Test Bank for MIS 7th Edition Bidgoli 1305667573

9781305667570

Download full test bank at:

https://testbankpack.com/p/test-bank-for-mis-7th-edition-bidgoli-
1305667573-9781305667570/
Download full solution manual at:
https://testbankpack.com/p/solution-manual-for-mis-7th-edition-bidgoli-
1305667573-9781305667570/

Chapter 5

TRUEFALSE

1. When disaster strikes, an organization should contact the insurance company to resume normal
operations as soon as possible.

(A) True (B)

False

Answer : (A)

2. In the context of intentional computer and network threats, social engineers protects the integrity
of information resources.

(A) True (B)

False

Answer : (B)

3. The cost of setting up a virtual private network (VPN) is usually high.

(A) True

(B) False

Answer : (B)

4. Application-filtering firewalls are less expensive than packet-filtering firewalls.

(A) True

(B) False
Answer : (B)

5. Viruses can be transmitted through a network or through e-mail attachments.

(A) True

(B) False

Answer : (A)

6. An intrusion detection system (IDS) can protect networks against both external and internal
access.
(A) True : (A)
Answer

(B) False

Answer : (A)

7. In some instances, after examining an incoming packet, a firewall can send a message to the
packet's sender that the attempt to transmit the packet has failed.

(A) True (B)

False

Answer : (A)

8. In the context of the CIA triangle, confidentiality means that computers and networks are
operating and authorized users can access the information they need.

(A) True (B)

False

Answer : (B)

9. Level 1 security protects back-end systems to ensure confidentiality, accuracy, and integrity of
data.

(A) True (B)

False

Answer : (B)

10. The main drawback of an intrusion detection system (IDS) is its inability to prevent denial-o-
-service (DoS) attacks.

(A) True

(B) False

Answer : (B)

11. If a drive in a redundant array of independent disks (RAID) system fails, data stored on it can be
reconstructed from data stored on the remaining drives.

(A) True

(B) False
(A) True : (A)
Answer

(B) False

Answer : (A)
12. Auction fraud is sending fraudulent e-mails that seem to come from legitimate sources, such as a
bank or university.

(A) True (B)

False

Answer : (B)

13. Social engineering is an attack that takes advantage of the backdoors in security systems.

(A) True

(B) False

Answer : (B)

14. When a program containing a virus is used, the virus attaches itself to other files, and the cycle
continues.

(A) True (B)

False

Answer : (A)

15. The three important aspects of computer and network security, confidentiality, integrity, and
availability, are collectively referred to as the CIA triangle.

(A) True (B)

False

Answer : (A)

16. When using mirror disks, if one of the two disks containing the same data fails, the other disk
also fails.

(A) True (B)

False

Answer : (B)

17. Terminal resource security is a software feature that erases the screen and signs a user off
automatically after a specified length of inactivity.
(A) True : (A)
Answer

(B) False

Answer : (A)

18. In contrast to pharming, phishing involves hijacking an official Web site address by hacking a
Domain Name System server.

(A) True

(B) False

Answer : (B)

19. When an organization develops a comprehensive security plan, it should set up a security
committee with representatives from all departments as well as upper management.

(A) True (B)

False

Answer : (A)

MULTICHOICE

20. In the context of intentional security threats, can erase data and wreak havoc on
computers and networks but do not replicate themselves.

(A) Trojan programs

(B) worms

(C) viruses

(D) McCumber cubes

Answer : (A)

21. outlines procedures for keeping an organization operational in the event of a natural
disaster or a network attack or intrusion.

(A) An access control system

(B) Business continuity planning

(C) An intrusion detection system

(D) Terminal resource security

Answer : (B)

22. In the context of computer and network security, means that a system must not allow the
disclosing of information by anyone who is not authorized to access it.

(A) reliability

(B) confidentiality

(C) integrity

(D) availability

Answer : (B)

23. When a computer is infected by a virus, .

(A) the system's disk access is fast

(B) system updates are recommended often

(C) some programs suddenly increase in size

(D) the available memory space remains constant

Answer : (C)

24. is used to encrypt the data sent through a virtual private network (VPN).

(A) User Datagram Protocol

(B) Transmission Control Protocol

(C) Transport Layer Security

(D) Internet Protocol Security

Answer : (D)

25. In the context of intentional computer and network threats, a floods a network or server
with service requests to prevent legitimate users' access to the system.

(A) blended threat

(B) denial-of-service attack

(C) keystroke logging attack

(D) backdoor threat

Answer : (B)
26. is the unauthorized use of system data for personal gain, such as transferring money
from another's account or charging purchases to someone else's account.

