EBusiness A Canadian Perspective For A Networked World Canadian 4th Edition Trites Test Bank Download

Ebusiness: A Canadian Perspective for a Networked World, 4e
Chapter 5 – Security and Controls
Solution Manual for eBusiness A Canadian Perspective for a

Networked World Canadian 4th Edition by Trites and Boritz
ISBN 0132482037 9780132482035
Full download link at:
Test bank:
https://testbankpack.com/p/test-bank-for-
ebusiness-a-canadian-perspective-for-a-
networked-world-canadian-4th-edition-
by-trites-and-boritz-isbn-0132482037-
9780132482035/
Solution manual:
https://testbankpack.com/p/solution-
manual-for-ebusiness-a-canadian-
perspective-for-a-networked-world-
canadian-4th-edition-by-trites-and-boritz-
isbn-0132482037-9780132482035/
1) Secure socket layer (SSL) is:
A) a section of a website requiring a username and password.
B) email being sent through the underground internet.
C) a component of internet security protocol used to securely connect clients and
servers.
D) a component of the internet used to connect desktops to wireless applications.
E) none of the above
Answer: C
Diff: 2 Type: MC Page Ref: 100
Skill: R Objective: 2
2) When logging on to a network server, authentication would mean that:

A) the user is permitted to look at specific directories on the server.
B) the password has expired.
C) the server is using VPN technology.
D) the client computer is recognized by the server.
E) all of the above
Answer: D
Skill: A Objective: 2
3) A public key infrastructure relies on which of the following?

A) digital certificates, encryption, and certificate authorities
B) random key generators, and encryption
Copyright © 2013 Pearson Canada Inc. 5-1

C) certificate authorities, government key authority, and encryption

D) digital certificates, digital keys, and digital encryption
E) all of the above
Answer: A
4) A security policy for a firm should deal with:

A) the responsibility for security issues in the firm.
B) types of controls to be used.
C) computing policies for users to follow.
D) disaster recovery issues.
E) all of the above
Answer: E
Diff: 2 Type: MC Page Ref: 104, 105
5) Software development within a firm:

A) can result in very severe security risks.
B) has little to do with security since it is internal.
C) should generally be outsourced for security reasons.
D) should always be kept encrypted.
E) requires the same security procedures as purchased software.
Answer: A
6) More than half the damage suffered in security breaches is caused by:
A) the inability to safely answer questionnaires.
B) carelessness, errors, or omissions.
C) having email read by unauthorized persons.
D) failure to lock the web browsers.
E) not having a firewall to protect the data .
Answer: B
7) Computer viruses are a major security threat because:

A) they can break through any protective measure.
B) they can be embarrassing to companies.
C) they cause a risk of loss of data.
D) they can infect home computers.
E) firewalls cannot protect against viruses.
Answer: C

8) Which of the following would be part of the disaster recovery plan of a company?
A) operations controls
B) physical controls
C) backup hardware locations
D) the number of check digits there should be in the application controls
Answer: C
9) The following statement best describes encryption on the internet:

A) Encryption completely protects your data.
B) Encryption assists in an overall security program.
C) Encryption only works on an intranet.
D) Encryption only works for email.
Answer: B
10) Digital certificates are used to:

A) identify who a user is and share their public key.
B) identify who a user is and share their private key.
C) let email recipients know what email program you use.
D) encrypt corporate data before it leaves the firewall.
E) encrypt outside data before it comes in through the firewall.
Answer: A
11) An asymmetric approach to security management means that:

A) both the sender and receiver of data have the same key.
B) the sender and receiver of data each have their own key.
C) the sender and receiver of data share a public-private key pair.
D) trading partners agree to outsource their security to a specialist.
E) trading partners directly link their servers with a VPN.
Answer: C
12) The primary purpose of a firewall is to:

A) ensure that employees don’t shop online while at work.
B) encrypt data sent over the internet.
C) monitor website traffic for ecommerce purposes.
D) make the internal network of a company more secure.


