Deck 8: Securing Information Systems

A) Theft of trade secrets
B) Intentionally attempting to intercept electronic communication
C) Unauthorized copying of software
D) Breaching the confidentiality of protected computerized data
E) Illegally accessing stored electronic communications

A) Eighty percent of the world's malware is delivered by botnets.
B) Botnets are often used to perpetrate DDoS attacks.
C) Ninety percent of the world's spam is delivered by botnets.
D) Botnets are often used for click fraud.
E) It is not possible to make a smartphone part of a botnet.

A) "Security"
B) "Controls"
C) "Benchmarking"
D) "Algorithms"
E) "Authentication"

A) worm.
B) Trojan horse.
C) driveby download.
D) keylogger.
E) payload.

A) phishing.
B) pharming.
C) spoofing.
D) click fraud.
E) sniffing.

A) Knowingly accessing a protected computer to commit fraud
B) Accessing a computer system without authority
C) Illegally accessing stored electronic communication
D) Threatening to cause damage to a protected computer
E) Breaching the confidentiality of protected computerized data

A) SSIDs are broadcast multiple times and can be picked up fairly easily by sniffer programs.
B) Radio frequency bands are easy to scan.
C) An intruder who has associated with an access point by using the correct SSID is capable of accessing other resources on the network.
D) Intruders can force a user's NIC to associate with a rogue access point.
E) Bluetooth is the only wireless technology that is not susceptible to hacking by eavesdroppers.

A) worm.
B) Trojan horse.
C) bug.
D) pest.
E) sniffer.

A) flooding a web server with thousands of requests for service.
B) setting up a fake medical website that asks users for confidential information.
C) a program that records the keystrokes on a computer.
D) sending bulk email that asks for financial aid under a false pretext.
E) malware that displays annoying pop-up messages.

A) snooping.
B) spoofing.
C) sniffing.
D) war driving.
E) SQL injection attack.

A) SQL injection attack
B) Browser parasite
C) Worm
D) Ransomware
E) Script virus

A) DDoS
B) DoS
C) SQL injection
D) phishing
E) ransomware

A) tapping, sniffing, message alteration, and radiation.
B) hacking, vandalism, and denial of service attacks.
C) theft, copying, alteration of data, and hardware or software failure.
D) unauthorized access, errors, and spyware.
E) vandalism, message alteration, and errors.

A) tapping, sniffing, message alteration, and radiation.
B) hacking, vandalism, and denial of service attacks.
C) theft, copying, alteration of data, and hardware or software failure.
D) unauthorized access, errors, and spyware.
E) vandalism, message alteration, and errors.

A) Trojan Horse
B) SQL injection attack
C) Sniffer
D) Evil twin
E) Ransomware

A) worm.
B) Trojan horse.
C) virus.
D) spyware.
E) SQL injection attack.

A) The use of P2P networks can expose a corporate computer to outsiders.
B) A corporate network without access to the Internet is more secure than one that provides access.
C) VoIP is more secure than the switched voice network.
D) Instant messaging can provide hackers access to an otherwise secure network.
E) Most VoIP traffic is not encrypted.

A) spoofing.
B) logging.
C) sniffing.
D) war driving.
E) ransomware.

A) tapping, sniffing, message alteration, and radiation.
B) hacking, vandalism, and denial of service attacks.
C) theft, copying, alteration of data, and hardware or software failure.
D) unauthorized access, errors, and spyware.
E) errors, vandalism, and malware.

A) Identity theft
B) Spoofing
C) Social engineering
D) Evil twins
E) Cybervandalism

A) phishing.
B) denial-of-service attacks.
C) cyberwarfare.
D) ransomware.
E) injection attack.

A) $1.27 million.
B) $12.7 million.
C) $127 million.
D) $1.27 billion.
E) $12.7 billion.

A) $1.6 million
B) $16 million
C) $160 million
D) $1.6 billion
E) $16 billion

A) NICs
B) Mac addresses
C) URLs
D) SSIDs
E) CAs

A) the Netherlands.
B) the United Kingdom.
C) the United States.
D) Germany.
E) Mexico.

A) Viruses
B) User lack of knowledge
C) Trojan horses
D) Cyberwarfare
E) Bugs

A) Computer log containing recent system errors
B) A file deleted from a hard disk
C) A file that contains an application's user settings
D) A set of raw data from an environmental sensor
E) An email file

A) redirecting users to a fraudulent website even when the user has typed in the correct address in the web browser.
B) pretending to be a legitimate business's representative in order to garner information about a security system.
C) setting up fake websites to ask users for confidential information.
D) using emails for threats or harassment.
E) malware that displays annoying pop-up messages.

