Professional Documents
Culture Documents
9781305667570
Chapter 5
TRUEFALSE
1. When disaster strikes, an organization should contact the insurance company to resume normal
operations as soon as possible.
False
Answer : (A)
2. In the context of intentional computer and network threats, social engineers protects the integrity
of information resources.
False
Answer : (B)
(A) True
(B) False
Answer : (B)
(A) True
(B) False
Answer : (B)
(A) True
(B) False
Answer : (A)
6. An intrusion detection system (IDS) can protect networks against both external and internal
access.
(A) True : (A)
Answer
(B) False
Answer : (A)
7. In some instances, after examining an incoming packet, a firewall can send a message to the
packet's sender that the attempt to transmit the packet has failed.
False
Answer : (A)
8. In the context of the CIA triangle, confidentiality means that computers and networks are
operating and authorized users can access the information they need.
False
Answer : (B)
9. Level 1 security protects back-end systems to ensure confidentiality, accuracy, and integrity of
data.
False
Answer : (B)
10. The main drawback of an intrusion detection system (IDS) is its inability to prevent denial-o-
-service (DoS) attacks.
(A) True
(B) False
Answer : (B)
11. If a drive in a redundant array of independent disks (RAID) system fails, data stored on it can be
reconstructed from data stored on the remaining drives.
(A) True
(B) False
(A) True : (A)
Answer
(B) False
Answer : (A)
12. Auction fraud is sending fraudulent e-mails that seem to come from legitimate sources, such as a
bank or university.
False
Answer : (B)
13. Social engineering is an attack that takes advantage of the backdoors in security systems.
(A) True
(B) False
Answer : (B)
14. When a program containing a virus is used, the virus attaches itself to other files, and the cycle
continues.
False
Answer : (A)
15. The three important aspects of computer and network security, confidentiality, integrity, and
availability, are collectively referred to as the CIA triangle.
False
Answer : (A)
16. When using mirror disks, if one of the two disks containing the same data fails, the other disk
also fails.
False
Answer : (B)
17. Terminal resource security is a software feature that erases the screen and signs a user off
automatically after a specified length of inactivity.
(A) True : (A)
Answer
(B) False
Answer : (A)
18. In contrast to pharming, phishing involves hijacking an official Web site address by hacking a
Domain Name System server.
(A) True
(B) False
Answer : (B)
19. When an organization develops a comprehensive security plan, it should set up a security
committee with representatives from all departments as well as upper management.
False
Answer : (A)
MULTICHOICE
20. In the context of intentional security threats, can erase data and wreak havoc on
computers and networks but do not replicate themselves.
(B) worms
(C) viruses
Answer : (A)
21. outlines procedures for keeping an organization operational in the event of a natural
disaster or a network attack or intrusion.
22. In the context of computer and network security, means that a system must not allow the
disclosing of information by anyone who is not authorized to access it.
(A) reliability
(B) confidentiality
(C) integrity
(D) availability
Answer : (B)
Answer : (C)
24. is used to encrypt the data sent through a virtual private network (VPN).
Answer : (D)
25. In the context of intentional computer and network threats, a floods a network or server
with service requests to prevent legitimate users' access to the system.
Answer : (B)
26. is the unauthorized use of system data for personal gain, such as transferring money
from another's account or charging purchases to someone else's account.
(B) Denial-of-service
Answer : (A)
27. In data encryption, thehttpsin a browser address bar indicates a safe HTTP connection over
.
Answer : (A)
28. In the context of security, is an attack that takes advantage of the human element of
security systems.
(B) weblogging
Answer : (D)
29. is a type of data encryption that enables users of the Internet to securely and privately
exchange data through the use of a pair of keys that is obtained from a trusted authority and shared
through that authority.
30. When planning a comprehensive security system, the first step is designing , which use
a combination of hardware and software for improving reliability-a way of ensuring availability in
case of a system failure.
Answer : (A)
31. In the context of computer and network security, means that computers and networks are
operating and authorized users can access the information they need.
(A) validity
(B) confidentiality
(C) integrity
(D) availability
Answer : (D)
32. Which of the following is a type of access control used to protect systems from unauthorized
access?
(B) Passwords
(C) Firewalls
Answer : (B)
33. In the context of firewall as a nonbiometric security measure, a is software that acts as an
intermediary between two systems.
Answer : (C)
34. can interfere with users' control of their computers, through such methods as installing
additional software and redirecting Web browsers.
(B) Spyware
(C) Firmware
Answer : (B)
35. is a form of spyware that collects information about a user (without the user's consent)
to determine which commercials to display in the user's Web browser.
(A) Adware
(B) Silverware
(C) Freeware
(D) Hardware
Answer : (A)
(A) sniffing
(B) phishing
(C) bombing
(D) pharming
Answer : (A)
37. Which of the following biometric security measures compares the length of each finger, the
translucence of fingertips, and the webbing between fingers against stored data to verify users'
identities?
Answer : (A)
(A) It is software that secretly gathers information about users while they browse the Web.
(B) It is an attack that floods a server with service requests to prevent legitimate users' access to the
system.
(D) It is a programming routine built into a system by its designer to bypass system security and
sneak back into the system later to access programs or files.
Answer : (A)
Answer : (A)
40. primarily control access to computers and networks and include devices for securing
computers and peripherals from theft.
