in

Information Security Management

12.1   True/False Questions

1) As problems caused by human errors are accidental and not malicious, they are not security threats.

Answer:  FALSE

Page Ref: 415

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

2) An example of a computer crime includes an employee who inadvertently installs an old database on top of the current one.

Answer:  FALSE

Page Ref: 415

AACSB:  Use of Information Technology

Difficulty:  Moderate

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

3) Unauthorized data disclosures are possible due to human error.

Answer:  TRUE

Page Ref: 416

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

4) Pretexting occurs when a person receives a confidential text message by mistake and pretends to be the intended recipient.

Answer:  FALSE

Page Ref: 416

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

5) Phishing is a technique for intercepting computer communications.

Answer:  FALSE

Page Ref: 416

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

6) Email spoofing is a synonym for phishing.

Answer:  TRUE

Page Ref: 417

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

7) Sniffing occurs when an intruder uses another site’s IP address as if it were that other site.

Answer:  FALSE

Page Ref: 417

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

8) Drive-by sniffers monitor and intercept wireless traffic at will.

Answer:  TRUE

Page Ref: 417

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

9) Faulty service includes incorrectly billing customers or sending the wrong information to employees, but not incorrect data modification.

Answer:  FALSE

Page Ref: 417

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

10) Usurpation occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones.

Answer:  TRUE

Page Ref: 417

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

11) When a hacker floods a Web server with millions of bogus service requests so that it cannot service legitimate requests, it is called a denial-of-service attack.

Answer:  TRUE

Page Ref: 418

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

12) Natural disasters present the largest risk for infrastructure loss.

Answer:  TRUE

Page Ref: 418

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

13) Safeguards increase work efficiency by making common tasks easier.

Answer:  FALSE

Page Ref: 420

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

14) Most email and IM are protected by encryption.

Answer:  FALSE

Page Ref: 423

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  2

15) Cookies enables one to access Web sites without having to sign in every time.

Answer:  TRUE

Page Ref: 423

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  2

16) According to the NIST Handbook, computer security responsibilities and accountability should not be made explicit.

Answer:  FALSE

Page Ref: 424

AACSB:  Use of Information Technology

Difficulty:  Moderate

Course LO:  Describe different methods of managing IS security

Chapter LO:  3

17) According to the elements of company security outlined in the NIST Handbook, computer security is not constrained by societal factors.

Answer:  FALSE

Page Ref: 424

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  3

18) Uncertainty is the likelihood of an adverse occurrence.

Answer:  FALSE

Page Ref: 425

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  3

19) Uncertainty is different from risk.

Answer:  TRUE

Page Ref: 425

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  3

20) Because of uncertainty, risk management is always approximate.

Answer:  TRUE

Page Ref: 425

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  3

21) Intangible consequences are those whose financial impact can be measured.

Answer:  FALSE

Page Ref: 425

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  3

22) Probable loss is the probability that a given asset will be compromised by a given threat, despite the safeguards.

Answer:  FALSE

Page Ref: 425

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  3

23) Probable loss is concerned only with tangible consequences.

Answer:  FALSE

Page Ref: 425

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  3

24) Technical safeguards involve the hardware and software components of an information system.

Answer:  TRUE

Page Ref: 428

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  4

25) Unlike credit, debit, and ATM cards, which have a magnetic strip, smart cards have a microchip.

Answer:  TRUE

Page Ref: 428

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  4

26) A magnetic strip holds far more data than a microchip.

Answer:  FALSE

Page Ref: 428

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  4

27) A retina scan is a biometric authentication technique.

Answer:  TRUE

Page Ref: 428

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  4

28) Encryption is an example of a technical safeguard.

Answer:  TRUE

Page Ref: 429

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  4

29) Windows, Linux, Unix, and other operating systems employ Kerberos and authenticate user requests across networks of computers using a mixture of these operating systems.

Answer:  TRUE

Page Ref: 429

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  4

30) Wireless networks are more secure than wired networks.

Answer:  FALSE

Page Ref: 429

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  4

31) To gain access to a wired network, a potential intruder must obtain physical access to the network.

Answer:  TRUE

Page Ref: 429

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  4

32) In symmetric encryption, two different keys are used to encode and decode a message.

Answer:  FALSE

Page Ref: 429

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  4

33) Symmetric encryption is simpler and much faster than asymmetric encryption.

Answer:  TRUE

Page Ref: 429

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  4

34) Secure Socket Layer (SSL) is a protocol that is restricted to asymmetric encryption.

Answer:  FALSE

Page Ref: 430

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  4

35) Viruses and worms are examples of malware.

Answer:  TRUE

Page Ref: 431

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  4

36) A Trojan horse is a virus that masquerades as a useful program or file.

Answer:  TRUE

Page Ref: 431

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  4

37) Most spyware is benign in that it does not perform malicious acts or steal data.

Answer:  FALSE

Page Ref: 431

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  4

38) Beacons are tiny files that gather demographic information and use different codes to identify users by age, gender, location, likely income, and online activity.

Answer:  FALSE

Page Ref: 432

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  4

39) A botnet is a network of bots that is created and managed by the individual or organization that infected the network with the bot program.

Answer:  TRUE

Page Ref: 433

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  4

40) Data safeguards are measures used to protect computer hardware from external threat.

Answer:  FALSE

Page Ref: 434

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  5

41) If a backup is made, the database is secure.

