIPAA Act of 1997

outlines medical security and privacy rules

The Gramm-Leach-Bliley Act

requires financial institutions to ensure the security of customer data

The Sarbanes-Oxley Act

imposes responsibility on companies and management to safeguard the accuracy of financial information

The most common type of electronic evidence is

e-mail

Electronic evidence on computer storage media that is not visible to the average user is called _______ data.

ambient

Application controls

can be classified as input controls, processing controls, and output controls

_____ controls ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage.

Data security

Analysis or an information system that rates the likelihood of a security incident occurring and its cost is included in a

risk assessment

An _______ system is used to identify and authorize different categories of system users and specify which portions of the organization's systems each user can access

identity management

Which of the following is not one of the main firewall screening techniques?

secure socket filtering

Rigorous password systems

may hinder employee productivity

An authentication token is a

type of smart card

Which of the following is not a trait used for identification in biometric systems?

hair color

A firewall allows the organization to

prevent unauthorized communication both into and out of the network

In which technique are network communications are analyzed to see whether packets are part of an ongoing dialogue between a sender and a receiver?

stateful inspection

_________ uses scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.

intrusion detection systems

Currently, the protocols used for secure information transfer over the internet are

SSL, TLS, and S-HTTP

Most antivirus software is effective against

only those viruses already known when the software is written

In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?

symmetric key encryption

A digital certificate system

uses thrid-party CAs to validate a user's identity

Downtime refers to periods of time in which

a computer system is not operational

For 100% availability, online transaction processing requires

fault-tolerant computer systems

In controlling network traffic to minimize slow-downs, a technology called ______ is used to examine data files and sort low-priority data from high-priority data

deep-packet inspection

The development and use of methods to make computer systems resume their activities more quickly after mishaps is called

recovery oriented computing

Smaller firms may outsource some or many security functions to

MSSPs

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again

Example:

Reload the page to try again!

Reload

Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording

Create Set