Chapter 4 Database

Package Title: Testbank Questions
Course Title: IS 5e
Chapter Number: 4
Question Type: True/False
1) Having one backup of your business data is sufficient for security purposes.
Answer: False
Title: Assessment Question 4.01

Learning Objective 1: LO 4.1 Identify the five factors that contribute to the increasing vulnerability of information
resources, providing an example for each.
Section Reference 1: Introduction to Information Security
Difficulty: Easy
2) The security of each computer on the Internet is independent of the security of all other computers on the Internet.
Answer: False

Difficulty: Easy
3) The computing skills necessary to be a hacker are decreasing.
Answer: True

Difficulty: Easy
4. Human errors cause more than half of the security-related problems in many organizations.
Answer: True

Learning Objective 1: LO 4.2 Compare and contrast human mistakes and social engineering, providing an example for
each.
Section Reference 1: Unintentional Threats to Information Systems
Difficulty: Easy
5) The higher the level of an employee in organization, the greater the threat that he or she poses to the organization.
Answer: True
each.
Difficulty: Easy
6) Dumpster diving is always illegal because it involves trespassing on private property.
Answer: False

Learning Objective 1: LO 4.3 Discuss the ten types of deliberate attacks.
Section Reference 1: Deliberate Threats to Information Systems
Difficulty: Easy
7) Software can be copyrighted.
Answer: True

Difficulty: Easy
8) Trojan horses are software programs that hide in other computer programs and reveal their designed behavior only
when they are activated.
Answer: True

Learning Objective 1: LO 4.3 Discuss the types of deliberate attacks.
Difficulty: Easy
9) Zero-day attacks use deceptive e-mails to acquire sensitive personal information.
Answer: False

Difficulty: Medium
10) In most cases, cookies track your path through Web sites and are therefore invasions of your privacy.
Answer: True

Difficulty: Easy
11) Cyberterrorism and cyberwarfare can attack supervisory control and data acquisition (SCADA) systems to cause
widespread physical damage.
Answer: True

Difficulty: Easy
12) Supervisory control and data acquisition (SCADA) systems require human data input.
Answer: False

Difficulty: Medium
13) Cyberterrorism is usually carried out by nations.
Answer: False

Difficulty: Easy
14) IT security is the responsibility of everyone in the organization.
Answer: True

Learning Objective 1: LO 4.4 Discuss the three risk mitigation strategies, providing an example for each in the context of
owning a home.
Section Reference 1: What Companies Are Doing to Protect Information Resources
Difficulty: Easy
15) Risk analysis involves determining whether security programs are working.
Answer: False

owning a home.
Difficulty: Medium
16) A password refers to “something the user is.”

Answer: False

Learning Objective 1: LO 4.5 Identify the three major types of controls that organizations can use to protect their
information resources, providing an example for each.
Section Reference 1: Information Security Controls
Difficulty: Easy
17) Organizations utilize layers of controls because they face so many diverse threats to information security.
Answer: True

Difficulty: Medium
18) Public-key encryption uses two different keys, one public and one private.
Answer: True

Difficulty: Medium
19) Voice recognition is an example of “something a user does” authentication.
Answer: True

Difficulty: Medium
20) Organizations use authentication to establish privileges to systems operations.
Answer: True

Difficulty: Medium
21) The area located between two firewalls within an organization is called the demilitarized zone.
Answer: True

Difficulty: Easy
22) A VPN is a network within the organization.
Answer: False

Difficulty: Easy
23) A URL that begins with https rather than http indicates that the site transmits using an extra layer of security called
transport layer security.
Answer: True

Difficulty: Easy
Question Type: Multiple Choice
24) Which of the following factors is not increasing the threats to information security?
a) smaller computing devices

b) downstream liability
c) the Internet
d) limited storage capacity on portable devices
e) due diligence
Answer: d

Difficulty: Medium
25) The computing skills necessary to be a hacker are decreasing for which of the following reasons?
a) More information systems and computer science departments are teaching courses on hacking so that their graduates
can recognize attacks on information assets.
b) Computer attack programs, called scripts, are available for download from the Internet.
c) International organized crime is training hackers.
d) Cybercrime is much more lucrative than regular white-collar crime.
e) Almost anyone can buy or access a computer today.
Answer: b