Answer: D
13) The term that describes the privileges that a user has within a system is ________.
A) physical controls
B) authentication
C) non-repudiation
D) authorization
E) data management
Answer: D
14) The concept of non-repudiation refers to:

A) the inability to deny who the sender of data was.
B) the inability to identify who the sender of data was.
C) the automatic destruction of data after it has been sent.
D) a virus which destroys a user’s hard drive.
E) a network scenario where backup procedures are carried out.
Answer: A
15) The following are all examples of security controls except:

A) policies on putting test applications into production
B) monitoring employee emails for personal messages
C) requiring passwords to access important applications
D) requiring users to change passwords every thirty days
E) documenting backup policies and procedures
Answer: B
16) A janitor brought her children to work in the evening and let them into the server
room to use the network server to play games because her computer was already
logged on. What control has been broken?
B) logical access controls
C) general access controls
D) security management controls
E) all of the above
Answer: E

17) An employee created a new database system to track promotional materials and
linked it into the ERP system. Soon after, the ERP system’s inventory module
suffered a crash. This crash is likely the result of ________.
B) non-repudiation
C) developmental controls
D) digital signatures
E) firewall errors
Answer: C
18) The following is an example of an applications control:

A) a password is required to log onto the network
B) the security manager has written an internet-use policy
C) email is backed up on a storage area network
D) an input mask ensures data is entered appropriately
Answer: D
19) The most accurate description of a firewall would be:

A) a security company hired to monitor your website.
B) a hardware device used to monitor traffic between a network and the internet.
C) a software application that determines how often backups should be made and
ensures that they are stored offsite.
D) a protective barrier in the wall outside of the network room.
E) a high risk area of a network.
Answer: B
20) Viruses can potentially result in:

A) destruction of data.
B) inappropriate access to data.
C) slowing of network traffic.
D) employee downtime.
E) all of the above
Answer: E
21) The use of electronic devices attached to transmission lines that can detect and
capture data transmissions on those lines is called:

A) Certificate Authorities (CAS).

B) check digits.
C) sniffing.
D) a digital certificate.
E) a disaster recovery plan.
Answer: C
22) There are two broad categories of controls. These are:

A) general and applications controls.
B) security and access controls.
C) firewall and biometric controls.
D) logical and operations controls.
E) management and business process
Answer: A
23) A potential problem with some Intrusion Detection Systems is the generation of a
large volume of ________.
A) false-positives
B) false-negatives
C) true-positives
D) true-negatives
E) all of the above
Answer: A
24) The annual report of Canadian Tire’s financial activities contains a tag containing the
time that it was created, modified and moved. This is an example of ________.
A) auto tagging
B) digital tagging
C) time stamping
D) authentication
E) auto stamping
Answer: C
25) The most basic privilege in a computerized business system is ________.

A) operation
B) output
C) storage
D) access

E) processing
Answer: D
26) Malicious acts include:

A) hacker attacks and viruses.
B) floods and storms.
C) unintentional errors.
D) power failure.
E) all of the above
Answer: A
27) An entity’s security program must address all but the following:
A) its users’ security awareness
B) procedural guidance and training
C) compliance incentives
D) business process improvement
E) compliance monitoring.
Answer: D
28) An access control technique used on the web to prevent unauthorized software from
masquerading as a person, presenting a set of distorted squiggly letters and numbers
that people can decipher but computers cannot is called ________.
A) GOTCHA
B) a digitial signature
C) CAPTCHA
D) a public key
E) encryption
Answer: C
29) Biometrics include all of the following except:

A) signatures.
B) fingerprints.
C) passwords
D) voice recognition.
E) retina scans
Answer: C

30) All applications that a business uses require controls for input, processing, output,
storage, and:
A) communications.
B) access
C) authorization
D) performance
E) privacy
Answer: A
31) With current technology, security risks are becoming much less of a concern.
A) True
B) False
Answer: False
Diff: 2 Type: TF Page Ref: 89
32) Logical access controls include locking the door to the server room.
A) True
B) False
Answer: False
33) Firewalls are only one component of an overall security program.

A) True
B) False
Answer: True
34) The encryption of information is all that is needed to ensure that a network is safe
from attacks.
A) True
B) False
Answer: False
35) A company can build its security platform on public key infrastructure.
A) True
B) False
Answer: True

36) Lack of standards, regulations and rules, and support systems are examples of
internal risks associated with new business models.
A) True
B) False
Answer: False
37) Studies on stock prices of ebusiness entities have shown that security breaches
involving access to confidential data and website outages are associated with
significant stock price declines.
A) True
B) False
Answer: True
38) An International Development System (IDS) monitors devices and processes for
security threats and can alert security personnel of the occurrence of unusual activity
as it occurs.
A) True
B) False
Answer: False
39) The process of encryption converts data into a form called cipher.
A) True
B) False
Answer: True
40) S-HTTP is an extension of HTTP that enables individual messages to be encrypted.

