Chapter 8

Fault-tolerant computers contain redundant hardware, software, and power supply components.
– True
– False
True
An authentication token is a(n)
– device the size of a credit card that contains access permission data.
– type of smart card.
– gadget that displays passcodes.
– electronic marker attached to a digital authorization file.
gadget that displays passcodes
Specific security challenges that threaten the communications lines in a client/server environment include
– tapping; sniffing; message alteration; radiation.
– hacking; vandalism; denial of service attacks.
– theft, copying, alteration of data; hardware or software failure.
– unauthorized access; errors; spyware.
tapping; sniffing; message alteration; radiation.
Viruses can be spread through e-mail.
– True
– False
True
In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor’s site, a small program called Mitglieder was downloaded to the user’s machine. The program enabled outsiders to infiltrate the user’s machine. What type of malware is this an example of?
– Trojan horse
– virus
– worm
– spyware
Trojan horse
Application controls
– can be classified as input controls, processing controls, and output controls.
– govern the design, security, and use of computer programs and the security of data files in general throughout the organization.
– apply to all computerized applications and consist of a combination of hardware, software, and manual procedures that create an overall control environment.
– include software controls, computer operations controls, and implementation controls.
can be classified as input controls, processing controls, and output controls.
Specific security challenges that threaten corporate servers in a client/server environment include
– tapping; sniffing; message alteration; radiation.
– hacking; vandalism; denial of service attacks.
– theft, copying, alteration of data; hardware or software failure.
– unauthorized access; errors; spyware.
hacking; vandalism; denial of service attacks.
How do hackers create a botnet?
– by infecting Web search bots with malware
– by using Web search bots to infect other computers
– by causing other people’s computers to become “zombie” PCs following a master computer
– by infecting corporate servers with “zombie” Trojan horses that allow undetected access through a back door
by causing other people’s computers to become “zombie” PCs following a master computer
Online transaction processing requires
– more processing time.
– a large server network.
– fault-tolerant computer systems.
– dedicated phone lines.
fault-tolerant computer systems.
Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called
– sniffing
– social engineering
– phishing
– pharming
social engineering
NAT conceals the IP addresses of the organization’s internal host computers to deter sniffer programs.
– True
– False
True
SSL is a protocol used to establish a secure connection between two computers.
– True
– False
True
In which technique are network communications are analyzed to see whether packets are part of an ongoing dialogue between a sender and a receiver?
– stateful inspection
– intrusion detection system
– application proxy filtering
– packet filtering
stateful inspection
How do software vendors correct flaws in their software after it has been distributed?
– issue bug fixes
– issue patches
– re-release software
– issue updated versions
issue patches
Biometric authentication is the use of physical characteristics such as retinal images to provide identification.
– True
– False
False
Public key encryption uses two keys.
– True
– False
True
The Sarbanes-Oxley Act
– requires financial institutions to ensure the security of customer data.
– specifies best practices in information systems security and control.
– imposes responsibility on companies and management to safeguard the accuracy of financial information.
– outlines medical security and privacy rules.
imposes responsibility on companies and management to safeguard the accuracy of financial information.
Rigorous password systems
– are one of the most effective security tools.
– may hinder employee productivity.
– are costly to implement.
– are often disregarded by employees.
may hinder employee productivity.
The HIPAA Act of 1997
– requires financial institutions to ensure the security of customer data.
– specifies best practices in information systems security and control.
– imposes responsibility on companies and management to safeguard the accuracy of financial information.
– outlines medical security and privacy rules.
outlines medical security and privacy rules.
In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?
– SSL
– symmetric key encryption
– public key encryption
– private key encryption
symmetric key encryption
The most economically damaging kinds of computer crime are e-mail viruses.
– True
– False
False
An acceptable use policy defines the acceptable level of access to information assets for different users.
– True
– False
False
In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.
– high availability computing
– deep-packet inspection
– application proxy filtering
– stateful inspection
deep-packet inspection
________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.
– Stateful inspections
– Intrusion detection systems
– Application proxy filtering technologies
– Packet filtering technologies
Intrusion detection systems
Computers using cable modems to connect to the Internet are more open to penetration than those connecting via dial-up.
– True
– False
True
The Gramm-Leach-Bliley Act
– requires financial institutions to ensure the security of customer data.
– specifies best practices in information systems security and control.
– imposes responsibility on companies and management to safeguard the accuracy of financial information.
– outlines medical security and privacy rules.
requires financial institutions to ensure the security of customer data.
Downtime refers to periods of time in which a
– computer system is malfunctioning.
– computer system is not operational.
– corporation or organization is not operational.
– computer is not online.
computer system is not operational.
A firewall allows the organization to
– enforce a security policy on traffic between its network and the Internet.
– check the accuracy of all transactions between its network and the Internet.
