978-0133577396 Chapter 12

Unlock access to all the studying documents.

View Full Document

Fluency with Information Technology, 6e (Snyder)

Chapter 12 Privacy and Digital Security: Shhh, It’s a Secret

12.1 True/False Questions

1) Information is generated when buying goods and services at a store.

2) The vast majority of business transactions are anonymous.

3) American privacy laws are much stricter than European laws.

4) The United States has not adopted the OECD principles.

5) Viruses are often distributed through email attachments.

6) The United States provides limited enforcement of OECD privacy principles.

7) A company can place a cookie on your computer even if you’ve never visited its Web site.

8) A third-party cookie is initiated by a direct request by the user.

9) Cookies can be used to track your online travels using ad placement on various Web sites.

10) In contrast to the “omnibus” solution of adopting the OECD list, the United States uses an

approach called “sectoral,” meaning that it passes laws to deal with specific industries (business

sectors) or practices.

11) Messages encrypted using a public key RSA129 cryptosystem code have not yet been

cracked.

12) The Do-Not-Call List was so successful that it has now been applied to email.

13) Identity theft is the crime of posing as someone else for fraudulent purposes.

14) Partial backups should be made more often than full backups.

15) Emptying the trash is no guarantee that the data has been erased.

16) Laws in Hong Kong controlling the use of transaction information are stricter than those in

the United States.

17) The difference between a worm and a virus is that the worm program “rides along” with

other software, while the virus can actually send itself to other devices on the Internet.

18) Hyperlinks have two parts: the part you read and the part the computer reads–the actual place

you will go to when you click the link.

19) Non-EU countries that want information on EU citizens must show that they have privacy

laws consistent with the OECD principles.

20) “Opt-in” means the business can use it unless the person explicitly prohibits the new use.

21) Modern browsers let you control the cookie policy for your computer.

22) In the United States, the protection of an individual’s privacy is the responsibility of the

government.

23) The purpose of encryption is to allow private transmission and storage of sensitive

information.

24) Americans’ legal access to a free credit check to learn their “credit score” and check for

errors applies the Fair Information Practices Guideline points of Purpose and of Security.

25) Personal computers can only be backed up to another hard disk.

26) Cell phones can be used to track a user’s location, even if the GPS is turned off.

1) European privacy standards are closest to the policy called:

A) No uses

B) Approval

C) Objection

D) No limits

2) American privacy standards are closest to the policy called:

A) No uses

B) Approval

C) Objection

D) No limits

3) The accuracy of personal information is the responsibility of the:

A) data controller

B) individual

C) data collector

D) business or government

4) The person in charge of privacy policies and communication with individuals regarding their

privacy is a:

A) data controller

B) CIO

C) database developer

D) CEO

5) Personal information can be tracked by all of the following except:

A) cookies

B) cell phone use

C) IP addresses

D) chip ID numbers

6) If you disable the cookies on your computer:

A) you won’t be able to perform most online transactions

B) normal Web interaction will be more difficult

C) all cookies, including third-party cookies, will be blocked

D) all of the above

7) Spyware:

A) is illegal

B) is software that snoops private information

C) cannot be installed without the computer user’s permission

D) all of the above

8) The RSA public key cryptosystem relies on:

A) prime numbers

B) trapdoors

C) key escrow

D) all of the above

9) Cookies:

A) are stored on a client and sent back to a server

B) are stored on a server for use by a client

C) are placed on a server by a client

D) cannot be removed from a client’s computer

10) Backups on your personal computer:

A) aren’t needed

B) should be done daily

C) should follow the same pattern of backups that business systems use

D) are just as essential to a personal system as a business system

11) Personal backups are not critical for:

A) software programs

B) information that has been backed up but not changed

C) unimportant files

D) all of the above

12) The most important consideration in a disaster recovery plan is to:

A) have a backup of your data

B) always print your files

C) never trust the computer to store your files

D) all of the above

13) Which activity creates an unnecessary risk of being hacked?