A) True
B) False
Answer: True
41) Outsourcing IT activities can lead to a loss of control over the entity’s business
activities.
A) True
B) False

Answer: True
42) All risks can be prevented.

A) True
B) False
Answer: False
43) List six categories included in general controls.

Answer:
Security management, general access controls, system acquisition or development
controls, system maintenance and change controls, operations controls, and business
continuity controls
Diff: 3 Type: ES Page Ref: 91, 92
44) Define the meaning of the term “hash”.

Answer:
A total based on a field that is not expected to change and is therefore useful for
ensuring that no unauthorized additions, changes, or deletions have occurred in a file
of records containing that field.
Diff: 2 Type: ES Page Ref: 98
45) What pair of “keys” is used to encrypt and decrypt messages and other data
transmissions?
Answer:
Private/public
46) List the major components of a security policy.

Answer:
Security administration, standard operating procedures, information management,
privilege management, physical security, logical access control, and end-user
computing policy.
Diff: 3 Type: ES Page Ref: 105-107
47) Describe what should be included in end-user computing policy.

Answer:
The policy should include items such as reminders that users must comply with
corporate security policies and procedures, take care of corporate equipment, and use

the company’s computer resources and information only for authorized business
purposes.
It also sets out responsibilities for backing up data, protecting against viruses, keeping
passwords secret, and taking other precautions for protecting the privacy of corporate
data.Diff: 2 Type: ES Page Ref: 107
48) Explain the “principle of least privilege”.

Answer:
A principle which suggests granting the minimum access and user privileges required
by individuals to complete the tasks they are responsible for and no more.
49) Determining the right level of security is a difficult balance. Explain.

Answer:
Too little security opens the company to attacks, while too much security slows
system performance and can impact employee morale and customer satisfaction.
50) How does drive-by hacking work?

Answer:
Because home users often do not enable the security available for wireless networks,
they can be vulnerable targets for hackers. Typically, a wireless expert with a
handheld computer drives or walks around a district where there are likely to be
wireless networks installed and tries to gain access to those the computer detects.

EBusiness A Canadian Perspective For A Networked World Canadian 4th Edition Trites Test Bank Download

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

EBusiness A Canadian Perspective For A Networked World Canadian 4th Edition Trites Test Bank Download

Uploaded by

Copyright:

Available Formats

Ebusiness: A Canadian Perspective for a Networked World, 4e

Chapter 5 – Security and Controls

Solution Manual for eBusiness A Canadian Perspective for a

2) When logging on to a network server, authentication would mean that:

3) A public key infrastructure relies on which of the following?

Copyright © 2013 Pearson Canada Inc. 5-1

C) certificate authorities, government key authority, and encryption

4) A security policy for a firm should deal with:

5) Software development within a firm:

7) Computer viruses are a major security threat because:

Copyright © 2013 Pearson Canada Inc. 5-2

9) The following statement best describes encryption on the internet:

10) Digital certificates are used to:

11) An asymmetric approach to security management means that:

12) The primary purpose of a firewall is to:

Copyright © 2013 Pearson Canada Inc. 5-3

E) none of the above

14) The concept of non-repudiation refers to:

15) The following are all examples of security controls except:

Copyright © 2013 Pearson Canada Inc. 5-4

18) The following is an example of an applications control:

19) The most accurate description of a firewall would be:

20) Viruses can potentially result in:

Copyright © 2013 Pearson Canada Inc. 5-5

A) Certificate Authorities (CAS).

22) There are two broad categories of controls. These are:

25) The most basic privilege in a computerized business system is ________.

Copyright © 2013 Pearson Canada Inc. 5-6

26) Malicious acts include:

29) Biometrics include all of the following except:

Copyright © 2013 Pearson Canada Inc. 5-7

33) Firewalls are only one component of an overall security program.

Copyright © 2013 Pearson Canada Inc. 5-8

40) S-HTTP is an extension of HTTP that enables individual messages to be encrypted.

Copyright © 2013 Pearson Canada Inc. 5-9

42) All risks can be prevented.

43) List six categories included in general controls.

44) Define the meaning of the term “hash”.

46) List the major components of a security policy.

47) Describe what should be included in end-user computing policy.

Copyright © 2013 Pearson Canada Inc. 5-10

48) Explain the “principle of least privilege”.

49) Determining the right level of security is a difficult balance. Explain.

50) How does drive-by hacking work?

Copyright © 2013 Pearson Canada Inc. 5-11

You might also like