Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
Management Information Systems, 14e (Laudon)
Chapter 8 Securing Information Systems
1) ________ refers to policies, procedures, and technical measures used to prevent unauthorized
access, alteration, theft, or physical damage to information systems.
A) "Security"
B) "Controls"
C) "Benchmarking"
D) "Algorithms"
E) "Identity management"
2) ________ refers to all of the methods, policies, and organizational procedures that ensure the
safety of the organization's assets, the accuracy and reliability of its accounting records, and
operational adherence to management standards.
A) "Legacy systems"
B) "SSID standards"
C) "Vulnerabilities"
D) "Security policy"
E) "Controls"
3) Large amounts of data stored in electronic form are ________ than the same data in manual
form.
A) less vulnerable to damage
B) more secure
C) vulnerable to many more kinds of threats
D) more critical to most businesses
E) prone to more errors
4) Electronic data are more susceptible to destruction, fraud, error, and misuse because
information systems concentrate data in computer files that
A) are easily decrypted.
B) can be opened with easily available software.
C) may be accessible by anyone who has access to the same network.
D) are unprotected by up-to-date security systems.
E) are rarely validated.
5) The communications lines in a client/server environment are specifically vulnerable to
A) vandalism.
B) malware.
C) software failure.
D) tapping.
E) errors.
6) Client software in a client/server environment is specifically vulnerable to
A) DoS attacks.
B) vandalism.
C) fraud.
D) radiation.
E) unauthorized access.
7) In a client/server environment, corporate servers are specifically vulnerable to
A) unauthorized access.
B) sniffing.
C) malware.
D) radiation.
E) tapping.
8) The Internet poses specific security problems because
A) it was designed to be easily accessible.
B) Internet data is not run over secure lines.
C) Internet standards are universal.
D) it changes so rapidly.
E) there is no formal controlling body.
9) Which of the following statements about the Internet security is not true?
A) The use of P2P networks can expose a corporate computer to outsiders.
B) A corporate network without access to the Internet is more secure than one that provides
access.
C) VoIP is more secure than the switched voice network.
D) Instant messaging can provide hackers access to an otherwise secure network.
E) Smartphones have the same security weaknesses as other Internet devices.
10) A Trojan horse
A) is software that appears to be benign but does something other than expected.
B) is a virus that replicates quickly.
C) is malware named for a breed of fast-moving Near-Eastern horses.
D) installs spyware on users' computers.
E) is a type of sniffer used to infiltrate corporate networks.
11) A salesperson clicks repeatedly on the online ads of a competitor's in order to drive the
competitor's advertising costs up. This is an example of
A) phishing.
B) pharming.
C) spoofing.
D) evil twins.
E) click fraud.
12) Which of the following is a virus that uses flaws in Windows software to take over a
computer remotely?
A) Sasser
B) Zeus Trojan
C) Melissa
D) ILOVEYOU
E) Conficker
13) ________ is malware that hijacks a user's computer and demands payment in return for
giving back access.
A) A Trojan horse
B) Ransomware
C) Spyware
D) A virus
E) An evil twin
14) ________ is malware that logs and transmits everything a user types.
A) Spyware
B) A Trojan horse
C) A keylogger
D) A worm
E) A sniffer
15) Hackers create a botnet by
A) infecting Web search bots with malware.
B) using Web search bots to infect other computers.
C) causing other people's computers to become "zombie" PCs following a master computer.
D) infecting corporate servers with "zombie" Trojan horses that allow undetected access through
a back door.
E) pharming multiple computers.
16) Using numerous computers to inundate and overwhelm the network from numerous launch
points is called a(n) ________ attack.
A) DDoS
B) DoS
C) SQL injection
D) phishing
E) botnet
17) Which of the following is not an example of a computer used as a target of crime?
A) knowingly accessing a protected computer to commit fraud
B) sccessing a computer system without authority
C) illegally accessing stored electronic communication
D) threatening to cause damage to a protected computer
E) breaching the confidentiality of protected computerized data
18) Which of the following is not an example of a computer used as an instrument of crime?
A) theft of trade secrets
B) intentionally attempting to intercept electronic communication
C) unauthorized copying of software
D) breaching the confidentiality of protected computerized data
E) schemes to defraud
19) Social networking sites have become a new conduit for malware because
A) they are used by so many people.
B) they allow users to post media and image files.
C) they are especially vulnerable to social engineering.
D) they allow users to post software code.
E) they have poor user authentication.
20) The intentional defacement or destruction of a Web site is called
A) spoofing.
B) cybervandalism.
C) cyberwarfare.
D) phishing.
E) pharming.
21) Evil twins are
A) Trojan horses that appears to the user to be a legitimate commercial software application.