(A) Computer fraud

(B) Denial-of-service

(C) Keystroke logging

(D) Social engineering

Answer : (A)

27. In data encryption, thehttpsin a browser address bar indicates a safe HTTP connection over
.

(A) Secure Sockets Layer

(B) Transport Layer Security

(C) User Datagram Protocol

(D) Transmission Control Protocol

Answer : (A)

28. In the context of security, is an attack that takes advantage of the human element of
security systems.

(A) disk mirroring

(B) weblogging

(C) voice recognition

(D) social engineering

Answer : (D)

29. is a type of data encryption that enables users of the Internet to securely and privately
exchange data through the use of a pair of keys that is obtained from a trusted authority and shared
through that authority.

(A) A public key infrastructure

(B) Open key encryption

(C) Secret key encryption

(D) A private key infrastructure

Answer : (A)

30. When planning a comprehensive security system, the first step is designing , which use
a combination of hardware and software for improving reliability-a way of ensuring availability in
case of a system failure.

(A) fault-tolerant systems

(B) vulnerability-evade systems

(C) primary-defense systems

(D) database-resilient systems

Answer : (A)

31. In the context of computer and network security, means that computers and networks are
operating and authorized users can access the information they need.

(A) validity

(B) confidentiality

(C) integrity

(D) availability

Answer : (D)

32. Which of the following is a type of access control used to protect systems from unauthorized
access?

(A) Electronic trackers

(B) Passwords

(C) Firewalls

(D) Identification badges

Answer : (B)

33. In the context of firewall as a nonbiometric security measure, a is software that acts as an
intermediary between two systems.

(A) logic bomb

(B) callback modem

(C) proxy server

(D) block multiplexer

Answer : (C)

34. can interfere with users' control of their computers, through such methods as installing
additional software and redirecting Web browsers.

(A) Keystroke loggers

(B) Spyware

(C) Firmware

(D) Script loggers

Answer : (B)

35. is a form of spyware that collects information about a user (without the user's consent)
to determine which commercials to display in the user's Web browser.

(A) Adware

(B) Silverware

(C) Freeware

(D) Hardware

Answer : (A)

36. The process of capturing and recording network traffic is referred to as .

(A) sniffing

(B) phishing

(C) bombing

(D) pharming

Answer : (A)

37. Which of the following biometric security measures compares the length of each finger, the
translucence of fingertips, and the webbing between fingers against stored data to verify users'
identities?

(A) Hand geometry

(B) Fingerprint recognition

(C) Vein analysis

(D) Palm prints

Answer : (A)

38. Which of the following statements best describes spyware?

(A) It is software that secretly gathers information about users while they browse the Web.

(B) It is an attack that floods a server with service requests to prevent legitimate users' access to the
system.

(C) It is encryption security that manages transmission security on the Internet.

(D) It is a programming routine built into a system by its designer to bypass system security and
sneak back into the system later to access programs or files.

Answer : (A)

39. is also known as secret key encryption.

(A) Symmetric encryption

(B) Auto key generation

(C) Public key cryptography

(D) Message authentication

Answer : (A)

40. primarily control access to computers and networks and include devices for securing
computers and peripherals from theft.

(A) Nonbiometric security measures

(B) Virtual security measures

(C) Biometric security measures

(D) Physical security measures

Answer : (D)

41. Which of the following is a biometric security measure?

(A) Terminal resource security

(B) A corner bolt

(C) A callback modem

(D) Signature analysis

Answer : (D)

42. Which of the following intentional computer and network threats is a type of Trojan program
used to release a virus, worm, or other destructive code?

(A) A logic bomb

(B) Dumpster diving

(C) A blended threat

(D) Shoulder surfing

Answer : (A)

43. A is a type of an intentional computer and network threat.

(A) latch

(B) proxy server

(C) backdoor

(D) corner bolt

Answer : (C)

44. is a computer crime that involves destroying or disrupting computer services.

(A) Sabotage

(B) Dumpster diving

(C) Bombing

(D) Keystroke logging

Answer : (A)

45. In the context of computer and network security, refers to the accuracy of information
resources within an organization.

(A) validity

(B) confidentiality

(C) integrity
(D) availability

Answer : (C)

46. The Committee on National Security Systems (CNSS) proposed a model known as the for
evaluating information security.

(A) McCumber cube

(B) Six Sigma model

(C) Bohr model

(D) SWOT analysis

Answer : (A)

47. Which of the following statements is true of phishing?

(A) It involves sending fraudulent e-mails that seem to come from legitimate sources.

