Professional Documents
Culture Documents
9781285836454
TRUE/FALSE
1. Phishing is different from pharming as phishing usually involves hijacking an official Web site address
by hacking a Domain Name System server.
Answer: False
Chapter Learning Outcome: 5.1: Describe information technologies that could be used in computer
crimes.
Topic: Risks Associated With Information Technologies
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 86
Feedback: The difference between phishing and pharming is that pharmers usually hijack an official Web
site address by hacking a Domain Name System server, then alter the legitimate Web site IP address so
that users who enter the correct Web address are directed to the pharmers’s fraudulent Web site.
2. Spoofing is sending fraudulent e-mails that seem to come from legitimate sources, such as a bank or
university.
Answer: False
Chapter Learning Outcome: 5.1: Describe information technologies that could be used in computer
crimes.
Topic: Risks Associated with Information Technologies
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 86
Feedback: Phishing is sending fraudulent e-mails that seem to come from legitimate sources, such as a
bank or university. Spoofing is an attempt to gain access to a network by posing as an authorized user in
order to find sensitive information, such as passwords and credit card information.
3. Keystroke loggers can be used for malicious purposes, such as collecting the credit card numbers that
users enter while shopping online.
Answer: True
Chapter Learning Outcome: 5.1: Describe information technologies that could be used in computer
crimes.
Topic: Risks Associated With Information Technologies
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 86
Feedback: Keystroke loggers can be used for malicious purposes, such as collecting the credit card
numbers that users enter while shopping online.
4. Confidentiality, integrity, and availability are collectively referred to as the CIA triangle.
Answer: True
Chapter Learning Outcome: 5.2: Describe basic safeguards in computer and network security.
Topic: Computer and Network Security: Basic Safeguards
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 89
Feedback: There are three important aspects of computer and network security: confidentiality, integrity,
and availability, collectively referred to as the CIA triangle.
5. Part of ensuring integrity is identifying authorized users and granting them access privileges.
Answer: True
Chapter Learning Outcome: 5.2: Describe basic safeguards in computer and network security.
Topic: Computer and Network Security: Basic Safeguards
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 89
Feedback: Part of ensuring integrity is identifying authorized users and granting them access privileges.
6. Level 1 security protects the back-end systems to ensure confidentiality, accuracy, and integrity of data.
Answer: False
Chapter Learning Outcome: 5.2: Describe basic safeguards in computer and network security.
Topic: Computer and Network Security: Basic Safeguards
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 89
Feedback: Level 2 security protects the back-end systems to ensure confidentiality, accuracy, and
integrity of data. Level 1 security protects front-end servers.
7. If a drive in a redundant array of independent disks (RAID) system fails, data stored on it can be
reconstructed from data stored on the remaining drives.
Answer: True
Chapter Learning Outcome: 5.2: Describe basic safeguards in computer and network security.
Topic: Computer and Network Security: Basic Safeguards
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 90
Feedback: If a drive in a redundant array of independent disks (RAID) system fails, data stored on it can
be reconstructed from data stored on the remaining drives. RAID systems vary in cost, performance, and
reliability.
8. When using mirror disks, if one of the two disks containing the same data fails, the other disk also fails.
Answer: False
Chapter Learning Outcome: 5.2: Describe basic safeguards in computer and network security.
Topic: Computer and Network Security: Basic Safeguards
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 90
Feedback: When using mirror disks, if one of the two disks containing the same data fails, the other is
available, allowing operations to continue.
Answer: False
Chapter Learning Outcome: 5.3: Explain the major security threats.
Topic: Security Threats: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 90
Feedback: Social engineering is an example of an intentional security threat.
10. When a program containing a virus is used, the virus attaches itself to other files, and the cycle
continues.
Answer: True
Chapter Learning Outcome: 5.3: Explain the major security threats.
Topic: Security Threats: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 90
Feedback: When a program or operating system containing a virus is used, the virus attaches itself to
other files, and the cycle continues.
11. Viruses can only be transmitted through sharing of infected files directly from one computer to
another.
Answer: False
Chapter Learning Outcome: 5.3: Explain the major security threats.
