12.1 True/False Questions
1) As problems caused by human errors are accidental and not malicious, they are not security threats.
Answer: FALSE
Page Ref: 415
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
2) An example of a computer crime includes an employee who inadvertently installs an old database on top of the current one.
Answer: FALSE
Page Ref: 415
AACSB: Use of Information Technology
Difficulty: Moderate
Course LO: Describe different methods of managing IS security
Chapter LO: 1
3) Unauthorized data disclosures are possible due to human error.
Answer: TRUE
Page Ref: 416
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
4) Pretexting occurs when a person receives a confidential text message by mistake and pretends to be the intended recipient.
Answer: FALSE
Page Ref: 416
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
5) Phishing is a technique for intercepting computer communications.
Answer: FALSE
Page Ref: 416
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
6) Email spoofing is a synonym for phishing.
Answer: TRUE
Page Ref: 417
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
7) Sniffing occurs when an intruder uses another site’s IP address as if it were that other site.
Answer: FALSE
Page Ref: 417
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
8) Drive-by sniffers monitor and intercept wireless traffic at will.
Answer: TRUE
Page Ref: 417
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
9) Faulty service includes incorrectly billing customers or sending the wrong information to employees, but not incorrect data modification.
Answer: FALSE
Page Ref: 417
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
10) Usurpation occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones.
Answer: TRUE
Page Ref: 417
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
11) When a hacker floods a Web server with millions of bogus service requests so that it cannot service legitimate requests, it is called a denial-of-service attack.
Answer: TRUE
Page Ref: 418
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
12) Natural disasters present the largest risk for infrastructure loss.
Answer: TRUE
Page Ref: 418
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
13) Safeguards increase work efficiency by making common tasks easier.
Answer: FALSE
Page Ref: 420
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
14) Most email and IM are protected by encryption.
Answer: FALSE
Page Ref: 423
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 2
15) Cookies enables one to access Web sites without having to sign in every time.
Answer: TRUE
Page Ref: 423
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 2
16) According to the NIST Handbook, computer security responsibilities and accountability should not be made explicit.
Answer: FALSE
Page Ref: 424
AACSB: Use of Information Technology
Difficulty: Moderate
Course LO: Describe different methods of managing IS security
Chapter LO: 3
17) According to the elements of company security outlined in the NIST Handbook, computer security is not constrained by societal factors.
Answer: FALSE
Page Ref: 424
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 3
18) Uncertainty is the likelihood of an adverse occurrence.
Answer: FALSE
Page Ref: 425
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 3
19) Uncertainty is different from risk.
Answer: TRUE
Page Ref: 425
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 3
20) Because of uncertainty, risk management is always approximate.
Answer: TRUE
Page Ref: 425
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 3
21) Intangible consequences are those whose financial impact can be measured.
Answer: FALSE
Page Ref: 425
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 3
22) Probable loss is the probability that a given asset will be compromised by a given threat, despite the safeguards.
Answer: FALSE
Page Ref: 425
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 3
23) Probable loss is concerned only with tangible consequences.
Answer: FALSE
Page Ref: 425
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 3
24) Technical safeguards involve the hardware and software components of an information system.
Answer: TRUE
Page Ref: 428
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 4
25) Unlike credit, debit, and ATM cards, which have a magnetic strip, smart cards have a microchip.
Answer: TRUE
Page Ref: 428
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 4
26) A magnetic strip holds far more data than a microchip.
Answer: FALSE
Page Ref: 428
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 4
27) A retina scan is a biometric authentication technique.
Answer: TRUE
Page Ref: 428
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 4
28) Encryption is an example of a technical safeguard.
Answer: TRUE
Page Ref: 429
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 4
29) Windows, Linux, Unix, and other operating systems employ Kerberos and authenticate user requests across networks of computers using a mixture of these operating systems.
Answer: TRUE
Page Ref: 429
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 4
30) Wireless networks are more secure than wired networks.
Answer: FALSE
Page Ref: 429
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 4
31) To gain access to a wired network, a potential intruder must obtain physical access to the network.
Answer: TRUE
Page Ref: 429
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 4
32) In symmetric encryption, two different keys are used to encode and decode a message.
Answer: FALSE
Page Ref: 429
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 4
33) Symmetric encryption is simpler and much faster than asymmetric encryption.
Answer: TRUE
Page Ref: 429
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 4
34) Secure Socket Layer (SSL) is a protocol that is restricted to asymmetric encryption.
Answer: FALSE
Page Ref: 430
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 4
35) Viruses and worms are examples of malware.
Answer: TRUE
Page Ref: 431
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 4
36) A Trojan horse is a virus that masquerades as a useful program or file.
Answer: TRUE
Page Ref: 431
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 4
37) Most spyware is benign in that it does not perform malicious acts or steal data.
Answer: FALSE
Page Ref: 431
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 4
38) Beacons are tiny files that gather demographic information and use different codes to identify users by age, gender, location, likely income, and online activity.
Answer: FALSE
Page Ref: 432
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 4
39) A botnet is a network of bots that is created and managed by the individual or organization that infected the network with the bot program.
Answer: TRUE
Page Ref: 433
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 4
40) Data safeguards are measures used to protect computer hardware from external threat.
Answer: FALSE
Page Ref: 434
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 5
41) If a backup is made, the database is secure.
Answer: FALSE
Page Ref: 434
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 5
42) Documenting position sensitivity enables security personnel to prioritize their activities in accordance with the possible risk and loss.
Answer: TRUE
Page Ref: 436
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 6
43) Employee termination is a potential security threat for an organization.
