Question 1

________ occurs when a person gains unauthorized access to a computer system.&#10;A) Usurpation&#10;B) Spoofing&#10;C) Hacking&#10;D) Phishing

Accepted Answer

Hacking refers to gaining unauthorized access to a computer system or network. Usurpation refers to taking over another person's rights or power, Spoofing refers to impersonating someone or falsifying data, and Phishing refers to tricking someone into giving away personal information or passwords.

Question 2

Which of the following is an example of a security threat resulting from malicious human activity?&#10;A) an employee who misunderstands operating procedures&#10;B) an employee who accidentally deletes customer records&#10;C) an employee who inadvertently installs an old database on top of the current one&#10;D) an employee who intentionally destroys data or other system components

Accepted Answer

Intentionally destroying data or system components is an example of a security threat resulting from malicious human activity, also known as insider threat. The other options are examples of human errors or mistakes, which can still pose security risks but are not intentionally malicious.

Question 3

A(n)________ card has a microchip on it that is loaded with identifying data.&#10;A) USB&#10;B) biometric&#10;C) smart&#10;D) encryption

Accepted Answer

Smart cards have microchips embedded in them that store data and can perform certain actions such as authentication and encryption. USB cards do not have microchips embedded in them and are typically used for storage or transferring data. Biometric cards use physical characteristics such as fingerprints for identification, but do not necessarily have microchips embedded in them. Encryption cards use algorithms to protect data, but do not necessarily have microchips embedded in them.

Question 4

Users of smart cards are required to enter a ________ to be authenticated.&#10;A) PIN&#10;B) password&#10;C) biometric detail&#10;D) key

Accepted Answer

Smart cards usually require a Personal Identification Number (PIN) to be entered for authentication, making sure that only the authorized user can access the card and the information stored in it. Passwords are also a common form of authentication, but they are typically associated with other types of security systems such as online accounts or computer logins. Biometric details (such as fingerprints or iris scans) and keys are less common forms of authentication for smart cards.

Question 5

A problem in a customer billing system that occurs due to errors made during software installation is a case of ________ resulting from ________.&#10;A) faulty service; human error&#10;B) distributed denial of service; malicious activity&#10;C) faulty service; malicious activity&#10;D) distributed denial of service; human error

Accepted Answer

The problem in the customer billing system is a case of faulty service, which suggests an error in the software or system itself. The cause of the error is due to human error during software installation, which indicates that it was not an intentional and malicious attack.

Question 6

A ________ pretends to be a legitimate company and sends emails requesting confidential data.&#10;A) hacker&#10;B) phisher&#10;C) drive-by sniffer&#10;D) sniffer

Accepted Answer

A phisher is someone who pretends to be a legitimate company to obtain confidential data, often through email scams. Hackers are individuals who attempt to gain unauthorized access to a system, while a drive-by sniffer is someone who intercepts network traffic without actually being connected to the network. A sniffer is someone who intercepts network traffic on their own network without being detected.

Question 7

________ is an example of a data safeguard against security threats.&#10;A) Application design&#10;B) Backup and recovery&#10;C) Accountability&#10;D) Procedure design

Accepted Answer

Backup and recovery is a data safeguard that protects against security threats by creating copies of important data and storing them in a secure location. In the event of a security breach or data loss, the backup can be used to restore the lost data. Application design, accountability, and procedure design are also important aspects of data security, but do not directly address safeguarding against security threats.

Question 8

Mark recently received an email from what appeared to be a legitimate company,asking him to update and verify his credit card details.Unknowingly,he obliged and later realized that the information had been misused.Mark is a victim of ________.

A) hacking
B) phishing
C) pretexting
D) sniffing

Accepted Answer

Mark is a victim of phishing, which is a type of scam where attackers trick individuals into sharing sensitive information by posing as a legitimate entity through email, text messages, or social media. The ultimate goal of phishing is to gain access to personal information, such as credit card details, usernames, and passwords, to commit identity theft or fraud.