(B) It consists of self-propagating program code that is triggered by a specified time or event.

(C) It monitors and records keystrokes and can be software or hardware devices.

(D) It prevents the disclosure of information to anyone who is not authorized to access it.

Answer : (A)

48. Spoofing happens when:

(A) an illegitimate program poses as a legitimate one.

(B) keystrokes are monitored and recorded.

(C) a word is converted into a digital pattern.

(D) a firewall rejects the incoming data packets.

Answer : (A)

49. A(n) is a combination of hardware and software that acts as a filter or barrier between
a private network and external computers or networks.

(A) firewall

(B) rootkit

(C) intrusion detection system

(D) electronic tracker

Answer : (A)

50. The main function of Cyber Incident Response Capability (CIRC) is to .

(A) provide level 1 security

(B) restrict access controls to unauthorized personnel

(C) provide information on security incidents

(D) create backdoors to bypass security protocols

Answer : (C)

51. , a biometric security measure, translates words into digital patterns, which are
recorded and examined for tone and pitch.

(A) Voice recognition

(B) Audio manipulation

(C) Word exhibition

(D) Keyword identification

Answer : (A)

52. A level 1 security system is used to protect against unauthorized access.

(A) users' workstations

(B) back-end systems

(C) internal database servers

(D) front-end servers

Answer : (D)

53. In a level 2 security system, must be protected to ensure confidentiality, accuracy, and
integrity of data.

(A) back-end systems

(B) external databases

(C) private networks

(D) front-end servers

Answer : (A)
54. A level 3 security system focuses on protecting the against intrusion, denial-of-service
attacks, and unauthorized access.

(A) back-end server (B)

corporate network (C)

user's work station (D)

front-end server

Answer : (B)

55. is a commonly used encryption protocol that manages transmission security on the
Internet.

(A) Application Layer

(B) Secure Sockets Layer

(C) Transmission Control Protocol

(D) User Datagram Protocol

Answer : (B)

56. is an attempt to gain access to a network by posing as an authorized user in order to

find sensitive information, such as passwords and credit card information.

(A) Spoofing

(B) Keystroke logging

(C) Phishing

(D) Pharming

Answer : (A)

57. Code Red, Melissa, and Sasser are examples of .

(A) worms

(B) firewalls

(C) cable shields

(D) corner bolts

Answer : (A)
58. , a recent cryptographic protocol, ensures data security and integrity over public networks,
such as the Internet.

(A) Transport Layer Security

(B) Terminal Resource Security

(C) Transmission Control Security

(D) User Datagram Security

Answer : (A)

59. are an inexpensive way to secure a computer to a desktop or counter and often have locks
as an additional protection against theft.

(A) Corner bolts

(B) Identification badges

(C) Callback modems

(D) Electronic trackers

Answer : (A)

60. is one of the most popular password managers.

(A) Dashlane

(B) STOPzilla

(C) CounterSpy

(D) FilePro

Answer : (A)

61. Data sent through a virtual private network (VPN) can be encrypted using the .

(A) User Datagram Protocol

(B) Transmission Control Protocol

(C) Internet Control Message Protocol

(D) Layer Two Tunneling Protocol

Answer : (D)

62. Which of the following statements is true of a worm?

(A) It is an independent program that can spread itself without attaching itself to a host program.

(B) It floods a network or server with service requests to prevent legitimate users' access to the
system.

(C) It is usually hidden inside a popular program, but it is not capable of replicating itself.

(D) It enables a system designer to bypass the security of a system and sneak back into the system
later to access files.

Answer : (A)

63. Which of the following forms of text needs to be unscrambled using a decryption key?

(A) Plaintext

(B) Cleartext

(C) Teletext

(D) Ciphertext

Answer : (D)

64. monitor and record the keys pressed on a keyboard and can be software or hardware
devices.

(A) Keystroke loggers

(B) Key chain planners

(C) Key punchers

(D) Key performers

Answer : (A)

65. is an example of antispyware software.

(A) STOPzilla

(B) AndroZip

(C) Tumblr

(D) Dogpile

Answer : (A)

66. is a method of access control that prevents unauthorized users from using an
unattended computer to access the network and data.

(A) Terminal resource security

(B) Distance-vector routing

(C) Direct digital synthesis

(D) Link-state routing

Answer : (A)

67. Which of the following is a nonbiometric security measure?

(A) Electronic trackers

(B) Retinal scanning

(C) Callback modems

(D) Signature analysis

Answer : (C)

68. In the context of intentional computer and network threats, a combines the characteristics
of computer viruses, worms, and other malicious codes with vulnerabilities found on public and
private networks.