Answer: TRUE
Page Ref: 437
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 6
44) The existence of accounts that are no longer in use are not a security threat to an organization.
Answer: FALSE
Page Ref: 438
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 5
45) Incident response procedures should provide decentralized reporting of all security incidents.
Answer: FALSE
Page Ref: 440
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 6
46) A hot site is a utility company that can take over another company’s processing with no forewarning.
Answer: TRUE
Page Ref: 441
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 6
47) The total cost of a cold site, including all customer labor and other expenses, is always less than the cost of a hot site.
Answer: FALSE
Page Ref: 441
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 6
48) Many companies create honeypots, which are false targets for computer criminals to attack.
Answer: TRUE
Page Ref: 441
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 6
49) Security, like BPM, is a process that requires process management.
Answer: TRUE
Page Ref: 442
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 6
50) Due to increased security in operating systems and other software, and improved security procedures and employee training, it will be impossible for hackers to find vulnerabilities to exploit in the future.
Answer: FALSE
Page Ref: 442
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 7
12.2 Multiple Choice Questions
1) A ________ is a person or organization that seeks to obtain data or other assets illegally, without the owner’s permission and often without the owner’s knowledge.
A) target
B) vulnerability
C) threat
D) warning
Answer: C
Page Ref: 414
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
2) Which of the following is considered a threat caused by human error?
A) An employee inadvertently installs an old database on top of the current one.
B) An employee intentionally destroys data and system components.
C) A virus and worm writer infects computer systems.
D) A hacker breaks into a system to steal for financial gain.
Answer: A
Page Ref: 415
AACSB: Use of Information Technology
Difficulty: Moderate
Course LO: Describe different methods of managing IS security
Chapter LO: 1
3) Which of the following is considered a computer crime?
A) accidentally deleting customer records
B) poorly written programs resulting in data losses
C) loss of data as a result of flooding
D) hacking of information systems
Answer: D
Page Ref: 415
AACSB: Use of Information Technology
Difficulty: Moderate
Course LO: Describe different methods of managing IS security
Chapter LO: 1
4) ________ occurs when someone deceives by pretending to be someone else.
A) Hacking
B) Baiting
C) Sniffing
D) Pretexting
Answer: D
Page Ref: 416
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
5) When referring to security threats, pretexting, sniffing, spoofing, and phishing are all examples of ________.
A) unauthorized data disclosure
B) incorrect data modification
C) faulty services
D) loss of infrastructure
Answer: A
Page Ref: 416-417
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
6) A ________ pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, Social Security numbers, account passwords, and so forth.
A) hacker
B) phisher
C) safeguard
D) sniffer
Answer: B
Page Ref: 416-417
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
7) Email spoofing is a synonym for ________.
A) hacking
B) phishing
C) usurping
D) sniffing
Answer: B
Page Ref: 417
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
8) ________ is a technique for intercepting computer communications, either through a physical connection to a network or, in the case of wireless networks, with no physical connection.
A) Spoofing
B) Phishing
C) Sniffing
D) Pretexting
Answer: C
Page Ref: 417
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
9) ________ take computers with wireless connections through an area and search for unprotected wireless networks and then monitor and intercept wireless traffic at will.
A) Drive-by spoofers
B) Pretexters
C) Drive-by sniffers
D) Phishers
Answer: C
Page Ref: 417
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
10) Which of the following is an example of a sniffing technique?
A) IP spoofing
B) caches
C) ad blockers
D) adware
Answer: D
Page Ref: 417
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
11) ________ occurs when a person breaks into a network to steal data such as customer lists, product inventory data, employee data, and other proprietary and confidential data.
A) Pretexting
B) Phishing
C) Hacking
D) Spoofing
Answer: C
Page Ref: 417
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
12) Which of the following is most likely to be the result of hacking?
A) certain Web sites being blocked from viewing for security reasons
B) small amounts of spam in your inbox
C) an unexplained reduction in your account balance
D) pop-up ads appearing frequently
Answer: C
Page Ref: 417
AACSB: Use of Information Technology
Difficulty: Moderate
Course LO: Describe different methods of managing IS security
Chapter LO: 1
13) ________ occurs through human error when employees do not follow proper procedures or when procedures have not been well designed.
A) Unauthorized data disclosure
B) Incorrect data modification
C) Denial of service
D) Loss of infrastructure
Answer: B
Page Ref: 417
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
14) ________ occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones that shut down legitimate applications and substitute their own processing to spy, steal and manipulate data, or other purposes.
A) Hacking
B) Spoofing
C) Phishing
D) Usurpation
Answer: D
Page Ref: 417
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
15) Which of the following usually happens in a malicious denial-of-service attack?
A) A hacker monitors and intercepts wireless traffic at will.
B) A hacker floods a Web server with millions of bogus service requests.
C) A hacker uses another site’s IP address to masquerade as that other site.
D) A phisher pretends to be a legitimate company and requests confidential data.
Answer: B
Page Ref: 418
AACSB: Use of Information Technology
Difficulty: Moderate
Course LO: Describe different methods of managing IS security
Chapter LO: 1
16) ________ present the largest risk for an organization’s infrastructure loss.
A) Employees
B) Natural disasters
C) Hackers
D) Competitors
Answer: B
Page Ref: 418
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
17) A(n) ________ is a computer program that senses when another computer is attempting to scan the disk or otherwise access a computer.
A) IDS
B) botnet
C) antivirus
D) firewall
Answer: A
Page Ref: 420
AACSB: Use of Information Technology
Difficulty: Easy
Course LO: Describe different methods of managing IS security
Chapter LO: 1
GIPHY App Key not set. Please check settings