Package Title: Testbank Questions
Course Title: IS 5e
Chapter Number: 4
Question Type: True/False
1) Having one backup of your business data is sufficient for security purposes.
2) The security of each computer on the Internet is independent of the security of all other computers on the Internet.
3) The computing skills necessary to be a hacker are decreasing.
4. Human errors cause more than half of the security-related problems in many organizations.
5) The higher the level of an employee in organization, the greater the threat that he or she poses to the organization.
6) Dumpster diving is always illegal because it involves trespassing on private property.
7) Software can be copyrighted.
8) Trojan horses are software programs that hide in other computer programs and reveal their designed behavior only
when they are activated.
9) Zero-day attacks use deceptive e-mails to acquire sensitive personal information.
10) In most cases, cookies track your path through Web sites and are therefore invasions of your privacy.
11) Cyberterrorism and cyberwarfare can attack supervisory control and data acquisition (SCADA) systems to cause
widespread physical damage.
12) Supervisory control and data acquisition (SCADA) systems require human data input.
13) Cyberterrorism is usually carried out by nations.
14) IT security is the responsibility of everyone in the organization.
15) Risk analysis involves determining whether security programs are working.
16) A password refers to “something the user is.”
17) Organizations utilize layers of controls because they face so many diverse threats to information security.
18) Public-key encryption uses two different keys, one public and one private.
19) Voice recognition is an example of “something a user does” authentication.
20) Organizations use authentication to establish privileges to systems operations.
21) The area located between two firewalls within an organization is called the demilitarized zone.
22) A VPN is a network within the organization.
23) A URL that begins with https rather than http indicates that the site transmits using an extra layer of security called
transport layer security.
24) Which of the following factors is not increasing the threats to information security?
a) smaller computing devices
b) downstream liability
c) the Internet
d) limited storage capacity on portable devices
e) due diligence
25) The computing skills necessary to be a hacker are decreasing for which of the following reasons?
a) More information systems and computer science departments are teaching courses on hacking so that their graduates
can recognize attacks on information assets.
b) Computer attack programs, called scripts, are available for download from the Internet.
c) International organized crime is training hackers.
d) Cybercrime is much more lucrative than regular white-collar crime.
e) Almost anyone can buy or access a computer today.
26) Rank the following in terms of dollar value of the crime, from highest to lowest.
a) robbery – white collar crime – cybercrime
b) white collar crime – extortion – robbery
c) cybercrime – white collar crime – robbery
d) cybercrime – robbery – white collar crime
e) white collar crime – burglary – robbery
27) A _____ is any danger to which an information resource may be exposed.
a) vulnerability
b) risk
c) control
d) threat
e) compromise
28) An information system’s _____ is the possibility that the system will be harmed by a threat.
a) vulnerability
b) risk
c) control
d) danger
e) compromise
29) The most overlooked people in information security are:
a) consultants and temporary hires.
b) secretaries and consultants.
c) contract laborers and executive assistants.
d) janitors and guards.
e) executives and executive secretaries.
30) Employees in which functional areas of the organization pose particularly grave threats to information security?
a) human resources, finance
b) human resources, management information systems
c) finance, marketing
d) operations management, management information systems
e) finance, management information systems
31) Unintentional threats to information systems include all of the following except:
a) malicious software
b) tailgating
c) power outage
d) lack of user experience
e) tornados
32) _____ involves building an inappropriate trust relationship with employees for the purpose of gaining sensitive
information or unauthorized access privileges.
a) Tailgating
b) Hacking
c) Spoofing
d) Social engineering
e) Spamming
33) The cost of a stolen laptop includes all of the following except:
a) Loss of intellectual property
b) Loss of data
c) Backup costs
d) Loss of productivity
e) Replacement cost
34) Dumpster diving is:
a) always illegal because it is considered trespassing.
b) never illegal because it is not considered trespassing.
c) typically committed for the purpose of identity theft.
d) always illegal because individuals own the material in the dumpster.
e) always legal because the dumpster is not owned by private citizens.
35) Cybercriminals can obtain the information they need in order to assume another person’s identity by:
a) Infiltrating an organization that stores large amounts of personal information.
b) Phishing.
c) Hacking into a corporate database.
d) Stealing mail.
e) All of the above are strategies to obtain information to assume another person’s identity.
36) A _____ is intellectual work that is known only to a company and is not based on public information.
37) A pharmaceutical company’s research and development plan for a new class of drugs would be best described as
which of the following?
a) Copyrighted material
b) Patented material
c) A trade secret
d) A knowledge base
e) Public property
38) A _____ is a document that grants the holder exclusive rights on an invention for 20 years.
a) copyright
b) patent
c) trade secret
d) knowledge base
e) private property notice
39) An organization’s e-mail policy has the least impact on which of the following software attacks?
a) virus
b) worm
c) phishing
e) zero-day
e) spear phishing
40) _____ are segments of computer code that attach to existing computer programs and perform malicious acts.
a) Viruses
b) Worms
c) Trojan horses
d) Back doors
e) Logic bombs
41) _____ are software programs that hide in other computer programs and reveal their designed behavior only when they
are activated.
a) Viruses
b) Worms
c) Trojan horses
d) Back doors
e) Logic bombs
42) _____ are segments of computer code embedded within an organization’s existing computer programs that activate
and perform a destructive action at a certain time or date.
a) Viruses
b) Worms
c) Trojan horses
d) Back doors
e) Logic bombs
43) A _____ attack uses deception to fraudulently acquire sensitive personal information by masquerading as an official e–
mail.
a) Zero-day
b) Denial-of-service
c) Distributed denial-of-service
d) Phishing
e) Brute force dictionary
44) In a _____ attack, a coordinated stream of requests is launched against a target system from many compromised
computers at the same time.
a) phishing
b) zero-day
c) worm
d) back door
e) distributed denial-of-service
45) The term _____ refers to clandestine software that is installed on your PC through duplicitous channels but is not
particularly malicious.
a) Alien software
b) Virus
c) Worm
d) Back door
e) Logic bomb
46) Which of the following is(are) designed to use your computer as a launch pad for sending unsolicited e-mail to other
computers?
a) Spyware
b) Spamware
c) Adware
d) Viruses
e) Worms
47) When companies attempt to counter _____ by requiring users to accurately select characters in turn from a series of
boxes, attackers respond by using _____.
a) keyloggers, screen scrapers
b) screen scrapers, uninstallers
c) keyloggers, spam
d) screen scrapers, keyloggers
e) spam, keyloggers
48) _____ is the process in which an organization assesses the value of each asset being protected, estimates the
probability that it will be compromised, and compares the probable costs of an attack with the costs of protecting the
asset.
a) Risk management