Topic: Security Threats: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 91
Feedback: Viruses can be transmitted through a network or through e-mail attachments.
Answer: False
Chapter Learning Outcome: 5.3: Explain the major security threats.
Topic: Security Threats: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 92
Feedback: Trojan programs can erase data and wreak havoc on computers and networks, but they do not
replicate themselves, as viruses and worms do.
13. A distributed denial-of-service (DDoS) attack involves hundreds of computers working together to
bombard a Web site with thousands of requests for information in a short period.
Answer: True
Chapter Learning Outcome: 5.3: Explain the major security threats.
Topic: Security Threats: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 92
Feedback: A distributed denial-of-service (DDoS) attack occurs when hundreds or thousands of
computers work together to bombard a Web site with thousands of requests for information in a short
period, causing it to grind to a halt.
14. Social engineering is an attack that takes advantage of the backdoors in security systems.
Answer: False
Chapter Learning Outcome: 5.3: Explain the major security threats.
Topic: Security Threats: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 93
Feedback: In the context of security, social engineering means using “people skills”—such as being a
good listener and assuming a friendly, unthreatening air—to trick others into revealing private
information. This is an attack that takes advantage of the human element of security systems.
15. In the context of security, social engineering protects the integrity of information resources.
Answer: False
Chapter Learning Outcome: 5.3: Explain the major security threats.
Topic: Security Threats: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 93
Feedback: Social engineers use the private information they have gathered to break into servers and
networks and steal data, thus compromising the integrity of information resources.
Answer: True
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 94
Feedback: Hand geometry is an example of a biometric security measure.
17. After examining an incoming packet, a firewall cannot reject that packet.
Answer: False
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 96
Feedback: Information being transmitted is stored in what’s called a packet, and after examining a packet,
a firewall can reject the incoming packet.
Answer: False
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 96
Feedback: Application-filtering firewalls are generally more secure and flexible than packet-filtering
firewalls, but they are also more expensive.
19. A proxy server is often used to help protect the network against unauthorized access from outside the
network by hiding the network addresses of internal systems.
Answer: True
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 97
Feedback: A proxy server is often used to help protect the network against unauthorized access from
outside the network by hiding the network addresses of internal systems.
20. An intrusion detection system (IDS) can protect networks against both external and internal access.
Answer: True
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 97
Feedback: An intrusion detection system (IDS) can protect against both external and internal access.
21. An intrusion detection system (IDS) cannot prevent denial-of-service (DoS) attacks.
Answer: False
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 97
Feedback: An intrusion detection system (IDS) can prevent denial-of-service (DoS) attacks. It monitors
network traffic and uses the “prevent, detect, and react” approach to security.
22. Corner bolts are an expensive way to secure a computer to a desktop or a counter.
Answer: False
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 98
Feedback: Corner bolts are an inexpensive way to secure a computer to a desktop or counter. These often
have locks as an additional protection against theft.
23. Terminal resource security is a software feature that erases the screen and signs the user off
automatically after a specified length of inactivity.
Answer: True
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 99
Feedback: Terminal resource security is a software feature that erases the screen and signs the user off
automatically after a specified length of inactivity.
Answer: True
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 99
Feedback: To increase the effectiveness of passwords, they should be made eight characters or longer.
25. The cost of setting up a virtual private network (VPN) is usually high.
Answer: False
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 100
Feedback: The cost of setting up a virtual private network (VPN) is usually low, but transmission speeds
can be slow, and lack of standardization can be a problem.
26. Data encryption transforms data into a scrambled form called ciphertext.
Answer: True
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 100
Feedback: Data encryption transforms data, called plaintext or cleartext, into a scrambled form called
ciphertext that cannot be read by others.
27. The main advantage of asymmetric encryption is that it is faster and requires only a small amount of
processing power.
Answer: False
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 101
Feedback: The main drawback of asymmetric encryption is that it is slower and requires a large amount
of processing power.
Answer: False
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 101
Feedback: Asymmetric encryption is also called public key encryption. Symmetric encryption is also
called secret key encryption.