Question 9

________ use(s)personal physical characteristics such as fingerprints,facial features,and retinal scans to verify users.&#10;A) Passwords&#10;B) Smart cards&#10;C) Biometric authentication&#10;D) Personal identification numbers

Accepted Answer

Biometric authentication uses unique personal physical characteristics to verify users and is considered to be more secure than passwords and personal identification numbers. Smart cards typically use a combination of a physical token and a PIN for authentication.

Question 10

________ is a technique for intercepting computer communications.&#10;A) Spoofing&#10;B) Hacking&#10;C) Pretexting&#10;D) Sniffing

Accepted Answer

Sniffing is a technique for intercepting computer communications, where a program (sniffer) captures all the data that travels from one computer to another over a network. This can be used for malicious purposes, such as stealing sensitive information or passwords.

Question 11

A user name ________ a user.&#10;A) authenticates&#10;B) identifies&#10;C) conceals&#10;D) encrypts

Accepted Answer

The answer of A user name ________ a user.&#10;A) authenticates&#10;B)...

Question 12

A person calls the Draper residence and pretends to represent a credit card company.He asks Mrs.Draper to confirm her credit card number.This is an example of ________.&#10;A) hacking&#10;B) phishing&#10;C) pretexting&#10;D) sniffing

Accepted Answer

The answer of A person calls the Draper residence and...

Question 13

Some unauthorized programs are able to ________ legitimate systems and substitute their own processing.&#10;A) usurp&#10;B) spoof&#10;C) hack&#10;D) flood

Accepted Answer

The answer of Some unauthorized programs are able to ________...

Question 14

________ simply take computers with wireless connections through an area and search for unprotected wireless networks.&#10;A) Drive-by sniffers&#10;B) Spoofers&#10;C) Hackers&#10;D) Phishers

Accepted Answer

The answer of ________ simply take computers with wireless connections...

Question 15

________ occur when bogus services flood a Web server.&#10;A) Spoofing attacks&#10;B) Hacking attacks&#10;C) Phishing attacks&#10;D) DOS attacks

Accepted Answer

The answer of ________ occur when bogus services flood a...

Question 16

Which of the following is a human safeguard against security threats?&#10;A) backup&#10;B) firewalls&#10;C) physical security&#10;D) procedure design

Accepted Answer

The answer of Which of the following is a human...

Question 17

Which of the following is a technical safeguard against security threats?&#10;A) passwords&#10;B) backup and recovery&#10;C) compliance&#10;D) identification and authorization

Accepted Answer

The answer of Which of the following is a technical...

Question 18

A password ________ a user.&#10;A) authenticates&#10;B) identifies&#10;C) conceals&#10;D) encrypts

Accepted Answer

The answer of A password ________ a user.&#10;A) authenticates&#10;B) identifies&#10;C)...

Question 19

Which of the following is a synonym for phishing?&#10;A) drive-by sniffing&#10;B) e-mail spoofing&#10;C) IP spoofing&#10;D) system hacking

Accepted Answer

The answer of Which of the following is a synonym...

Question 20

An employee carelessly releases proprietary data to the media.This is a case of ________ resulting from ________.&#10;A) loss of infrastructure; human error&#10;B) unauthorized data disclosure; human error&#10;C) loss of infrastructure; malicious activity&#10;D) unauthorized data disclosure; malicious activity

Accepted Answer

The answer of An employee carelessly releases proprietary data to...

Question 21

Enforcement of security procedures and policies consists of three interdependent factors: ________.&#10;A) centralized reporting, preparation, and practice&#10;B) account administration, systems procedures, and security monitoring&#10;C) separation of duties, least privilege, and position sensitivity&#10;D) responsibility, accountability, and compliance

Accepted Answer

The answer of Enforcement of security procedures and policies consists...

Question 22

________ firewalls can prohibit outsiders from starting a session with any user behind the firewall.&#10;A) Perimeter&#10;B) Internal&#10;C) Packet-filtering&#10;D) Malware

Accepted Answer

The answer of ________ firewalls can prohibit outsiders from starting...

Question 23

Organizations should protect sensitive data by storing it in ________ form.&#10;A) digital&#10;B) standardized&#10;C) encrypted&#10;D) authenticated

Accepted Answer

The answer of Organizations should protect sensitive data by storing...