Difficulty: Hard
26) Rank the following in terms of dollar value of the crime, from highest to lowest.
a) robbery – white collar crime – cybercrime

b) white collar crime – extortion – robbery
c) cybercrime – white collar crime – robbery
d) cybercrime – robbery – white collar crime
e) white collar crime – burglary – robbery
Answer: c

Difficulty: Medium
27) A _____ is any danger to which an information resource may be exposed.
a) vulnerability
b) risk
c) control
d) threat
e) compromise
Answer: d

Difficulty: Easy
28) An information system’s _____ is the possibility that the system will be harmed by a threat.
a) vulnerability
b) risk
c) control
d) danger
e) compromise
Answer: a

Difficulty: Easy
29) The most overlooked people in information security are:
a) consultants and temporary hires.

b) secretaries and consultants.
c) contract laborers and executive assistants.
d) janitors and guards.
e) executives and executive secretaries.
Answer: d

each.
Difficulty: Easy
30) Employees in which functional areas of the organization pose particularly grave threats to information security?
a) human resources, finance

b) human resources, management information systems
c) finance, marketing
d) operations management, management information systems
e) finance, management information systems
Answer: b

each.
Difficulty: Easy
31) Unintentional threats to information systems include all of the following except:
a) malicious software
b) tailgating
c) power outage
d) lack of user experience
e) tornados
Answer: a
each.
Difficulty: Medium
32) _____ involves building an inappropriate trust relationship with employees for the purpose of gaining sensitive
information or unauthorized access privileges.
a) Tailgating
b) Hacking
c) Spoofing
d) Social engineering
e) Spamming
Answer: d

each.
Difficulty: Easy
33) The cost of a stolen laptop includes all of the following except:
a) Loss of intellectual property

b) Loss of data
c) Backup costs
d) Loss of productivity
e) Replacement cost
Answer: c

Difficulty: Easy
34) Dumpster diving is:
a) always illegal because it is considered trespassing.

b) never illegal because it is not considered trespassing.
c) typically committed for the purpose of identity theft.
d) always illegal because individuals own the material in the dumpster.
e) always legal because the dumpster is not owned by private citizens.
Answer: c

Difficulty: Medium
35) Cybercriminals can obtain the information they need in order to assume another person’s identity by:
a) Infiltrating an organization that stores large amounts of personal information.

b) Phishing.
c) Hacking into a corporate database.
d) Stealing mail.
e) All of the above are strategies to obtain information to assume another person’s identity.
Answer: e

Difficulty: Easy
36) A _____ is intellectual work that is known only to a company and is not based on public information.
a) copyright
b) patent
c) trade secret
d) knowledge base
e) private property
Answer: c

Learning Objective 1: LO 4.3 Discuss the nine types of deliberate attacks.
Difficulty: Easy
37) A pharmaceutical company’s research and development plan for a new class of drugs would be best described as
which of the following?
a) Copyrighted material
b) Patented material
c) A trade secret
d) A knowledge base
e) Public property
Answer: c

Difficulty: Easy
38) A _____ is a document that grants the holder exclusive rights on an invention for 20 years.
a) copyright
b) patent
c) trade secret
d) knowledge base
e) private property notice
Answer: b

Difficulty: Easy
39) An organization’s e-mail policy has the least impact on which of the following software attacks?
a) virus
b) worm
c) phishing
e) zero-day
e) spear phishing
Answer: d

Difficulty: Hard
40) _____ are segments of computer code that attach to existing computer programs and perform malicious acts.
a) Viruses
b) Worms
c) Trojan horses
d) Back doors
e) Logic bombs
Answer: a

Difficulty: Easy
41) _____ are software programs that hide in other computer programs and reveal their designed behavior only when they
are activated.
a) Viruses
b) Worms
c) Trojan horses
d) Back doors
e) Logic bombs
Answer: e

Difficulty: Easy
42) _____ are segments of computer code embedded within an organization’s existing computer programs that activate
and perform a destructive action at a certain time or date.
a) Viruses
b) Worms
c) Trojan horses
d) Back doors
e) Logic bombs
Answer: e