A) sending information to a Web site that doesn’t use encryption

B) clicking on a bank’s URL instead of typing it in

C) using email to respond to requests for personal information

D) all of the above

14) The OCED privacy principles were developed in:

A) 1949

B) 1960

C) 1980

D) 2001

15) Which OCED principle states that personal data should be protected by reasonable security

measures against risks of disclosure, unauthorized access, misuse, modification, destruction, or

loss?

A) Security Principle

B) Use Limitation Principle

C) Limited Collection Principle

D) Openness Principle

16) A cookie contains information stored in:

A) one byte

B) eight bytes

C) seven fields

D) a database

17) The crime of posing as someone else for fraudulent purposes is known as:

A) identity theft

B) privacy theft

C) cookie grabbing

D) unauthorized encryption

18) A combination of encryption and decryption methods is a:

A) secure transaction

B) cookie

C) cryptosystem

D) digital encryption

19) Which of the following may result from malware?

A) contents erased on the hard drive

B) spam sent from your computer

C) secure information obtained from your computer

D) all of the above

20) When the Send button is clicked to send an email:

A) the sender retains full control over the message

B) two copies of the message are produced

C) the message is immediately deleted from the sender’s computer

D) the message is backed up on a server

21) US Companies which operate in the EU

A) cannot retain any customer data, since there is not way to do so under both sets of laws.

B) must apply EU rules to all customer data no matter where the customer lives.

C) must handle EU customer data under rules negotiated between the US and EU.

D) are not required to follow EU privacy law, because a country’s laws don’t apply outside it.

22) The US approach of passing separate laws to govern privacy in certain industries or activities

is called a(n) _________ approach.

A) random

B) individualized

C) sectoral

D) divided

23) The most important advantage of public key encryption over private key is

A) it doesn’t matter if the “bad guys” find out the key used to encrypt messages.

B) the use of prime numbers in the encryption process.

C) that it can be easily performed by modern computer equipment.

D) that the encryption algorithm itself is kept carefully secret by government and the computer

industry.

24) A web page is transmitted securely when the protocol part of the URL is

A) http

B) secure

C) https

D) crypt

1) Most Americans wrongly assume that their privacy regarding business information is

restricted to ________.

2) ________ and ________ entities are the two biggest threats to privacy.

3) A(n) ________ is information stored on a Web client computer by an HTTP server computer.

5) In electronic privacy, tracking is used in two different ways, online tracking and ________.

6) ________ is the process of recovering encrypted cipher text.

7) Malware that directly manipulates operating system tables to hide its presence is known as

________.

8) ________ communication involves message exchange in which the content is encrypted to

keep it private.

9) ________ is the crime of posing as someone else for fraudulent purposes.

10) The ________ principle of the OECD Fair Information Practices states that personal data

gathered should be relevant to the purposes for which it is used, and should be accurate,

complete, and up-to-date.

11) ________ is the choice of disapproving to a use of information.

12) ________ is the choice of approving to a use of information.

13) ________, the practice of a Web site automatically sending details about your visit to other

content providers, is an emerging problem of concern to privacy experts.

14) A(n) ________ is published by the receiver and used by the sender to encrypt messages.

15) Computer scientists have not yet proved the invincibility of the RSA scheme, but it can be

“made more secure” simply by ________ the size of the key.

16) ________ is software intended to do harm to a computer connected to the Internet.

17) The ________ public key cryptosystem, invented by Rivest, Shamir, and Adelman, is one of

the popular PKC algorithms.

18) In computer security, compromised computers that act under the direction of an external

master computer, often to send spam, are called ________.

19) Recovery after a disaster involves installing the most recent ________ backup copy.

20) Information that is recorded to hide its true meaning uses ________.

21) The right to block or limit on-line information regarding long-ago offenses or dis-proven

accusations is called ________ .

22) A benign-sounding software download which performs malicious activities is called a

________ .

23) A program which creates an access path by which attackers can run any program they want is

called a ________ .