Question 24

________ is the process of transforming clear text into coded,unintelligible text for secure storage or communication.&#10;A) Usurpation&#10;B) Authentication&#10;C) Standardization&#10;D) Encryption

Accepted Answer

The answer of ________ is the process of transforming clear...

Question 25

Which of the following is an example of a data safeguard?&#10;A) application design&#10;B) dissemination of information&#10;C) physical security&#10;D) malware protection

Accepted Answer

The answer of Which of the following is an example...

Question 26

What is the similarity between adware and spyware?&#10;A) Both masquerade as useful programs.&#10;B) Both are specifically programmed to spread.&#10;C) Both are installed without user's permission.&#10;D) Both are used to steal data.

Accepted Answer

The answer of What is the similarity between adware and...

Question 27

________ are remote processing centers run by commercial disaster-recovery services.&#10;A) Cold sites&#10;B) Web browsers&#10;C) Hot sites&#10;D) Backup centres

Accepted Answer

The answer of ________ are remote processing centers run by...

Question 28

Which of the following is true regarding an incident-response plan?&#10;A) The plan should provide decentralized reporting of all security incidents.&#10;B) The plan should require minimal training on the part of employees.&#10;C) The plan should identify critical personnel and their off-hours contact information.&#10;D) The plan should be simple enough to ensure a fast response with limited practice.

Accepted Answer

The answer of Which of the following is true regarding...

Question 29

In terms of password management,when an account is created,users should ________.&#10;A) create two passwords and switch back and forth between those two&#10;B) immediately change the password they are given to a password of their own&#10;C) maintain the same password they are given for all future authentication purposes&#10;D) ensure that they do not change their passwords frequently, thereby reducing the risk of password loss

Accepted Answer

The answer of In terms of password management,when an account...

Question 30

Every organization should have a(n)________ as part of the security program,which should include how employees are to react to security problems,whom they should contact,the reports they should make,and steps they can take to reduce further loss.

A) key escrow
B) smart card
C) human safeguard plan
D) incident-response plan

Accepted Answer

The answer of Every organization should have a(n)________ as part...

Question 31

Which of the following steps of the Secure Socket Layer is NOT true?&#10;A) The computer obtains the public key of the website to which it will connect.&#10;B) The computer generates a key for symmetric encryption.&#10;C) The computer encodes that key using the Web site's public key.&#10;D) The Web site decodes the symmetric key using its public key.

Accepted Answer

The answer of Which of the following steps of the...

Question 32

The broadest definition of ________ includes viruses,worms,Trojan horses,spyware,and adware.&#10;A) malware&#10;B) metadata&#10;C) software&#10;D) widgets

Accepted Answer

The answer of The broadest definition of ________ includes viruses,worms,Trojan...

Question 33

The program code that causes unwanted activity is called the ________.&#10;A) key escrow&#10;B) metadata&#10;C) widget&#10;D) payload

Accepted Answer

The answer of The program code that causes unwanted activity...

Question 34

Which of the following are malware masquerading as useful programs?&#10;A) macro viruses&#10;B) trojan horses&#10;C) worms&#10;D) payloads

Accepted Answer

The answer of Which of the following are malware masquerading...

Question 35

Typically,a help-desk information system has answers to questions that only a true user would know,such as the user's birthplace,mother's maiden name,or last four digits of an important account number.This information ________.

A) allows help-desk representatives to create new passwords for users
B) reduces the strength of the security system
C) protects the anonymity of a user
D) helps authenticate a user

Accepted Answer

The answer of Typically,a help-desk information system has answers to...

Question 36

Which of the following statements is true regarding position sensitivity?&#10;A) It is a type of data safeguard.&#10;B) It enables security personnel to prioritize their activities in accordance with the possible risk and loss.&#10;C) It is documented only for high-sensitivity positions.&#10;D) It applies to new employees only.

Accepted Answer

The answer of Which of the following statements is true...

Question 37

Because encryption keys can get lost or destroyed,a copy of the key should be stored with a trusted third party.This safety procedure is sometimes called ________.&#10;A) key escrow&#10;B) white hat&#10;C) key encryption&#10;D) biometric authentication

Accepted Answer

The answer of Because encryption keys can get lost or...