– create an enterprise system on the Internet.
– check the content of all incoming and outgoing e-mail messages.
enforce a security policy on traffic between its network and the Internet.
Currently, the protocols used for secure information transfer over the Internet are
– TCP/IP and SSL.
– S-HTTP and CA.
– HTTP and TCP/IP.
– SSL, TLS, and S-HTTP.
SSL, TLS, and S-HTTP.
An analysis of the firm’s most critical systems and the impact a system’s outage would have on the business is included in a(n)
– security policy.
– AUP.
– risk assessment.
– business impact analysis.
business impact analysis.
The Internet poses specific security problems because
– it was designed to be easily accessible.
– everyone uses the Internet.
– Internet standards are universal.
– it changes so rapidly.
it was designed to be easily accessible
Most antivirus software is effective against
– only those viruses active on the Internet and through e-mail.
– any virus.
– any virus except those in wireless communications applications.
– only those viruses already known when the software is written.
only those viruses already known when the software is written.
In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor’s site, a small program called Mitglieder was downloaded to the user’s machine. The program enabled outsiders to infiltrate the user’s machine. What type of malware is this an example of?
– Trojan horse
– virus
– worm
– spyware
Trojan horse
Biometric authentication
– is inexpensive.
– is used widely in Europe for security applications.
– can use a person’s face as a unique, measurable trait.
– only uses physical traits as a measurement.
can use a person’s face as a unique, measurable trait.
Phishing is a form of
– spoofing.
– spinning.
– snooping.
– sniffing.
spoofing.
The potential for unauthorized access is usually limited to the communications lines of a network.
– True
– False
False
An independent computer program that copies itself from one computer to another over a network is called a
– worm.
– Trojan horse.
– bug.
– pest.
worm.
Viruses can be spread through e-mail.
– True
– False
True
Wireless networks are vulnerable to penetration because radio frequency bands are easy to scan.
– True
– False
True
Sobig.F and MyDoom.A are
– viruses that use Microsoft Outlook to spread to other systems.
– worms attached to e-mail that spread from computer to computer.
– multipartite viruses that can infect files as well as the boot sector of the hard drive.
– Trojan horses used to create bot nets.
worms attached to e-mail that spread from computer to computer.
In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?
– SSL
– symmetric key encryption
– public key encryption
– private key encryption
symmetric key encryption
Sniffers enable hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files, and confidential reports.
– True
– False
True
High-availability computing is also referred to as fault tolerance.
– True
– False
False
Computer worms spread much more rapidly than computer viruses.
– True
– False
True
The range of Wi-Fi networks can be extended up to two miles by using external antennae.
– True
– False
False
Specific security challenges that threaten clients in a client/server environment include
– tapping; sniffing; message alteration; radiation.
– hacking; vandalism; denial of service attacks.
– theft, copying, alteration of data; hardware or software failure.
– unauthorized access; errors; spyware.
unauthorized access; errors; spyware.
The WEP specification calls for an access point and its users to share the same 40-bit encrypted password.
– True
– False
True
________ controls ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage.
– Software
– Administrative
– Data security
– Implementation
Data security
Biometric authentication is the use of physical characteristics such as retinal images to provide identification.
– True
– False
False
Pharming involves
– redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.
– pretending to be a legitimate business’s representative in order to garner information about a security system.
– setting up fake Web sites to ask users for confidential information.
– using e-mails for threats or harassment.
redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.
SSL is a protocol used to establish a secure connection between two computers.
– True
– False
True
Fault-tolerant computers contain redundant hardware, software, and power supply components.
– True
– False
True
NAT conceals the IP addresses of the organization’s internal host computers to deter sniffer programs.
– True
– False
True
Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n)
– security policy.
– AUP.
– risk assessment.
– business impact analysis.
risk assessment.
In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.
– high availability computing
– deep-packet inspection
– application proxy filtering
– stateful inspection
deep-packet inspection
An authentication token is a(n)
– device the size of a credit card that contains access permission data.
– type of smart card.
– gadget that displays passcodes.
– electronic marker attached to a digital authorization file.
gadget that displays passcodes.
The Sarbanes-Oxley Act
– requires financial institutions to ensure the security of customer data.
– specifies best practices in information systems security and control.
– imposes responsibility on companies and management to safeguard the accuracy of financial information.
– outlines medical security and privacy rules.
imposes responsibility on companies and management to safeguard the accuracy of financial information.
Smaller firms can outsource security functions to
– MISs
– CSOs
– MSSPs
– CAs
MSSPs
A key logger is a type of
– worm.
– Trojan horse.
– virus.
– spyware.
spyware.
In which technique are network communications are analyzed to see whether packets are part of an ongoing dialogue between a sender and a receiver?
– stateful inspection
– intrusion detection system
– application proxy filtering
– packet filtering
stateful inspection