Difficulty: Easy
43) A _____ attack uses deception to fraudulently acquire sensitive personal information by masquerading as an official e-
mail.
a) Zero-day
b) Denial-of-service
c) Distributed denial-of-service
d) Phishing
e) Brute force dictionary
Answer: d

Difficulty: Easy
44) In a _____ attack, a coordinated stream of requests is launched against a target system from many compromised
computers at the same time.
a) phishing
b) zero-day
c) worm
d) back door
e) distributed denial-of-service
Answer: e

Difficulty: Easy
45) The term _____ refers to clandestine software that is installed on your PC through duplicitous channels but is not
particularly malicious.
a) Alien software
b) Virus
c) Worm
d) Back door
e) Logic bomb
Answer: a

Difficulty: Easy
46) Which of the following is(are) designed to use your computer as a launch pad for sending unsolicited e-mail to other
computers?
a) Spyware
b) Spamware
c) Adware
d) Viruses
e) Worms
Answer: b

Difficulty: Easy
47) When companies attempt to counter _____ by requiring users to accurately select characters in turn from a series of
boxes, attackers respond by using _____.
a) keyloggers, screen scrapers

b) screen scrapers, uninstallers
c) keyloggers, spam
d) screen scrapers, keyloggers
e) spam, keyloggers
Answer: a

Difficulty: Medium
48) _____ is the process in which an organization assesses the value of each asset being protected, estimates the
probability that it will be compromised, and compares the probable costs of an attack with the costs of protecting the
asset.
a) Risk management
b) Risk analysis
c) Risk mitigation
d) Risk acceptance
e) Risk transference
Answer: b

owning a home.
Difficulty: Easy
49) Which of the following statements is false?
a) Credit card companies usually block stolen credit cards rather than prosecute.
b) People tend to shortcut security procedures because the procedures are inconvenient.
c) It is easy to assess the value of a hypothetical attack.
d) The online commerce industry isn’t willing to install safeguards on credit card transactions.
e) The cost of preventing computer crimes can be very high.
Answer: c

owning a home.
Difficulty: Easy
50) In _____, the organization takes concrete actions against risks.
a) risk management
b) risk analysis
c) risk mitigation
d) risk acceptance
e) risk transference
Answer: c

owning a home.
Difficulty: Easy
51) Which of the following is not a strategy for mitigating the risk of threats against information?
a) Continue operating with no controls and absorb any damages that occur
b) Transfer the risk by purchasing insurance.
c) Implement controls that minimize the impact of the threat
d) Install controls that block the risk.
e) All of the above are strategies for mitigating risk.
Answer: e

owning a home.
Difficulty: Easy
52) In _____, the organization purchases insurance as a means to compensate for any loss.
a) risk management
b) risk analysis
c) risk mitigation
d) risk acceptance
e) risk transference
Answer: e

owning a home.
Difficulty: Easy
53) Which of the following statements concerning the difficulties in protecting information resources is not correct?
a) Computing resources are typically decentralized.

b) Computer crimes often remain undetected for a long period of time.
c) Rapid technological changes ensure that controls are effective for years.
d) Employees typically do not follow security procedures when the procedures are inconvenient.
e) Computer networks can be located outside the organization.
Answer: c

owning a home.
Difficulty: Medium
54) _____ controls are concerned with user identification, and they restrict unauthorized individuals from using
information resources.
a) Access
b) Physical
c) Data security
d) Administrative
e) Input
Answer: a

Difficulty: Easy
55) Access controls involve _____ before _____.
a) biometrics, signature recognition

b) authentication, authorization
c) iris scanning, voice recognition
d) strong passwords, biometrics
e) authorization, authentication
Answer: b

Difficulty: Easy
56) Biometrics are an example of:
a) something the user is.

b) something the user wants.
c) something the user has.
d) something the user knows.
e) something the user does.
Answer: a

Difficulty: Easy
57) Voice and signature recognition are examples of:

Answer: e

Difficulty: Easy
58) Passwords and passphrases are examples of:

Answer: e

Difficulty: Easy
59) Which of the following is not a characteristic of strong passwords?
a) They are difficult to guess.