Question 38

Activity log analysis is an important ________ function.&#10;A) account administration&#10;B) security monitoring&#10;C) backup&#10;D) data administration

Accepted Answer

The answer of Activity log analysis is an important ________...

Question 39

________ are the patterns that exist in malware code and should be downloaded and updated frequently.&#10;A) Data safeguards&#10;B) Patches&#10;C) Antivirus scans&#10;D) Malware definitions

Accepted Answer

The answer of ________ are the patterns that exist in...

Question 40

A(n)________ sits outside the organizational network and is the first device that Internet traffic encounters.&#10;A) internal firewall&#10;B) perimeter firewall&#10;C) packet-filtering firewall&#10;D) malware firewall

Accepted Answer

The answer of A(n)________ sits outside the organizational network and...

Question 41

Smart cards are convenient and easy to use since they don't require a PIN number for authentication.

Accepted Answer

The answer of Smart cards are convenient and easy to...

Question 42

Sniffing is usually initiated via email.

Accepted Answer

The answer of Sniffing is usually initiated via email....

Question 43

Once a backup of database contents is made,it is safe to assume that the database is protected.

Accepted Answer

The answer of Once a backup of database contents is...

Question 44

Most spyware is benign in that it does not perform malicious acts or steal data.

Accepted Answer

The answer of Most spyware is benign in that it...

Question 45

Malware protection is an example of a technical safeguard.

Accepted Answer

The answer of Malware protection is an example of a...

Question 46

Technical safeguards include passwords and encryption.

Accepted Answer

The answer of Technical safeguards include passwords and encryption....

Question 47

Most secure communication over the Internet uses a protocol called HTTP.

Accepted Answer

The answer of Most secure communication over the Internet uses...

Question 48

Packet-filtering firewalls examine each part of a message and determine whether to let that part pass.

Accepted Answer

The answer of Packet-filtering firewalls examine each part of a...

Question 49

Pretexting occurs when someone deceives by pretending to be someone else.

Accepted Answer

The answer of Pretexting occurs when someone deceives by pretending...

Question 50

A criticism against biometric authentication is that it provides weak authentication.

Accepted Answer

The answer of A criticism against biometric authentication is that...

Question 51

Perimeter firewalls are the simplest type of firewalls.

Accepted Answer

The answer of Perimeter firewalls are the simplest type of...

Question 52

Senior management has two critical security functions: overall policy and risk management.

Accepted Answer

The answer of Senior management has two critical security functions:...

Question 53

Denial-of-service attacks are caused by human error,not malicious intent.

Accepted Answer

The answer of Denial-of-service attacks are caused by human error,not...

Question 54

Creating backup copies of database contents is a technical safeguard.

Accepted Answer

The answer of Creating backup copies of database contents is...

Question 55

System errors are not caused by human error.

Accepted Answer

The answer of System errors are not caused by human...

Question 56

The existence of spyware is generally unknown to the user.

Accepted Answer

The answer of The existence of spyware is generally unknown...

Question 57

Internal firewalls sit outside the organizational network.

Accepted Answer

The answer of Internal firewalls sit outside the organizational network....

Question 58

Viruses,worms,and Trojan horses are types of firewalls.

Accepted Answer

The answer of Viruses,worms,and Trojan horses are types of firewalls....

Question 59

Technical safeguards involve just the software components of an information system.

Accepted Answer

The answer of Technical safeguards involve just the software components...

Question 60

Incorrectly increasing a customer's discount is an example of incorrect data modification.

Accepted Answer

The answer of Incorrectly increasing a customer's discount is an...

Question 61

Differentiate between symmetric and asymmetric encryption.

Accepted Answer

The answer of Differentiate between symmetric and asymmetric encryption....

Question 62

In the context of human safeguards against security threats,the security sensitivity for each position should be documented.

Accepted Answer

The answer of In the context of human safeguards against...

Question 63

What is the difference between adware and spyware?

Accepted Answer

The answer of What is the difference between adware and...

Question 64

How is a Trojan horse different from a worm?

Accepted Answer

The answer of How is a Trojan horse different from...

Deck 12: Information Security Management