50) Computer forensics tasks include all of the following except
A) presenting collected evidence in a court of law.
B) securely storing recovered electronic data.
C) collecting physical evidence on the computer.
D) finding significant information in a large volume of electronic data.
51) Three major concerns of system builders and users are disaster, security, and human error. Of
the three, which do you think is most difficult to deal with? Why?
52) Hackers and their companion viruses are an increasing problem, especially on the Internet.
What are the most important measurers for a firm to take to protect itself from this? Is full
protection feasible? Why or why not?
53) Your company, an online discount stationers, has calculated that a loss of Internet
connectivity for 3 hours results in a potential loss of $2,000 to $3,000 and that there is a 50%
chance of this occurring each year. What is the annual expected loss from this exposure?
A) $500
B) $1,000
C) $1,250
D) $1,500
E) $2,500
54) Application controls
A) can be classified as input controls, processing controls, and output controls.
B) govern the design, security, and use of computer programs and the security of data files in
general throughout the organization.
C) apply to all computerized applications and consist of a combination of hardware, software,
and manual procedures that create an overall control environment.
D) include software controls, computer operations controls, and implementation controls.
E) monitor the use of system software and prevent unauthorized access to software and
programs.
55) ________ controls ensure that valuable business data files on either disk or tape are not
subject to unauthorized access, change, or destruction while they are in use or in storage.
A) Software
B) Administrative
C) Data security
D) Implementation
E) Input
56) Analysis of an information system that rates the likelihood of a security incident occurring
and its cost is included in a(n)
A) security policy.
B) AUP.
C) risk assessment.
D) business impact analysis.
E) business continuity plan.
57) Statements ranking information risks and identifying security goals are included in a(n)
A) security policy.
B) AUP.
C) risk assessment.
D) business impact analysis.
E) business continuity plan.
58) An acceptable use policy defines the acceptable level of access to information assets for
different users.
59) How can a firm’s security policies contribute and relate to the six main business objectives?
Give examples.
60) Which of the following specifications replaces WEP with a stronger security standard that
features changing encryption keys?
A) TLS
B) AUP
C) VPN
D) WPA2
E) UTM
61) Rigorous password systems
A) are one of the most effective security tools.
B) may hinder employee productivity.
C) are costly to implement.
D) are often disregarded by employees.
62) An authentication token is a(n)
A) device the size of a credit card that contains access permission data.
B) type of smart card.
C) gadget that displays passcodes.
D) electronic marker attached to a digital authorization file.
63) Biometric authentication
A) is inexpensive.
B) is used widely in Europe for security applications.
C) can use a person’s voice as a unique, measurable trait.
D) only uses physical measurements for identification.
E) only uses biographical details for identification.
64) A firewall allows the organization to
A) enforce a security policy on data exchanged between its network and the Internet.
B) check the accuracy of all transactions between its network and the Internet.
C) create an enterprise system on the Internet.
D) check the content of all incoming and outgoing e-mail messages.
E) create access rules for a network.
65) ________ use scanning software to look for known problems such as bad passwords, the
removal of important files, security attacks in progress, and system administration errors.
A) Stateful inspections
B) Intrusion detection systems
C) Application proxy filtering technologies
D) Packet filtering technologies
E) Firewalls
66) Currently, the protocols used for secure information transfer over the Internet are
A) TCP/IP and SSL.
B) S-HTTP and CA.
C) HTTP and TCP/IP.
D) S-HTTP and SHTML.
E) SSL, TLS, and S-HTTP.
67) Most antivirus software is effective against
A) only those viruses active on the Internet and through e-mail.
B) any virus.
C) any virus except those in wireless communications applications.
D) only those viruses already known when the software is written.
E) only viruses that are well-known and typically several years old.
68) In which method of encryption is a single encryption key sent to the receiver so both sender
and receiver share the same key?
A) SSL/TLS
B) symmetric key encryption
C) public key encryption
D) private key encryption
E) distributed encryption
69) A digital certificate system
A) uses third-party CAs to validate a user’s identity.
B) uses digital signatures to validate a user’s identity.
C) uses tokens to validate a user’s identity.
D) is used primarily by individuals for personal correspondence.
E) protects a user’s identity by substituting a certificate in place of identifiable traits.
70) All of the following are types of information systems general controls except
A) application controls.
B) computer operations controls.
C) physical hardware controls.
D) software controls.
E) administrative controls
71) For 100-percent availability, online transaction processing requires
A) high-capacity storage.
B) a multi-tier server network.
C) fault-tolerant computer systems.
D) dedicated phone lines.
E) a digital certificate system.
72) In controlling network traffic to minimize slow-downs, a technology called ________ is used
to examine data files and sort low-priority data from high-priority data.
A) high availability computing
B) deep-packet inspection
C) application proxy filtering
D) stateful inspection
E) unified threat management
73) An authentication system in which a user must provide two types of identification, such as a
bank card and PIN, is called
A) smart card authentication.
B) biometric authentication.
C) two-factor authentication.
D) symmetric key authorization.
E) token authentication.
74) Smaller firms may outsource some or many security functions to
A) ISPs.
B) MISs.
C) MSSPs.
D) CAs.
E) PKIs.
75) Comprehensive security management products, with tools for firewalls, VPNs, intrusion
detection systems, and more, are called ________ systems.
A) DPI
B) MSSP
C) NSP
D) PKI
E) UTM
76) Organizations can use existing network security software to secure mobile devices.
77) The dispersed nature of cloud computing makes it difficult to track unauthorized access.
78) Biometric authentication is the use of personal, biographic details such as the high school
you attended and the first street you lived on to provide identification.
79) Packet filtering catches most types of network attacks.
80) NAT conceals the IP addresses of the organization’s internal host computers to deter sniffer
programs.
81) SSL is a protocol used to establish a secure connection between two computers.
82) Public key encryption uses two keys.
83) Smartphones typically feature state-of-the-art encryption and security features, making them
highly secure tools for businesses.
84) Authentication refers to verifying that a person is who he or she claims to be.
85) You can test software before it is even written by conducting a walkthrough.
86) When errors are discovered in software programs, the sources of the errors are found and
eliminated through a process called debugging.
87) Is the cloud a safer and more secure computing environment than an in-house network? Why
or why not?
88) Why is software quality important to security? What specific steps can an organization take
to ensure software quality?
89) You have just been hired as a security consultant by MegaMalls Inc., a national chain of
retail malls, to make sure that the security of their information systems is up to par. Outline the
steps you will take to achieve this.
90) What is a digital certificate? How does it work?