29. In symmetric encryption, the same key is used to encrypt and decrypt a message.
Answer: True
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 101–102
Feedback: In symmetric encryption, the same key is used to encrypt and decrypt a message. The sender
and receiver must agree on the key and keep it secret.
Answer: False
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Guidelines for a Comprehensive Security System
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 104
Feedback: Backup facilities can be shared to reduce costs.
MULTIPLE CHOICE
1. _____ can interfere with users’ control of their computers, through such methods as installing
additional software and redirecting Web browsers.
a. Kernels c. Cookies
b. Spyware d. Log files
Answer: B
Chapter Learning Outcome: 5.1: Describe information technologies that could be used in computer
crimes.
Topic: Risks Associated with Information Technologies
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 86
Feedback: Spyware can interfere with users’ control of their computers, through such methods as
installing additional software and redirecting Web browsers.
5. In the context of computer and network security, _____ means that a system must not allow the
disclosing of information by anyone who is not authorized to access it.
a. validity c. integrity
b. confidentiality d. availability
Answer: B
Chapter Learning Outcome: 5.2: Describe basic safeguards in computer and network security.
Topic: Computer and Network Security: Basic Safeguards
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 89
Feedback: Confidentiality means that a system must not allow the disclosing of information by anyone
who is not authorized to access it.
6. In the context of computer and network security, _____ refers to the accuracy of information resources
within an organization.
a. validity c. integrity
b. confidentiality d. availability
Answer: C
Chapter Learning Outcome: 5.2: Describe basic safeguards in computer and network security.
Topic: Computer and Network Security: Basic Safeguards
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 89
Feedback: Integrity refers to the accuracy of information resources within an organization. In other
words, the security system must not allow data to be corrupted or allow unauthorized changes to a
corporate database.
7. In the context of computer and network security, _____ means that computers and networks are
operating and authorized users can access the information they need.
a. validity c. integrity
b. confidentiality d. availability
Answer: D
Chapter Learning Outcome: 5.2: Describe basic safeguards in computer and network security.
Topic: Computer and Network Security: Basic Safeguards
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 89
Feedback: Availability means that computers and networks are operating and authorized users can access
the information they need. It also means a quick recovery in the event of a system failure or disaster.
12. A (n) _____ travels from computer to computer in a network, but it does not usually erase data.
a. Trojan program c. applet
b. worm d. backdoor
Answer: B
Chapter Learning Outcome: 5.3: Explain the major security threats.
Topic: Security Threats: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 91
Feedback: A worm travels from computer to computer in a network, but it does not usually erase data.
14. A _____ is a programming routine built into a system by its designer or programmer.
a. logic bomb c. virus
b. worm d. backdoor
Answer: A
Chapter Learning Outcome: 5.3: Explain the major security threats.
Topic: Security Threats: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 92
Feedback: A backdoor (also called a trapdoor) is a programming routine built into a system by its
designer or programmer. This routine enables the designer or programmer to bypass system security and
sneak back into the system later to access programs or files.
15. A _____ attack floods a network or server with service requests to prevent legitimate users’ access to
the system.
a. social engineering c. backdoor
b. denial-of-service d. phishing
Answer: B
Chapter Learning Outcome: 5.3: Explain the major security threats.
Topic: Security Threats: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 92
Feedback: A denial-of-service (DoS) attack floods a network or server with service requests to prevent
legitimate users’ access to the system.
21. A _____ is the software that acts as an intermediary between two systems.
a. database c. proxy server
b. backdoor d. Trojan program
Answer: C
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 96
Feedback: A proxy server is the software that acts as an intermediary between two systems—between
network users and the Internet, for example.
22. _____ are usually placed in front of a firewall and can identify attack signatures and trace patterns.
a. Intrusion detection systems c. Physical security measures
b. Proxy servers d. Biometric security measures
Answer: A
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 97
Feedback: An intrusion detection system (IDS) can protect against both external and internal access. It is
usually placed in front of a firewall and can identify attack signatures, trace patterns, generate alarms for
the network administrator, and cause routers to terminate connections with suspicious sources.