b) They contain special characters.
c) They are not a recognizable word.
d) They are not a recognizable string of numbers
e) They tend to be short so they are easy to remember.
Answer: e

Difficulty: Medium
60) Which of the following is not an example of a weak password?
a) IloveIT
b) 08141990
c) 9AmGt/*
d) Rainer
e) InformationSecurity
Answer: c

Difficulty: Medium
61) Bob is using public key encryption to send a message to Ted. Bob encrypts the message with Ted’s _____ key, and
Ted decrypts the message using his _____ key.
a) public, public
b) public, private
c) private, private
d) private, public
e) none of these
Answer: b

Difficulty: Medium
62) Which of the following statements concerning firewalls is not true?
a) Firewalls prevent unauthorized Internet users from accessing private networks.

b) Firewalls examine every message that enters or leaves an organization’s network.
c) Firewalls filter network traffic according to categories of activities that are likely to cause problems.
d) Firewalls filter messages the same way as anti-malware systems do.
e) Firewalls are sometimes located inside an organization’s private network.
Answer: d

Difficulty: Medium
63) In a process called _____, a company allows nothing to run unless it is approved, whereas in a process called _____,
the company allows everything to run unless it is not approved.
a) whitelisting, blacklisting
b) whitelisting, encryption
c) encryption, whitelisting
d) encryption, blacklisting
e) blacklisting, whitelisting
Answer: a

Difficulty: Medium
64) Organizations use hot sites, warm sites, and cold sites to insure business continuity. Which of the following statements
is not true?
a) A cold site has no equipment.

b) A warm site has no user workstations.
c) A hot site needs to be located close to the organization’s offices.
d) A hot site duplicates all of the organization’s resources.
e) A warm site does not include actual applications.
Answer: c

Difficulty: Easy
Question Type: Essay
65) Compare trade secrets, patents, and copyrights as forms of intellectual property.
Answer:

Difficulty: Medium
66) Contrast unintentional and deliberate threats to an information resource. Provide examples of both.
Answer:

each.
Difficulty: Medium
67) Contrast the following types of remote attacks: virus, worm, phishing, and spear phishing.
Answer:

Difficulty: Medium
68) Contrast the following types of attacks created by programmers: Trojan horse, back door, and logic bomb
Answer:

Difficulty: Medium
69) Contrast spyware and spamware.
Answer:

Difficulty: Easy
70) Contrast risk acceptance, risk limitation, and risk transference.
Answer:

owning a home.
Difficulty: Medium
71) Describe public key encryption.
Answer:

Difficulty: Medium
72) Compare a hot site, a warm site, and a cold site as strategies for business continuity.
Answer:

Difficulty: Medium
73) Contrast the four types of authentication.
Answer:

Difficulty: Medium
74) Identify and discuss the factors that are contributing to the increasing vulnerability of organizational information
assets.
Answer:

Difficulty: Hard
75) Define identity theft, and explain the types of problems that it creates for the victims.
Answer:

Learning Objective 1: LO 4.3 Discuss the nine types of deliberate attacks.
Difficulty: Medium
76) Discuss the possible consequences of a terrorist attack on a supervisory control and data acquisition (SCADA) system.
Answer:

Difficulty: Hard
77) Define the principle of least privilege, and consider how an organization’s senior executives might view the
application of this principle.
Answer:

Difficulty: Hard
78) Explain why anti-malware software is classified as reactive.
Answer:

Difficulty: Hard
79) Describe how a digital certificate works.
Answer:

Difficulty: Hard
Question Type: True/False
80) You start a dog-walking service, and you store your client’s records on your cell phone. You don’t need to worry
about information security.
Answer: False

Difficulty: Easy
Question Type: Multiple Choice
81) Your company’s headquarters was just hit head on by a hurricane, and the building has lost power. The company
sends you to their hot site to minimize downtime from the disaster. Which of the following statements is true?
a) The site will not have any servers.

b) The site will not have any workstations, so you need to bring your laptop.
c) The site is probably in the next town.
d) The site should be an almost exact replica of the IT configuration at headquarters.
e) The site will not have up-to-date data.
Answer: d