B) e-mail messages that mimic the e-mail messages of a legitimate business.
C) fraudulent Web sites that mimic a legitimate business's Web site.
D) computers that fraudulently access a Web site or network using the IP address and
identification of an authorized computer.
E) bogus wireless network access points that look legitimate to users.
22) Pharming involves
A) redirecting users to a fraudulent Web site even when the user has typed in the correct address
in the Web browser.
B) pretending to be a legitimate business's representative in order to garner information about a
security system.
C) setting up fake Web sites to ask users for confidential information.
D) using e-mails for threats or harassment.
E) setting up fake Wi-Fi access points that look as if they are legitimate public networks.
23) You have been hired as a security consultant for a law firm. Which of the following
constitutes the greatest source for network security breaches to the firm?
A) wireless network
B) employees
C) authentication procedures
D) lack of data encryption
E) software quality
24) Tricking employees to reveal their passwords by pretending to be a legitimate member of a
company is called
A) sniffing.
B) social engineering.
C) phishing.
D) pharming.
E) snooping
25) How do software vendors correct flaws in their software after it has been distributed?
A) They issue bug fixes.
B) They issue patches.
C) They re-release the software.
D) They release updated versions of the software.
E) They don't; users purchase software at their own risk.
26) A practice in which eavesdroppers drive by buildings or park outside and try to intercept
wireless network traffic is referred to as
A) war driving.
B) sniffing.
C) cybervandalism.
D) drive-by tapping.
E) snooping.
27) ________ is a crime in which an imposter obtains key pieces of personal information to
impersonate someone else.
A) Identity theft
B) Spoofing
C) Social engineering
D) Evil twins
E) Pharming
28) ________ identify the access points in a Wi-Fi network.
A) NICs
B) Mac addresses
C) URLs
D) UTMs
E) SSIDs
29) A foreign country attempting to access government networks in order to disable a national
power grid would be an example of
A) phishing.
B) denial-of-service attacks.
C) cyberwarfare.
D) cyberterrorism.
E) evil twins.
30) Smartphones have the same security flaws as other Internet-connected devices.
31) In 2013, Panda Security reported approximately 30 million new kinds of malware strains.
32) Viruses can be spread through e-mail.
33) The term cracker is used to identify a hacker whose specialty is breaking open security
systems.
34) Wireless networks are more difficult for hackers to gain access too because radio frequency
bands are difficult to scan.
35) A computer virus replicates more quickly than a computer worm.
36) One form of spoofing involves forging the return address on an e-mail so that the e-mail
message appears to come from someone other than the sender.
37) Sniffers enable hackers to steal proprietary information from anywhere on a network,
including e-mail messages, company files, and confidential reports.
38) DoS attacks are used to destroy information and access restricted areas of a company's
information system.
39) Zero defects cannot be achieved in larger software programs because fully testing programs
that contain thousands of choices and millions of paths would require thousands of years.
40) As discussed in the chapter opening case, magnetic stripes are an old technology that is
vulnerable to counterfeit and theft.
41) Malicious software programs referred to as spyware include a variety of threats such as
computer viruses, worms, and Trojan horses.
42) What are the security challenges faced by wireless networks?
43) Explain how an SQL injection attack works and what types of systems are vulnerable to this
type of attack.
44) How is the security of a firm's information system and data affected by its people,
organization, and technology? Is the contribution of one of these dimensions any more important
than the other? Why?
45) The HIPAA Act of 1996
A) requires financial institutions to ensure the security of customer data.
B) specifies best practices in information systems security and control.
C) imposes responsibility on companies and management to safeguard the accuracy of financial
information.
D) outlines medical security and privacy rules.
E) identifies computer abuse as a crime and defines abusive activities.
46) The Gramm-Leach-Bliley Act
A) requires financial institutions to ensure the security of customer data.
B) specifies best practices in information systems security and control.
C) imposes responsibility on companies and management to safeguard the accuracy of financial
information.
D) outlines medical security and privacy rules.
E) identifies computer abuse as a crime and defines abusive activities.
47) The Sarbanes-Oxley Act
A) requires financial institutions to ensure the security of customer data.
B) specifies best practices in information systems security and control.
C) imposes responsibility on companies and management to safeguard the accuracy of financial
information.
D) outlines medical security and privacy rules.
E) identifies computer abuse as a crime and defines abusive activities.
48) The most common type of electronic evidence is
A) voice-mail.
B) spreadsheets.
C) instant messages.
D) e-mail.
E) VOIP data.
49) Which of the following is a type of ambient data?
A) computer log containing recent system errors
B) a file deleted from a hard disk
C) a file that contains an application's user settings
D) a set of raw data from an environmental sensor
E) data that has been recorded over
