Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
65) Ciscon Telecom is a mobile operator in the European Union. The company provides
personalized services to its customers, and its databases contain valuable information about the
customers. The loss of customer information that is used to decide services would be extremely
harmful to the organization. Which of the following strategies adopted by Ciscon is an example
of risk transference?
A) The company insures any possible data loss for a large sum.
B) The company forms a special team of top executives to monitor and correct the information
policies.
C) It installs a corporate firewall to protect unauthorized access to information.
D) It enforces a strict employee data policy and prohibits employees from unauthorized access.
E) The company decides to absorb any damages that might occur.
Difficulty: Moderate
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Application
66) Glassico Publishing is a leading media company in France. The company handles sensitive
information and often finds it susceptible to information threats. As a countermeasure, the
company installs strong firewalls and protective software. These steps are a part of ________.
A) risk acceptance
B) risk reduction
C) risk mitigation
D) risk transference
E) risk rescheduling
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Application
67) With ________, employees may be identified by fingerprints, retinal patterns in the eye,
facial features, or other bodily characteristics before being granted access to use a computer or to
enter a facility.
A) CAPTCHAs
B) biometrics
C) passwords
D) ECHELONs
E) smart cards
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
21
68) When a company uses a fingerprint recognition system instead of access cards, it helps the
company prevent unauthorized physical access. Which of the following technologies is used for
authentication here?
A) biometrics
B) passwords
C) smart cards
D) access-control software
E) encryption
Difficulty: Moderate
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Application
69) In ________, an attacker accesses the network, intercepts data from it, and even uses
network services and/or sends attack instructions to it without having to enter the home, office,
or organization that owns the network.
A) drive-by hacking
B) hacktivism
C) viral marketing
D) cybersquatting
E) denial-of-service
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
70) A(n) ________ is a network connection that is constructed dynamically within an existing
network in order to connect users or nodes.
A) virtual private network
B) ambient network
C) cognitive network
D) collaborative service network
E) artificial network
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
22
71) Albitrex Systems is an Asian software consulting firm that develops solutions for companies
in the United States and Europe. The company is heavily dependent on the Internet for
transporting data. It wants to ensure that only authorized users access the data and that the data is
not intercepted and compromised. Which of the following would be most helpful to the company
in achieving this goal?
A) spam filtering
B) hot back up
C) tunneling
D) open transmitting
E) cloud storage
Difficulty: Moderate
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Application
72) Which of the following is a part of a computer system designed to detect intrusion and to
prevent unauthorized access to or from a private network?
A) firewall
B) cookie
C) botnet
D) honeypot
E) spam filter
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
73) Which of the following is a valid observation about encryption?
A) Encrypted messages cannot be deciphered without the decoding key.
B) Encryption is used for data enhancement rather than data protection.
C) Encryption is performed only after messages enter the network.
D) The encryption approach is not dependent on the type of data transmission.
E) Encryption implementation is expensive and needs authentication from a relevant authority.
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
23
74) Implementing encryption on a large scale, such as on a busy Web site, requires a third party,
called a(n) ________.
A) certificate authority
B) virtual private network
C) arbitrative authority
D) artificial network
E) buying center
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
75) The science of encryption is called ________.
A) cryptanalysis
B) cryptology
C) cryptography
D) cryptowall
E) cryptarithm
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
76) A ________ is nothing more than an empty warehouse with all necessary connections for
power and communication but nothing else.
A) cold backup site
B) buying center
C) botnet
D) firewall
E) collocation facility
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
24
77) An organization builds a fully equipped backup facility, having everything from office chairs
to a one-to-one replication of the most current data. This facility is called a ________.
A) buying center
B) firewall
C) hot backup site
D) botnet
E) collocation facility
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
78) Some data centers rent server space to multiple customers and provide necessary
infrastructure in terms of power, backups, connectivity, and security. Such data centers are called
________.
A) collocation facilities
B) hot backup sites
C) virtual private networks
D) offshore networks
E) control centers
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
79) ________ is the use of formal investigative techniques to evaluate digital information for
judicial review.
A) Computer forensics
B) Flaming
C) Hacktivism
D) Certificate authority
E) Encryption
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
25
80) Which of the following terms refers to a computer, data, or network site that is designed to be
enticing to crackers so as to detect, deflect, or counteract illegal activity?
A) honeypot
B) firewall
C) bot herder
D) botnet
E) zombie computer
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
81) Identify the policy that lists procedures for adding new users to systems and removing users
who have left the organization.
A) information policy
B) use policy
C) incident handling procedures
D) disaster recovery plan
E) account management policy
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
82) Which of the following types of plans describes how a business resumes operation after a
disaster?
A) business continuity plan
B) internal operations plan
C) business unit plan
D) emergency operation plan
E) virtual private network plan
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
26
83) Recovery point objectives of a recovery plan specify ________.
A) the maximum time allowed to recover from a catastrophic event
B) data structures and patterns of the data
C) the minimum time after which response should be allowed in a catastrophic event
D) how current the backup data should be
E) the capacity of backup servers in storing the necessary data
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
84) Controls that are used to assess whether anything went wrong, such as unauthorized access
attempts, are called ________ controls.
A) detective
B) preventive
C) corrective
D) adaptive
E) protective
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
85) Organizations periodically have an external entity review the controls so as to uncover any
potential problems in the controls. This process is called ________.
A) information systems audit
B) risk analysis
C) information modification
D) recovery plan objective analysis
E) business continuity plan
Difficulty: Easy
Learning Obj.: 10.3: Discuss the process of managing IS security and describe various IS
controls that can help in ensuring IS security.
Classification: Concept
27
