Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
1
Essentials of MIS, 12e (Laudon)
Chapter 8 Securing Information Systems
1) ________ refers to policies, procedures, and technical measures used to prevent unauthorized
access, alteration, theft, or physical damage to information systems.
A) "Security"
B) "Controls"
C) "Benchmarking"
D) "Algorithms"
E) "Authentication"
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
2) ________ refers to all of the methods, policies, and organizational procedures that ensure the
safety of the organization's assets, the accuracy and reliability of its accounting records, and
operational adherence to management standards.
A) "Legacy systems"
B) "SSID standards"
C) "Vulnerabilities"
D) "Controls"
E) "Authentication"
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
3) Which of the following statements about wireless security is not true?
A) SSIDs are broadcast multiple times and can be picked up fairly easily by sniffer programs.
B) Radio frequency bands are easy to scan.
C) An intruder who has associated with an access point by using the correct SSID is capable of
accessing other resources on the network.
D) Intruders can force a user's NIC to associate with a rogue access point.
E) Bluetooth is the only wireless technology that is not susceptible to hacking by eavesdroppers.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
2
4) Most computer viruses deliver a:
A) worm.
B) Trojan horse.
C) driveby download.
D) keylogger.
E) payload.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
5) Specific security challenges that threaten the communications lines in a client/server
environment include:
A) tapping, sniffing, message alteration, and radiation.
B) hacking, vandalism, and denial of service attacks.
C) theft, copying, alteration of data, and hardware or software failure.
D) unauthorized access, errors, and spyware.
E) errors, vandalism, and malware.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
6) Specific security challenges that threaten clients in a client/server environment include:
A) tapping, sniffing, message alteration, and radiation.
B) hacking, vandalism, and denial of service attacks.
C) theft, copying, alteration of data, and hardware or software failure.
D) unauthorized access, errors, and spyware.
E) vandalism, message alteration, and errors.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
7) Specific security challenges that threaten corporate servers in a client/server environment
include:
A) tapping, sniffing, message alteration, and radiation.
B) hacking, vandalism, and denial of service attacks.
C) theft, copying, alteration of data, and hardware or software failure.
D) unauthorized access, errors, and spyware.
E) vandalism, message alteration, and errors.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
3
8) CryptoLocker is an example of which of the following?
A) Trojan Horse
B) SQL injection attack
C) Sniffer
D) Evil twin
E) Ransomware
AACSB: Analytical Thinking
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
9) Which of the following statements about Internet security is not true?
A) The use of P2P networks can expose a corporate computer to outsiders.
B) A corporate network without access to the Internet is more secure than one that provides
access.
C) VoIP is more secure than the switched voice network.
D) Instant messaging can provide hackers access to an otherwise secure network.
E) Most VoIP traffic is not encrypted.
AACSB: Analytical Thinking
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
10) An independent computer program that copies itself from one computer to another over a
network is called a:
A) worm.
B) Trojan horse.
C) bug.
D) pest.
E) sniffer.
AACSB: Information Technology
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
11) A salesperson clicks repeatedly on the online ads of a competitor's in order to drive the
competitor's advertising costs up. This is an example of:
A) phishing.
B) pharming.
C) spoofing.
D) click fraud.
E) sniffing.
AACSB: Analytical Thinking
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
4
12) Conficker (also known as Downadup or Downup) is an example of which of the following?
A) SQL injection attack
B) Browser parasite
C) Worm
D) Ransomware
E) Script virus
AACSB: Analytical Thinking
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
13) Redirecting a web link to a different address is a form of:
A) snooping.
B) spoofing.
C) sniffing.
D) war driving.
E) SQL injection attack.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
14) A keylogger is a type of:
A) worm.
B) Trojan horse.
C) virus.
D) spyware.
E) SQL injection attack.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
15) Which of the following statements about botnets is not true?
A) Eighty percent of the world's malware is delivered by botnets.
B) Botnets are often used to perpetrate DDoS attacks.
C) Ninety percent of the world's spam is delivered by botnets.
D) Botnets are often used for click fraud.
E) It is not possible to make a smartphone part of a botnet.
AACSB: Information Technology
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
5
16) Using numerous computers to inundate and overwhelm the network from numerous launch
points is called a(n) ________ attack.
A) DDoS
B) DoS
C) SQL injection
D) phishing
E) ransomware
AACSB: Information Technology
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
17) Which of the following is not an example of a computer used as a target of crime?
A) Knowingly accessing a protected computer to commit fraud
B) Accessing a computer system without authority
C) Illegally accessing stored electronic communication
D) Threatening to cause damage to a protected computer
E) Breaching the confidentiality of protected computerized data
AACSB: Analytical Thinking
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
18) Which of the following is not an example of a computer used as an instrument of crime?
