How can we help?

You can also find more resources in our Help Center.

60 terms

Chapter 8

STUDY
PLAY
Fault-tolerant computers contain redundant hardware, software, and power supply components.
- True
- False
True
An authentication token is a(n)
- device the size of a credit card that contains access permission data.
- type of smart card.
- gadget that displays passcodes.
- electronic marker attached to a digital authorization file.
gadget that displays passcodes
Specific security challenges that threaten the communications lines in a client/server environment include
- tapping; sniffing; message alteration; radiation.
- hacking; vandalism; denial of service attacks.
- theft, copying, alteration of data; hardware or software failure.
- unauthorized access; errors; spyware.
tapping; sniffing; message alteration; radiation.
Viruses can be spread through e-mail.
- True
- False
True
In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, a small program called Mitglieder was downloaded to the user's machine. The program enabled outsiders to infiltrate the user's machine. What type of malware is this an example of?
- Trojan horse
- virus
- worm
- spyware
Trojan horse
Application controls
- can be classified as input controls, processing controls, and output controls.
- govern the design, security, and use of computer programs and the security of data files in general throughout the organization.
- apply to all computerized applications and consist of a combination of hardware, software, and manual procedures that create an overall control environment.
- include software controls, computer operations controls, and implementation controls.
can be classified as input controls, processing controls, and output controls.
Specific security challenges that threaten corporate servers in a client/server environment include
- tapping; sniffing; message alteration; radiation.
- hacking; vandalism; denial of service attacks.
- theft, copying, alteration of data; hardware or software failure.
- unauthorized access; errors; spyware.
hacking; vandalism; denial of service attacks.
How do hackers create a botnet?
- by infecting Web search bots with malware
- by using Web search bots to infect other computers
- by causing other people's computers to become "zombie" PCs following a master computer
- by infecting corporate servers with "zombie" Trojan horses that allow undetected access through a back door
by causing other people's computers to become "zombie" PCs following a master computer
Online transaction processing requires
- more processing time.
- a large server network.
- fault-tolerant computer systems.
- dedicated phone lines.
fault-tolerant computer systems.
Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called
- sniffing
- social engineering
- phishing
- pharming
social engineering
NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.
- True
- False
True
SSL is a protocol used to establish a secure connection between two computers.
- True
- False
True
In which technique are network communications are analyzed to see whether packets are part of an ongoing dialogue between a sender and a receiver?
- stateful inspection
- intrusion detection system
- application proxy filtering
- packet filtering
stateful inspection
How do software vendors correct flaws in their software after it has been distributed?
- issue bug fixes
- issue patches
- re-release software
- issue updated versions
issue patches
Biometric authentication is the use of physical characteristics such as retinal images to provide identification.
- True
- False
False
Public key encryption uses two keys.
- True
- False
True
The Sarbanes-Oxley Act
- requires financial institutions to ensure the security of customer data.
- specifies best practices in information systems security and control.
- imposes responsibility on companies and management to safeguard the accuracy of financial information.
- outlines medical security and privacy rules.
imposes responsibility on companies and management to safeguard the accuracy of financial information.
Rigorous password systems
- are one of the most effective security tools.
- may hinder employee productivity.
- are costly to implement.
- are often disregarded by employees.
may hinder employee productivity.
The HIPAA Act of 1997
- requires financial institutions to ensure the security of customer data.
- specifies best practices in information systems security and control.
- imposes responsibility on companies and management to safeguard the accuracy of financial information.
- outlines medical security and privacy rules.
outlines medical security and privacy rules.
In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?
- SSL
- symmetric key encryption
- public key encryption
- private key encryption
symmetric key encryption
The most economically damaging kinds of computer crime are e-mail viruses.
- True
- False
False
An acceptable use policy defines the acceptable level of access to information assets for different users.
- True
- False
False
In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.
- high availability computing
- deep-packet inspection
- application proxy filtering
- stateful inspection
deep-packet inspection
________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.
- Stateful inspections
- Intrusion detection systems
- Application proxy filtering technologies
- Packet filtering technologies
Intrusion detection systems
Computers using cable modems to connect to the Internet are more open to penetration than those connecting via dial-up.
- True
- False
True
The Gramm-Leach-Bliley Act
- requires financial institutions to ensure the security of customer data.
- specifies best practices in information systems security and control.
- imposes responsibility on companies and management to safeguard the accuracy of financial information.
- outlines medical security and privacy rules.
requires financial institutions to ensure the security of customer data.
Downtime refers to periods of time in which a
- computer system is malfunctioning.
- computer system is not operational.
- corporation or organization is not operational.
- computer is not online.