Answer : (D)
Answer : (D)
42. Which of the following intentional computer and network threats is a type of Trojan program
used to release a virus, worm, or other destructive code?
Answer : (A)
(A) latch
(C) backdoor
Answer : (C)
(A) Sabotage
(C) Bombing
Answer : (A)
45. In the context of computer and network security, refers to the accuracy of information
resources within an organization.
(A) validity
(B) confidentiality
(C) integrity
(D) availability
Answer : (C)
46. The Committee on National Security Systems (CNSS) proposed a model known as the for
evaluating information security.
Answer : (A)
(A) It involves sending fraudulent e-mails that seem to come from legitimate sources.
(B) It consists of self-propagating program code that is triggered by a specified time or event.
(C) It monitors and records keystrokes and can be software or hardware devices.
(D) It prevents the disclosure of information to anyone who is not authorized to access it.
Answer : (A)
Answer : (A)
49. A(n) is a combination of hardware and software that acts as a filter or barrier between
a private network and external computers or networks.
(A) firewall
(B) rootkit
Answer : (C)
51. , a biometric security measure, translates words into digital patterns, which are
recorded and examined for tone and pitch.
Answer : (A)
Answer : (D)
53. In a level 2 security system, must be protected to ensure confidentiality, accuracy, and
integrity of data.
Answer : (A)
54. A level 3 security system focuses on protecting the against intrusion, denial-of-service
attacks, and unauthorized access.
front-end server
Answer : (B)
55. is a commonly used encryption protocol that manages transmission security on the
Internet.
Answer : (B)
(A) Spoofing
(C) Phishing
(D) Pharming
Answer : (A)
(A) worms
(B) firewalls
Answer : (A)
58. , a recent cryptographic protocol, ensures data security and integrity over public networks,
such as the Internet.
Answer : (A)
59. are an inexpensive way to secure a computer to a desktop or counter and often have locks
as an additional protection against theft.
Answer : (A)
(A) Dashlane
(B) STOPzilla
(C) CounterSpy
(D) FilePro
Answer : (A)
61. Data sent through a virtual private network (VPN) can be encrypted using the .
Answer : (D)
(B) It floods a network or server with service requests to prevent legitimate users' access to the
system.
(C) It is usually hidden inside a popular program, but it is not capable of replicating itself.
(D) It enables a system designer to bypass the security of a system and sneak back into the system
later to access files.
Answer : (A)
63. Which of the following forms of text needs to be unscrambled using a decryption key?
(A) Plaintext
(B) Cleartext
(C) Teletext
(D) Ciphertext
Answer : (D)
64. monitor and record the keys pressed on a keyboard and can be software or hardware
devices.
Answer : (A)
(A) STOPzilla
(B) AndroZip
(C) Tumblr
(D) Dogpile
Answer : (A)
66. is a method of access control that prevents unauthorized users from using an
unattended computer to access the network and data.
Answer : (A)
Answer : (C)
68. In the context of intentional computer and network threats, a combines the characteristics
of computer viruses, worms, and other malicious codes with vulnerabilities found on public and
private networks.
(D) firewall
Answer : (A)
69. are usually placed in front of a firewall and can identify attack signatures, trace patterns,
generate alarms for a network administrator, and cause routers to terminate connections with
suspicious sources.
Answer : (A)
70. A(n) is often used so that remote users have a secure connection to an organization's
network.
Answer : (C)
71. In the event of a network attack or intrusion, a lists the tasks that must be performed by
the organization to restore damaged data and equipment.
Answer : (C)
72. A(n) contains code intended to disrupt a computer, network, or Web site and is usually
hidden inside a popular program.
(B) PageRank
Answer : (A)
(A) virus
(D) backdoor
Answer : (A)
74. In the context of e-commerce transaction security measures, authentication is a critical factor
because it ensures that:
(B) the person using a credit card number is the card's legitimate owner.
Answer : (B)
(D) It needs the shared key to be a secret between the sender and the receiver.
Answer : (B)
Answer : (A)
Answer : (D)
78. In the context of intentional computer and network threats, a is a programming routine
built into a system by its designer or programmer to bypass system security and sneak back into the
system later to access programs or files.
(C) firewall
(D) backdoor
Answer : (D)
79. Similar to phishing, is directing Internet users to fraudulent Web sites with the intention of
stealing their personal information, such as Social Security numbers, passwords, bank account
numbers, and credit card numbers.
(A) sniffing
(B) screening
(C) pharming
(D) cybersquatting
Answer : (C)
80. In the context of the common intentional security threats, which of the following statements best
describes a worm?
(A) It travels from computer to computer in a network, but it does not usually erase data.
(C) It is a programming routine built into a system by its designer to bypass system security and
sneak back into the system later to access data.
(D) It floods a network or server with service requests to prevent legitimate users' access to the
system.
Answer : (A)
81. Which of the following security measures uses a physiological element that is unique to a person
and cannot be stolen, lost, copied, or passed on to others?
(A) They protect against external access, but they leave networks unprotected from internal
intrusions.
(B) They can identify attack signatures, trace patterns, and generate alarms for a network
administrator.
(C) They monitor network traffic and use the "prevent, detect, and react" approach to security.
Answer : (A)
83. A is a security threat that may launch a worm through a Trojan horse or launch a
denial-of-service attack at a targeted IP address.
Answer : (A)
84. uses a public key known to everyone and a private key known only to the recipient.
Answer : (B)