Difficulty: Medium
82) You receive an e-mail from your bank informing you that they are updating their records and need your password.
Which of the following statements is true?
a) The message could be an industrial espionage attack.

b) The message could be a phishing attack.
c) The message could be a denial of service attack.
d) The message could be a back door attack.
e) The message could be a Trojan horse attack.
Answer: b

Difficulty: Medium
83) You start a new job, and the first thing your new company wants you to do is create a user ID and a password. Which
of the following would be a strong password?
a) The name of the company

b) Your last name
c) Your birthdate
d) Your initials (capitalized) and the number of the floor you are on
e) The name of the company spelled backward
Answer: e

Difficulty: Medium
84) You start a new job, and human resources gives you a ten-page document that outlines the employee responsibilities
for information security. Which of the following statements is most likely to be true?
a) The document recommends that login passwords be left on a piece of paper in the center desk drawer so that others can
use the laptop if necessary.
b) You are expected to read the document, and you could be reprimanded if you don’t follow its guidelines.
c) You can back up sensitive data to a thumb drive so you can take them home to work with.
d) The document indicates that you can leave your laptop unlocked if you leave your desk for less than an hour.
e) The document permits you to lend your laptop to your brother for the weekend.
Answer: b

Difficulty: Easy
Question Type: Essay
85) Tim ventured out into the world of retail by renting a cart at a local mall. His product is personalized coffee mugs. He
uses his laptop to track sales and to process credit card sales. He has a customer mailing list that is updated by customers
on the laptop as well. At the end of each day, Tim backs up all of his data to a thumb drive and puts the drive into the
laptop case with the laptop. Discuss Tim’s information security strategy.
Answer:
Difficulty: Medium

Chapter 4 Database

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Chapter 4 Database

Uploaded by

Copyright:

Available Formats

Package Title: Testbank Questions

Question Type: True/False

Title: Assessment Question 4.01

Title: Assessment Question 4.02

3) The computing skills necessary to be a hacker are decreasing.

Title: Assessment Question 4.03

Title: Assessment Question 4.04

6) Dumpster diving is always illegal because it involves trespassing on private property.

Title: Assessment Question 4.06

7) Software can be copyrighted.

Title: Assessment Question 4.07

Title: Assessment Question 4.08

9) Zero-day attacks use deceptive e-mails to acquire sensitive personal information.

Title: Assessment Question 4.09

Title: Assessment Question 4.10

Title: Assessment Question 4.11

Title: Assessment Question 4.12

13) Cyberterrorism is usually carried out by nations.

Title: Assessment Question 4.13

14) IT security is the responsibility of everyone in the organization.

Title: Assessment Question 4.14

Title: Assessment Question 4.15

16) A password refers to “something the user is.”

Title: Assessment Question 4.16

Title: Assessment Question 4.17

Title: Assessment Question 4.18

19) Voice recognition is an example of “something a user does” authentication.

Title: Assessment Question 4.19

20) Organizations use authentication to establish privileges to systems operations.

Title: Assessment Question 4.20

Title: Assessment Question 4.21

22) A VPN is a network within the organization.

Title: Assessment Question 4.22

Title: Assessment Question 4.23

Question Type: Multiple Choice

a) smaller computing devices

Title: Assessment Question 4.24

Title: Assessment Question 4.25

a) robbery – white collar crime – cybercrime

Title: Assessment Question 4.26

27) A _____ is any danger to which an information resource may be exposed.

Title: Assessment Question 4.27

Title: Assessment Question 4.28

29) The most overlooked people in information security are:

a) consultants and temporary hires.

Title: Assessment Question 4.29

a) human resources, finance

Title: Assessment Question 4.30

Title: Assessment Question 4.32

a) Loss of intellectual property

Title: Assessment Question 4.33

34) Dumpster diving is:

a) always illegal because it is considered trespassing.

Title: Assessment Question 4.34

a) Infiltrating an organization that stores large amounts of personal information.

Title: Assessment Question 4.35

Title: Assessment Question 4.36

Title: Assessment Question 4.37

Title: Assessment Question 4.38

Title: Assessment Question 4.39

Title: Assessment Question 4.40

Title: Assessment Question 4.41

Title: Assessment Question 4.42

55) Access controls involve _ before _.