computer system is not operational.
A firewall allows the organization to
- enforce a security policy on traffic between its network and the Internet.
- check the accuracy of all transactions between its network and the Internet.
- create an enterprise system on the Internet.
- check the content of all incoming and outgoing e-mail messages.
enforce a security policy on traffic between its network and the Internet.
Currently, the protocols used for secure information transfer over the Internet are
- TCP/IP and SSL.
- S-HTTP and CA.
- HTTP and TCP/IP.
- SSL, TLS, and S-HTTP.
SSL, TLS, and S-HTTP.
An analysis of the firm's most critical systems and the impact a system's outage would have on the business is included in a(n)
- security policy.
- AUP.
- risk assessment.
- business impact analysis.
business impact analysis.
The Internet poses specific security problems because
- it was designed to be easily accessible.
- everyone uses the Internet.
- Internet standards are universal.
- it changes so rapidly.
it was designed to be easily accessible
Most antivirus software is effective against
- only those viruses active on the Internet and through e-mail.
- any virus.
- any virus except those in wireless communications applications.
- only those viruses already known when the software is written.
only those viruses already known when the software is written.
In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, a small program called Mitglieder was downloaded to the user's machine. The program enabled outsiders to infiltrate the user's machine. What type of malware is this an example of?
- Trojan horse
- virus
- worm
- spyware
Trojan horse
Biometric authentication
- is inexpensive.
- is used widely in Europe for security applications.
- can use a person's face as a unique, measurable trait.
- only uses physical traits as a measurement.
can use a person's face as a unique, measurable trait.
Phishing is a form of
- spoofing.
- spinning.
- snooping.
- sniffing.
spoofing.
The potential for unauthorized access is usually limited to the communications lines of a network.
- True
- False
False
An independent computer program that copies itself from one computer to another over a network is called a
- worm.
- Trojan horse.
- bug.
- pest.
worm.
Viruses can be spread through e-mail.
- True
- False
True
Wireless networks are vulnerable to penetration because radio frequency bands are easy to scan.
- True
- False
True
Sobig.F and MyDoom.A are
- viruses that use Microsoft Outlook to spread to other systems.
- worms attached to e-mail that spread from computer to computer.
- multipartite viruses that can infect files as well as the boot sector of the hard drive.
- Trojan horses used to create bot nets.
worms attached to e-mail that spread from computer to computer.
In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?
- SSL
- symmetric key encryption
- public key encryption
- private key encryption
symmetric key encryption
Sniffers enable hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files, and confidential reports.
- True
- False
True
High-availability computing is also referred to as fault tolerance.
- True
- False
False
Computer worms spread much more rapidly than computer viruses.
- True
- False
True
The range of Wi-Fi networks can be extended up to two miles by using external antennae.
- True
- False
False
Specific security challenges that threaten clients in a client/server environment include
- tapping; sniffing; message alteration; radiation.
- hacking; vandalism; denial of service attacks.
- theft, copying, alteration of data; hardware or software failure.
- unauthorized access; errors; spyware.
unauthorized access; errors; spyware.
The WEP specification calls for an access point and its users to share the same 40-bit encrypted password.
- True
- False
True
________ controls ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage.
- Software
- Administrative
- Data security
- Implementation
Data security
Biometric authentication is the use of physical characteristics such as retinal images to provide identification.
- True
- False
False
Pharming involves
- redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.
- pretending to be a legitimate business's representative in order to garner information about a security system.
- setting up fake Web sites to ask users for confidential information.
- using e-mails for threats or harassment.
redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.
SSL is a protocol used to establish a secure connection between two computers.
- True
- False
True
Fault-tolerant computers contain redundant hardware, software, and power supply components.
- True
- False
True
NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.
- True
- False
True
Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n)
- security policy.
- AUP.
- risk assessment.
- business impact analysis.
risk assessment.
In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.
- high availability computing
- deep-packet inspection
- application proxy filtering
- stateful inspection
deep-packet inspection
An authentication token is a(n)
- device the size of a credit card that contains access permission data.
- type of smart card.
- gadget that displays passcodes.
- electronic marker attached to a digital authorization file.
gadget that displays passcodes.
The Sarbanes-Oxley Act
- requires financial institutions to ensure the security of customer data.
- specifies best practices in information systems security and control.
- imposes responsibility on companies and management to safeguard the accuracy of financial information.
- outlines medical security and privacy rules.
imposes responsibility on companies and management to safeguard the accuracy of financial information.
Smaller firms can outsource security functions to
- MISs
- CSOs
- MSSPs
- CAs
MSSPs
A key logger is a type of
- worm.
- Trojan horse.
- virus.
- spyware.
spyware.
In which technique are network communications are analyzed to see whether packets are part of an ongoing dialogue between a sender and a receiver?
- stateful inspection
- intrusion detection system
- application proxy filtering
- packet filtering
stateful inspection