23. _____ security measures primarily control access to computers and networks, and they include
devices for securing computers and peripherals from theft.
a. Nonbiometric c. Biometric
b. Physiological d. Physical
Answer: D
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 97
Feedback: Physical security measures primarily control access to computers and networks, and they
include devices for securing computers and peripherals from theft.
25. Which of the following is a type of access control used to protect systems from unauthorized access?
a. Steel encasements c. Firewalls
b. Passwords d. Identification badges
Answer: B
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 99
Feedback: The two widely used access controls are terminal resource security and passwords.
26. A(n) _____ is often used, so remote users have a secure connection to an organization’s network.
a. biometric security system c. virtual private network
b. intrusion detection system d. terminal resource network
Answer: C
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 100
Feedback: A virtual private network (VPN) provides a secure tunnel through the Internet for transmitting
messages and data via a private network. It is often used so remote users have a secure connection to the
organization’s network.
27. Data sent through a virtual private network (VPN) can be encrypted using the _____ protocol.
a. User Datagram c. Secured Sockets layer
b. Transmission Control d. Layer Two Tunneling
Answer: D
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 100
Feedback: Data is encrypted before it is sent through the virtual private network (VPN) with a protocol,
such as Layer Two Tunneling Protocol (L2TP) or Internet Protocol Security (IPSec).
28. Which of the following forms of text used in an encryption algorithm is unreadable without a
decryption key?
a. Plaintext c. Codetext
b. Cleartext d. Ciphertext
Answer: D
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 100
Feedback: Data encryption transforms data, called plaintext or cleartext, into a scrambled form called
ciphertext that cannot be read by others. The receiver then unscrambles the data by using a decryption
key.
29. _____ is a commonly used encryption protocol that manages transmission security on the Internet.
a. Applications Layer c. Transmission Control Protocol
b. Secure Sockets Layer d. User Datagram Protocol
Answer: B
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Difficulty Level: Easy
Page: 101
Feedback: A commonly used encryption protocol is Secure Sockets layer (SSL), which manages
transmission security on the Internet.
30. _____ ensures data security and integrity over public networks, such as the Internet.
a. Transport Layer Security c. Transmission Control Protocol
b. Terminal Resource Security d. User Datagram Protocol
Answer: A
Chapter Learning Outcome: 5.4: Describe security and enforcement measures.
Topic: Security Measures and Enforcement: An Overview
BUSPROG: Technology
Bloom’s: Remember
Another random document with
no related content on Scribd:
PLEASE READ THIS BEFORE YOU DISTRIBUTE OR USE THIS WORK
1.D. The copyright laws of the place where you are located also
govern what you can do with this work. Copyright laws in most
countries are in a constant state of change. If you are outside the
United States, check the laws of your country in addition to the terms
of this agreement before downloading, copying, displaying,
performing, distributing or creating derivative works based on this
work or any other Project Gutenberg™ work. The Foundation makes
no representations concerning the copyright status of any work in
any country other than the United States.
• You pay a royalty fee of 20% of the gross profits you derive from
the use of Project Gutenberg™ works calculated using the
method you already use to calculate your applicable taxes. The
fee is owed to the owner of the Project Gutenberg™ trademark,
but he has agreed to donate royalties under this paragraph to
the Project Gutenberg Literary Archive Foundation. Royalty
payments must be paid within 60 days following each date on
which you prepare (or are legally required to prepare) your
periodic tax returns. Royalty payments should be clearly marked
as such and sent to the Project Gutenberg Literary Archive
Foundation at the address specified in Section 4, “Information
about donations to the Project Gutenberg Literary Archive
Foundation.”
• You comply with all other terms of this agreement for free
distribution of Project Gutenberg™ works.
1.F.
1.F.4. Except for the limited right of replacement or refund set forth in
paragraph 1.F.3, this work is provided to you ‘AS-IS’, WITH NO
OTHER WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR ANY PURPOSE.
Please check the Project Gutenberg web pages for current donation
methods and addresses. Donations are accepted in a number of
other ways including checks, online payments and credit card
donations. To donate, please visit: www.gutenberg.org/donate.
Most people start at our website which has the main PG search
facility: www.gutenberg.org.