978-0134238241 Chapter 8 Part 1

Unlock access to all the studying documents.

View Full Document

Essentials of MIS, 12e (Laudon)

Chapter 8 Securing Information Systems

1) ________ refers to policies, procedures, and technical measures used to prevent unauthorized

access, alteration, theft, or physical damage to information systems.

A) “Security”

B) “Controls”

C) “Benchmarking”

D) “Algorithms”

E) “Authentication”

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

2) ________ refers to all of the methods, policies, and organizational procedures that ensure the

safety of the organization’s assets, the accuracy and reliability of its accounting records, and

operational adherence to management standards.

A) “Legacy systems”

B) “SSID standards”

C) “Vulnerabilities”

D) “Controls”

E) “Authentication”

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

3) Which of the following statements about wireless security is not true?

A) SSIDs are broadcast multiple times and can be picked up fairly easily by sniffer programs.

B) Radio frequency bands are easy to scan.

C) An intruder who has associated with an access point by using the correct SSID is capable of

accessing other resources on the network.

D) Intruders can force a user’s NIC to associate with a rogue access point.

E) Bluetooth is the only wireless technology that is not susceptible to hacking by eavesdroppers.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

4) Most computer viruses deliver a:

A) worm.

B) Trojan horse.

C) driveby download.

D) keylogger.

E) payload.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

5) Specific security challenges that threaten the communications lines in a client/server

environment include:

A) tapping, sniffing, message alteration, and radiation.

B) hacking, vandalism, and denial of service attacks.

C) theft, copying, alteration of data, and hardware or software failure.

D) unauthorized access, errors, and spyware.

E) errors, vandalism, and malware.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

6) Specific security challenges that threaten clients in a client/server environment include:

A) tapping, sniffing, message alteration, and radiation.

B) hacking, vandalism, and denial of service attacks.

C) theft, copying, alteration of data, and hardware or software failure.

D) unauthorized access, errors, and spyware.

E) vandalism, message alteration, and errors.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

7) Specific security challenges that threaten corporate servers in a client/server environment

include:

A) tapping, sniffing, message alteration, and radiation.

B) hacking, vandalism, and denial of service attacks.

C) theft, copying, alteration of data, and hardware or software failure.

D) unauthorized access, errors, and spyware.

E) vandalism, message alteration, and errors.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

8) CryptoLocker is an example of which of the following?

A) Trojan Horse

B) SQL injection attack

C) Sniffer

D) Evil twin

E) Ransomware

AACSB: Analytical Thinking

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

9) Which of the following statements about Internet security is not true?

A) The use of P2P networks can expose a corporate computer to outsiders.

B) A corporate network without access to the Internet is more secure than one that provides

access.

C) VoIP is more secure than the switched voice network.

D) Instant messaging can provide hackers access to an otherwise secure network.

E) Most VoIP traffic is not encrypted.

AACSB: Analytical Thinking

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

10) An independent computer program that copies itself from one computer to another over a

network is called a:

A) worm.

B) Trojan horse.

C) bug.

D) pest.

E) sniffer.

AACSB: Information Technology

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

11) A salesperson clicks repeatedly on the online ads of a competitor’s in order to drive the

competitor’s advertising costs up. This is an example of:

A) phishing.

B) pharming.

C) spoofing.

D) click fraud.

E) sniffing.

AACSB: Analytical Thinking

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

12) Conficker (also known as Downadup or Downup) is an example of which of the following?

A) SQL injection attack

B) Browser parasite

C) Worm

D) Ransomware

E) Script virus

AACSB: Analytical Thinking

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

13) Redirecting a web link to a different address is a form of:

A) snooping.

B) spoofing.

C) sniffing.

D) war driving.

E) SQL injection attack.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

14) A keylogger is a type of:

A) worm.

B) Trojan horse.

C) virus.

D) spyware.

E) SQL injection attack.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

15) Which of the following statements about botnets is not true?

A) Eighty percent of the world’s malware is delivered by botnets.

B) Botnets are often used to perpetrate DDoS attacks.

C) Ninety percent of the world’s spam is delivered by botnets.

D) Botnets are often used for click fraud.

E) It is not possible to make a smartphone part of a botnet.

AACSB: Information Technology

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

16) Using numerous computers to inundate and overwhelm the network from numerous launch

points is called a(n) ________ attack.

A) DDoS

B) DoS

C) SQL injection

D) phishing

E) ransomware

AACSB: Information Technology

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

17) Which of the following is not an example of a computer used as a target of crime?

A) Knowingly accessing a protected computer to commit fraud

B) Accessing a computer system without authority

C) Illegally accessing stored electronic communication

D) Threatening to cause damage to a protected computer

E) Breaching the confidentiality of protected computerized data

AACSB: Analytical Thinking

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

18) Which of the following is not an example of a computer used as an instrument of crime?