A) Theft of trade secrets
B) Intentionally attempting to intercept electronic communication
C) Unauthorized copying of software
D) Breaching the confidentiality of protected computerized data
E) Illegally accessing stored electronic communications
AACSB: Analytical Thinking
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
19) Phishing is a form of:
A) spoofing.
B) logging.
C) sniffing.
D) war driving.
E) ransomware.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
6
20) An example of phishing is:
A) flooding a web server with thousands of requests for service.
B) setting up a fake medical website that asks users for confidential information.
C) a program that records the keystrokes on a computer.
D) sending bulk email that asks for financial aid under a false pretext.
E) malware that displays annoying pop-up messages.
AACSB: Analytical Thinking
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
21) Evil twins are:
A) Trojan horses that appear to the user to be a legitimate commercial software application.
B) email messages that mimic the email messages of a legitimate business.
C) fraudulent websites that mimic a legitimate business's website.
D) bogus wireless network access points that look legitimate to users.
E) viruses that affect smartphones.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
22) Pharming involves:
A) redirecting users to a fraudulent website even when the user has typed in the correct address
in the web browser.
B) pretending to be a legitimate business's representative in order to garner information about a
security system.
C) setting up fake websites to ask users for confidential information.
D) using emails for threats or harassment.
E) malware that displays annoying pop-up messages.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
23) Which of the following is the single greatest cause of network security breaches?
A) Viruses
B) User lack of knowledge
C) Trojan horses
D) Cyberwarfare
E) Bugs
AACSB: Analytical Thinking
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
7
24) Tricking employees into revealing their passwords by pretending to be a legitimate member
of a company is called:
A) sniffing.
B) social engineering.
C) phishing.
D) pharming.
E) click fraud.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
25) According to Ponemon Institute's 2014 Annual Cost of Cyber Crime Study, the average
annualized cost of cybercrime for companies in the United States was approximately:
A) $1.27 million.
B) $12.7 million.
C) $127 million.
D) $1.27 billion.
E) $12.7 billion.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
26) Which of the following is a type of ambient data?
A) Computer log containing recent system errors
B) A file deleted from a hard disk
C) A file that contains an application's user settings
D) A set of raw data from an environmental sensor
E) An email file
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
27) According to the 2015 Identity Fraud Study by Javelin Strategy & Research, how much did
consumers lose to identity fraud in 2014?
A) $1.6 million
B) $16 million
C) $160 million
D) $1.6 billion
E) $16 billion
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
8
28) Which of the following specifically makes malware distribution and hacker attacks to disable
websites a federal crime?
A) Computer Fraud and Abuse Act
B) Economic Espionage Act
C) Electronic Communications Privacy Act
D) Data Security and Breach Notification Act
E) National Information Infrastructure Protection Act
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
29) All of the following countries are popular sources of malware attacks except:
A) the Netherlands.
B) the United Kingdom.
C) the United States.
D) Germany.
E) Mexico.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
30) A practice in which eavesdroppers drive by buildings or park outside and try to intercept
wireless network traffic is referred to as:
A) war driving.
B) sniffing.
C) cybervandalism.
D) driveby tapping.
E) driveby downloading.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
31) ________ is a crime in which an imposter obtains key pieces of personal information to
impersonate someone else.
A) Identity theft
B) Spoofing
C) Social engineering
D) Evil twins
E) Cybervandalism
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
9
32) ________ identify the access points in a Wi-Fi network.
A) NICs
B) Mac addresses
C) URLs
D) SSIDs
E) CAs
AACSB: Information Technology
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
33) A foreign country attempting to access government networks in order to disable a national
power grid would be an example of:
A) phishing.
B) denial-of-service attacks.
C) cyberwarfare.
D) ransomware.
E) injection attack.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
34) All of the following have contributed to an increase in software flaws except:
A) the growing complexity of software programs.
B) the growing size of software programs.
C) demands for timely delivery to markets.
D) the inability to fully test programs.
E) the increase in malicious intruders seeking system access.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
35) Smartphones have the same security flaws as other Internet-connected devices.
AACSB: Information Technology
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
36) According to IT security experts, mobile devices pose greater security risks than larger
computers.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
10
37) Viruses cannot be spread through email.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
38) The term cracker is used to identify a hacker whose specialty is breaking open security
systems.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
39) Wireless networks are more difficult to penetrate because radio frequency bands are hard to
scan.
AACSB: Information Technology
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
40) Computer worms spread much more rapidly than computer viruses.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
41) One form of spoofing involves forging the return address on an email so that the email
message appears to come from someone other than the sender.
AACSB: Application of Knowledge
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
42) Sniffers enable hackers to steal proprietary information from anywhere on a network,
including email messages, company files, and confidential reports.
AACSB: Information Technology
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
43) DoS attacks are used to destroy information and access restricted areas of a company's
information system.
AACSB: Information Technology
LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?