(A) blended threat

(B) mirror disk

(C) backdoor threat

(D) firewall

Answer : (A)

69. are usually placed in front of a firewall and can identify attack signatures, trace patterns,
generate alarms for a network administrator, and cause routers to terminate connections with
suspicious sources.

(A) Intrusion detection systems

(B) Proxy servers

(C) Identification badges

(D) Virtual private networks

Answer : (A)
70. A(n) is often used so that remote users have a secure connection to an organization's
network.

(A) biometric security network

(B) intrusion detection network

(C) virtual private network

(D) terminal resource network

Answer : (C)

71. In the event of a network attack or intrusion, a lists the tasks that must be performed by
the organization to restore damaged data and equipment.

(A) risk assessment plan

(B) systems engineering plan

(C) disaster recovery plan

(D) security compliance plan

Answer : (C)

72. A(n) contains code intended to disrupt a computer, network, or Web site and is usually
hidden inside a popular program.

(A) Trojan program

(B) PageRank

(C) exit application

(D) withdrawal suite

Answer : (A)

73. A consists of self-propagating program code that is triggered by a specified time or

event.

(A) virus

(B) mirror disk

(C) cable shield

(D) backdoor

Answer : (A)
74. In the context of e-commerce transaction security measures, authentication is a critical factor
because it ensures that:

(A) a system quickly recovers in the event of a system failure or disaster.

(B) the person using a credit card number is the card's legitimate owner.

(C) the accuracy of information resources within an organization is maintained.

(D) a system can easily be restored to operational status.

Answer : (B)

75. Which of the following statements is true of asymmetric encryption?

(A) It uses the same key to encrypt and decrypt a message.

(B) It requires a large amount of processing power.

(C) It can easily share a key over the Internet.

(D) It needs the shared key to be a secret between the sender and the receiver.

Answer : (B)

76. As a physical security measure, .

(A) electronic trackers are attached to a computer at the power outlet

(B) passwords are used to restrict access to computers

(C) firewalls are used to filter data packets

(D) a user's signature is verified before granting accessibility

Answer : (A)

77. Which of the following statements is true of application-filtering firewalls?

(A) They are less secure than packet-filtering firewalls.

(B) They filter viruses less effectively than packet-filtering firewalls.

(C) They filter faster than packet-filtering firewalls.

(D) They are more expensive than packet-filtering firewalls.

Answer : (D)

78. In the context of intentional computer and network threats, a is a programming routine
built into a system by its designer or programmer to bypass system security and sneak back into the
system later to access programs or files.

(A) logic bomb

(B) proxy server

(C) firewall

(D) backdoor

Answer : (D)

79. Similar to phishing, is directing Internet users to fraudulent Web sites with the intention of
stealing their personal information, such as Social Security numbers, passwords, bank account
numbers, and credit card numbers.

(A) sniffing

(B) screening

(C) pharming

(D) cybersquatting

Answer : (C)

80. In the context of the common intentional security threats, which of the following statements best
describes a worm?

(A) It travels from computer to computer in a network, but it does not usually erase data.

(B) It attaches itself to a host program to spread to other files in a computer.

(C) It is a programming routine built into a system by its designer to bypass system security and
sneak back into the system later to access data.

(D) It floods a network or server with service requests to prevent legitimate users' access to the
system.

Answer : (A)

81. Which of the following security measures uses a physiological element that is unique to a person
and cannot be stolen, lost, copied, or passed on to others?

(A) A physical security measure

(B) A firewall security measure

(C) An e-commerce security measure

(D) A biometric security measure

Answer : (D)

82. Which of the following statements is true of firewalls?

(A) They protect against external access, but they leave networks unprotected from internal
intrusions.

(B) They can identify attack signatures, trace patterns, and generate alarms for a network
administrator.

(C) They monitor network traffic and use the "prevent, detect, and react" approach to security.

(D) They cause routers to terminate connections with suspicious sources.

Answer : (A)

83. A is a security threat that may launch a worm through a Trojan horse or launch a
denial-of-service attack at a targeted IP address.

(A) blended threat

(B) magnetic threat

(C) signal threat

(D) router threat

Answer : (A)

84. uses a public key known to everyone and a private key known only to the recipient.

(A) Symmetric encryption

(B) Asymmetric encryption

(C) Remote key encryption

(D) Secret key encryption

Answer : (B)