64 terms

DS Exam 3 (Ch. 8)

In addition to e-mail, instant messages and P2P file-sharing can also pose security threats to computer systems and networks.
Computers using cable modems to connect to the internet are more open to penetration than those connecting via dial-up.
Wireless networks are vulnerable to penetration because radio frequency bands are easy to scan.
The WEP specification calls for an access point and its users to share the same 40-bit encrypted password.
Viruses can be spread through e-mail.
Computer worms spread much more rapidly than computer viruses.
Sniffers enable hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files, and confidential reports.
DoS attacks are one of the most economically damaging kinds of computer crime.
Zero defects cannot be achieved in larger software programs because fully testing programs contain thousands of choices and millions of paths would require thousands of years.
Biometric authentication is the use of physical characteristics such as retinal images to provide identification
NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.
SSL is a protocol used to establish a secure connection between two computers.
Public key encryption uses two keys
Both software metrics and software testing are techniques used to improve software quality.
____________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alternation, theft, or physical damage to information systems.
___________ refers to all of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards.
Which of the following does not pose a security threat to wireless networks?
geographic range of wireless signals
Electronic data are more susceptible to destruction, fraud, error, and misuse because information systems concentrate data in computer files that
have the potential to be accessed by large numbers of people and by groups outside of the organization.
Unauthorized access is a security challenge that is most likely to occur in which of the following points of a corporate network?
client computer
Sniffing is a security challenge that is most likely to occur in which of the following points or a corporate network?
communication lines
Inputting data into a poorly programmed web form in order to disrupt a company's systems and networks is called
an SQL injection attack
The internet poses specific security problems because
internet data is not run over secure lines
Which of the following statements about the internet security is not true?
VoIP is more secure than the switched voice network
An independent computer program that copies itself from one computer to another over a network is called a
A salesperson clicks repeatedly on the online ads of a competitor in order to drive the competitor's advertising costs up. This is an example of
click fraud
In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, a small program called Mitglieder was downloaded to the user's machine. The program enabled outsiders to infiltrate the user's machine. What type of maleware is this an example of?
Trojan horse
Redirecting a web link to a different address is a form of
A keylogger is a type of
Hackers create a botnet by
using web search bots to infect other computers
Using numerous computers to inundate and overwhelm the network from numerous launch points is called a ____________ attack.
Which of the following is not an example of a computer used as a target of crime?
illegally accessing stored electronic communication
Which of the following is not an example of a computer used as an instrument of crime?
breaching the confidentiality of protected computerized data
Phishing is a form of
An example of phishing is
setting up a fake medical website that asks users for confidential information.
Evil twins are
bogus wireless network access points that look legitimate to users
Pharming involves
redirecting users to a fraudulent web site even when the user has typed in the correct address in the web browser
You have been hired as a security consultant for a law firm. Which of the following constitutes the greatest source of security threats for the firm?
Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called
social engineering
How do software vendors correct flaws in their software after it has been distributed?
issue patches
The HIPAA Act of 1997
outlines medical security and privacy rules
The Gramm-Leach-Bliley Act
requires financial institutions to ensure the security of customer data
The Sarbanes-Oxley Act
imposes responsibility on companies and management to safeguard the accuracy of financial information
The most common type of electronic evidence is
Electronic evidence on computer storage media that is not visible to the average user is called _______ data.
Application controls
can be classified as input controls, processing controls, and output controls
_____ controls ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage.
Data security
Analysis or an information system that rates the likelihood of a security incident occurring and its cost is included in a
risk assessment
An _______ system is used to identify and authorize different categories of system users and specify which portions of the organization's systems each user can access
identity management
Which of the following is not one of the main firewall screening techniques?
secure socket filtering
Rigorous password systems
may hinder employee productivity
An authentication token is a
type of smart card
Which of the following is not a trait used for identification in biometric systems?
hair color
A firewall allows the organization to
prevent unauthorized communication both into and out of the network
In which technique are network communications are analyzed to see whether packets are part of an ongoing dialogue between a sender and a receiver?
stateful inspection
_________ uses scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.
intrusion detection systems
Currently, the protocols used for secure information transfer over the internet are
Most antivirus software is effective against
only those viruses already known when the software is written
In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?
symmetric key encryption
A digital certificate system
uses thrid-party CAs to validate a user's identity
Downtime refers to periods of time in which
a computer system is not operational
For 100% availability, online transaction processing requires
fault-tolerant computer systems
In controlling network traffic to minimize slow-downs, a technology called ______ is used to examine data files and sort low-priority data from high-priority data
deep-packet inspection
The development and use of methods to make computer systems resume their activities more quickly after mishaps is called
recovery oriented computing
Smaller firms may outsource some or many security functions to