B) introducing software errors
C) entering faulty data
D) forgetting passwords
62. Currently, the protocols used for secure information transfer over the Internet are
A) TCP/IP and SSL.
B) SSL, TLS, and S–HTTP.
C) HTTP and TCP/IP.
D) S–HTTP and CA.
63. Most antivirus software is effective against
A) only those viruses active on the Internet and through e–mail.
B) any virus except those in wireless communications applications.
C) only those viruses already known when the software is written.
D) any virus.
64. In which method of encryption is a single encryption key sent to the receiver so both sender and receiver
share the same key?
A) symmetric key encryption
B) public key encryption
C) SSL
D) private key encryption
65. A digital certificate system
A) uses digital signatures to validate a user’s identity.
B) uses third–party CAs to validate a user’s identity.
C) uses tokens to validate a user’s identity.
D) is used primarily by individuals for personal correspondence.
66. Downtime refers to periods of time in which a
A) computer system is malfunctioning.
B) computer is not online.
C) company or organization is not operational.
D) computer system is not operational.
67. For 100% availability, online transaction processing requires
A) high–capacity storage.
B) fault–tolerant computer systems.
C) a multi–tier server network.
D) dedicated phone lines.
68. In controlling network traffic to minimize slow–downs, a technology called ________ is used to examine data
files and sort low–priority data from high–priority data.
A) application proxy filtering
B) stateful inspection
C) deep–packet inspection
D) high availability computing
69. The development and use of methods to make computer systems resume their activities more quickly after
mishaps is called
A) disaster recovery planning.
B) recovery oriented computing.
C) high availability computing.
D) fault tolerant computing.
70. Smaller firms may outsource some or many security functions to
A) MSSPs.
B) ISPs.
C) MISs.
D) CAs.
71. A practice in which eavesdroppers drive by buildings or park outside and try to intercept wireless network
traffic is referred to as ________.
72. Malicious software programs referred to as ________ include a variety of threats such as computer viruses,
worms, and Trojan horses.
73. ________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone
else.
74. ________ is the scientific collection, examination, authentication, preservation, and analysis of data held on
or retrieved from computer storage media in such a way that the information can be used as evidence in a
court of law.
75. The intentional disruption of a Web site or information system is called ________.
76. A(n) ________ examines the firm’s overall security environment as well as the controls governing individual
information systems.
77. ________ refers to the ability to know that a person is who he or she claims to be.
78. Comprehensive security management products, with tools for firewalls, VPNs, intrusion detection systems,
and more, are called ________ systems.
79. PKI is the use of public key cryptography working with a(n) ________.
80. When errors are discovered in software programs, the sources of the errors are found and eliminated
through a process called ________.
81. Discuss the issue of security challenges on the Internet as that issue applies to a global enterprise. List at least
five Internet security challenges.
82. How can a firm’s security policies contribute and relate to the six main business objectives? Give examples.
83. Three major concerns of system builders and users are disaster, security, and human error. Of the three,
which do you think is most difficult to deal with? Why?
84. What are the security challenges faced by wireless networks?
85. Why is software quality important to security? What specific steps can an organization take to ensure
software quality?
86. Hackers and their companion viruses are an increasing problem, especially on the Internet. What are the
most important measurers for a firm to take to protect itself from this? Is full protection feasible? Why or
why not?
87. You have just been hired as a security consultant by MegaMalls Inc., a national chain of retail malls, to make
sure that the security of their information systems is up to par. Outline the steps you will take to achieve this.
88. What is a digital certificate? How does it work?
89. Define a fault–tolerant computer system and a high–availability computer system. How do they differ? When
would each be used?
90. How is the security of a firm’s information system and data affected by its people, organization, and
technology? Is the contribution of one of these dimensions any more important than the other? Why?