A) Computer Fraud and Abuse Act
B) Economic Espionage Act
C) Electronic Communications Privacy Act
D) Data Security and Breach Notification Act
E) National Information Infrastructure Protection Act

A) the growing complexity of software programs.
B) the growing size of software programs.
C) demands for timely delivery to markets.
D) the inability to fully test programs.
E) the increase in malicious intruders seeking system access.

A) Trojan horses that appear to the user to be a legitimate commercial software application.
B) email messages that mimic the email messages of a legitimate business.
C) fraudulent websites that mimic a legitimate business's website.
D) bogus wireless network access points that look legitimate to users.
E) viruses that affect smartphones.

A) war driving.
B) sniffing.
C) cybervandalism.
D) driveby tapping.
E) driveby downloading.

A) sniffing.
B) social engineering.
C) phishing.
D) pharming.
E) click fraud.

A) requires financial institutions to ensure the security of customer data.
B) specifies best practices in information systems security and control.
C) imposes responsibility on companies and management to safeguard the accuracy of financial information.
D) outlines medical security and privacy rules.
E) requires that companies retain electronic records for at least 10 years.

A) voice-mail.
B) spreadsheets.
C) instant messages.
D) email.
E) e-commerce transactions over the Internet.

A) requires financial institutions to ensure the security of customer data.
B) specifies best practices in information systems security and control.
C) imposes responsibility on companies and management to safeguard the accuracy of financial information.
D) outlines medical security and privacy rules.
E) requires that companies retain electronic records for at least 10 years.

A) $750
B) $1,000
C) $1,500
D) $2,000
E) $3,000

A) presenting collected evidence in a court of law.
B) securely storing recovered electronic data.
C) collecting physical evidence on the computer.
D) finding significant information in a large volume of electronic data.
E) recovering data from computers while preserving evidential integrity.

A) requires financial institutions to ensure the security of customer data.
B) specifies best practices in information systems security and control.
C) imposes responsibility on companies and management to safeguard the accuracy of financial information.
D) outlines medical security and privacy rules.
E) requires that companies retain electronic records for at least 10 years.

A) The U.S. Justice Department
B) The U.S. Food and Drug Administration
C) The U.S. Federal Trade Commission
D) The Federal Bureau of Investigation
E) The U.S. Securities and Exchange Commission

A) application controls.
B) implementation controls.
C) physical hardware controls.
D) administrative controls.
E) data security controls.

A) TCP/IP, SSL and CA.
B) S-HTTP, TCP/IP, and CA.
C) HTTP, TLS, and TCP/IP.
D) SSL, TLS, and S-HTTP.
E) TLS, S-HTTP, and TCP/IP

A) is a device the size of a credit card that contains access permission data.
B) is a type of smart card.
C) is a device that displays passcodes.
D) is an electronic marker attached to a digital authorization file.
E) compares a person's unique characteristics against a stored profile of these characteristics to determine any differences between these characteristics and the stored profile.

A) security policy.
B) AUP.
C) risk assessment.
D) business impact analysis.
E) What-if analysis.

A) Software
B) Administrative
C) Data security
D) Implementation
E) Authentication

A) fingerprints.
B) facial characteristics.
C) body odor.
D) retinal images.
E) voice.

A) An information systems audit policy
B) A CA policy
C) A MSSP
D) A UTM system
E) An AUP

A) TLS
B) AUP
C) VPN
D) WPA2
E) S-HTTP

A) SSL
B) Symmetric key encryption
C) Public key encryption
D) Private key encryption
E) TLS

A) Authentication cannot be established by the use of a password.
B) Password systems that are too rigorous may hinder employee productivity.
C) Passwords can be stolen through social engineering.
D) Passwords are often disregarded by employees.
E) Passwords can be sniffed when being transmitted over a network.

A) security policy.
B) AUP.
C) risk assessment.
D) business impact analysis.
E) What-if analysis.

A) enforce a security policy on data exchanged between its network and the Internet.
B) check the accuracy of all transactions between its network and the Internet.
C) create an enterprise system on the Internet.
D) check the content of all incoming and outgoing email messages.
E) authenticate users.

A) can be classified as input controls, processing controls, and output controls.
B) govern the design, security, and use of computer programs.
C) apply to all computerized applications and consist of a combination of hardware, software, and manual procedures that create an overall control environment.
D) include software controls, computer operations controls, and implementation controls.
E) govern the security of data files in general throughout the organization.

A) Stateful inspections
B) Intrusion detection systems
C) Application proxy filtering technologies
D) Packet filtering technologies
E) Firewalls

A) Business continuity planning
B) Security policies
C) Disaster recovery planning
D) An AUP
E) An information systems audit