A) Theft of trade secrets

B) Intentionally attempting to intercept electronic communication

C) Unauthorized copying of software

D) Breaching the confidentiality of protected computerized data

E) Illegally accessing stored electronic communications

AACSB: Analytical Thinking

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

19) Phishing is a form of:

A) spoofing.

B) logging.

C) sniffing.

D) war driving.

E) ransomware.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

20) An example of phishing is:

A) flooding a web server with thousands of requests for service.

B) setting up a fake medical website that asks users for confidential information.

C) a program that records the keystrokes on a computer.

D) sending bulk email that asks for financial aid under a false pretext.

E) malware that displays annoying pop-up messages.

AACSB: Analytical Thinking

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

21) Evil twins are:

A) Trojan horses that appear to the user to be a legitimate commercial software application.

B) email messages that mimic the email messages of a legitimate business.

C) fraudulent websites that mimic a legitimate business’s website.

D) bogus wireless network access points that look legitimate to users.

E) viruses that affect smartphones.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

22) Pharming involves:

A) redirecting users to a fraudulent website even when the user has typed in the correct address

in the web browser.

B) pretending to be a legitimate business’s representative in order to garner information about a

security system.

C) setting up fake websites to ask users for confidential information.

D) using emails for threats or harassment.

E) malware that displays annoying pop-up messages.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

23) Which of the following is the single greatest cause of network security breaches?

A) Viruses

B) User lack of knowledge

C) Trojan horses

D) Cyberwarfare

E) Bugs

AACSB: Analytical Thinking

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

24) Tricking employees into revealing their passwords by pretending to be a legitimate member

of a company is called:

A) sniffing.

B) social engineering.

C) phishing.

D) pharming.

E) click fraud.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

25) According to Ponemon Institute’s 2014 Annual Cost of Cyber Crime Study, the average

annualized cost of cybercrime for companies in the United States was approximately:

A) $1.27 million.

B) $12.7 million.

C) $127 million.

D) $1.27 billion.

E) $12.7 billion.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

26) Which of the following is a type of ambient data?

A) Computer log containing recent system errors

B) A file deleted from a hard disk

C) A file that contains an application’s user settings

D) A set of raw data from an environmental sensor

E) An email file

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

27) According to the 2015 Identity Fraud Study by Javelin Strategy & Research, how much did

consumers lose to identity fraud in 2014?

A) $1.6 million

B) $16 million

C) $160 million

D) $1.6 billion

E) $16 billion

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

28) Which of the following specifically makes malware distribution and hacker attacks to disable

websites a federal crime?

A) Computer Fraud and Abuse Act

B) Economic Espionage Act

C) Electronic Communications Privacy Act

D) Data Security and Breach Notification Act

E) National Information Infrastructure Protection Act

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

29) All of the following countries are popular sources of malware attacks except:

A) the Netherlands.

B) the United Kingdom.

C) the United States.

D) Germany.

E) Mexico.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

30) A practice in which eavesdroppers drive by buildings or park outside and try to intercept

wireless network traffic is referred to as:

A) war driving.

B) sniffing.

C) cybervandalism.

D) driveby tapping.

E) driveby downloading.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

31) ________ is a crime in which an imposter obtains key pieces of personal information to

impersonate someone else.

A) Identity theft

B) Spoofing

C) Social engineering

D) Evil twins

E) Cybervandalism

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

32) ________ identify the access points in a Wi-Fi network.

A) NICs

B) Mac addresses

C) URLs

D) SSIDs

E) CAs

AACSB: Information Technology

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

33) A foreign country attempting to access government networks in order to disable a national

power grid would be an example of:

A) phishing.

B) denial-of-service attacks.

C) cyberwarfare.

D) ransomware.

E) injection attack.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

34) All of the following have contributed to an increase in software flaws except:

A) the growing complexity of software programs.

B) the growing size of software programs.

C) demands for timely delivery to markets.

D) the inability to fully test programs.

E) the increase in malicious intruders seeking system access.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

35) Smartphones have the same security flaws as other Internet-connected devices.

AACSB: Information Technology

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

36) According to IT security experts, mobile devices pose greater security risks than larger

computers.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

37) Viruses cannot be spread through email.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

38) The term cracker is used to identify a hacker whose specialty is breaking open security

systems.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

39) Wireless networks are more difficult to penetrate because radio frequency bands are hard to

scan.

AACSB: Information Technology

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

40) Computer worms spread much more rapidly than computer viruses.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

41) One form of spoofing involves forging the return address on an email so that the email

message appears to come from someone other than the sender.

AACSB: Application of Knowledge

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

42) Sniffers enable hackers to steal proprietary information from anywhere on a network,

including email messages, company files, and confidential reports.

AACSB: Information Technology

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?

43) DoS attacks are used to destroy information and access restricted areas of a company’s

information system.

AACSB: Information Technology

LO: 8.1: Why are information systems vulnerable to destruction, error, and abuse?