Answer:  FALSE

Page Ref: 434

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  5

42) Documenting position sensitivity enables security personnel to prioritize their activities in accordance with the possible risk and loss.

Answer:  TRUE

Page Ref: 436

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  6

43) Employee termination is a potential security threat for an organization.

Answer:  TRUE

Page Ref: 437

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  6

44) The existence of accounts that are no longer in use are not a security threat to an organization.

Answer:  FALSE

Page Ref: 438

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  5

45) Incident response procedures should provide decentralized reporting of all security incidents.

Answer:  FALSE

Page Ref: 440

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  6

46) A hot site is a utility company that can take over another company’s processing with no forewarning.

Answer:  TRUE

Page Ref: 441

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  6

47) The total cost of a cold site, including all customer labor and other expenses, is always less than the cost of a hot site.

Answer:  FALSE

Page Ref: 441

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  6

48) Many companies create honeypots, which are false targets for computer criminals to attack.

Answer:  TRUE

Page Ref: 441

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  6

49) Security, like BPM, is a process that requires process management.

Answer:  TRUE

Page Ref: 442

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  6

50) Due to increased security in operating systems and other software, and improved security procedures and employee training, it will be impossible for hackers to find vulnerabilities to exploit in the future.

Answer:  FALSE

Page Ref: 442

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  7

12.2   Multiple Choice Questions

1) A ________ is a person or organization that seeks to obtain data or other assets illegally, without the owner’s permission and often without the owner’s knowledge.

A) target

B) vulnerability

C) threat

D) warning

Answer:  C

Page Ref: 414

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

2) Which of the following is considered a threat caused by human error?

A) An employee inadvertently installs an old database on top of the current one.

B) An employee intentionally destroys data and system components.

C) A virus and worm writer infects computer systems.

D) A hacker breaks into a system to steal for financial gain.

Answer:  A

Page Ref: 415

AACSB:  Use of Information Technology

Difficulty:  Moderate

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

3) Which of the following is considered a computer crime?

A) accidentally deleting customer records

B) poorly written programs resulting in data losses

C) loss of data as a result of flooding

D) hacking of information systems

Answer:  D

Page Ref: 415

AACSB:  Use of Information Technology

Difficulty:  Moderate

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

4) ________ occurs when someone deceives by pretending to be someone else.

A) Hacking

B) Baiting

C) Sniffing

D) Pretexting

Answer:  D

Page Ref: 416

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

5) When referring to security threats, pretexting, sniffing, spoofing, and phishing are all examples of ________.

A) unauthorized data disclosure

B) incorrect data modification

C) faulty services

D) loss of infrastructure

Answer:  A

Page Ref: 416-417

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

6) A ________ pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, Social Security numbers, account passwords, and so forth.

A) hacker

B) phisher

C) safeguard

D) sniffer

Answer:  B

Page Ref: 416-417

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

7) Email spoofing is a synonym for ________.

A) hacking

B) phishing

C) usurping

D) sniffing

Answer:  B

Page Ref: 417

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

8) ________ is a technique for intercepting computer communications, either through a physical connection to a network or, in the case of wireless networks, with no physical connection.

A) Spoofing

B) Phishing

C) Sniffing

D) Pretexting

Answer:  C

Page Ref: 417

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

9) ________ take computers with wireless connections through an area and search for unprotected wireless networks and then monitor and intercept wireless traffic at will.

A) Drive-by spoofers

B) Pretexters

C) Drive-by sniffers

D) Phishers

Answer:  C

Page Ref: 417

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

10) Which of the following is an example of a sniffing technique?

A) IP spoofing

B) caches

C) ad blockers

D) adware

Answer:  D

Page Ref: 417

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

11) ________ occurs when a person breaks into a network to steal data such as customer lists, product inventory data, employee data, and other proprietary and confidential data.

A) Pretexting

B) Phishing

C) Hacking

D) Spoofing

Answer:  C

Page Ref: 417

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

12) Which of the following is most likely to be the result of hacking?

A) certain Web sites being blocked from viewing for security reasons

B) small amounts of spam in your inbox

C) an unexplained reduction in your account balance

D) pop-up ads appearing frequently

Answer:  C

Page Ref: 417

AACSB:  Use of Information Technology

Difficulty:  Moderate

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

13) ________ occurs through human error when employees do not follow proper procedures or when procedures have not been well designed.

A) Unauthorized data disclosure

B) Incorrect data modification

C) Denial of service

D) Loss of infrastructure

Answer:  B

Page Ref: 417

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

14) ________ occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones that shut down legitimate applications and substitute their own processing to spy, steal and manipulate data, or other purposes.

A) Hacking

B) Spoofing

C) Phishing

D) Usurpation

Answer:  D

Page Ref: 417

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

15) Which of the following usually happens in a malicious denial-of-service attack?

A) A hacker monitors and intercepts wireless traffic at will.

B) A hacker floods a Web server with millions of bogus service requests.

C) A hacker uses another site’s IP address to masquerade as that other site.

D) A phisher pretends to be a legitimate company and requests confidential data.

Answer:  B

Page Ref: 418

AACSB:  Use of Information Technology

Difficulty:  Moderate

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

16) ________ present the largest risk for an organization’s infrastructure loss.

A) Employees

B) Natural disasters

C) Hackers

D) Competitors

Answer:  B

Page Ref: 418

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

17) A(n) ________ is a computer program that senses when another computer is attempting to scan the disk or otherwise access a computer.

A) IDS

B) botnet

C) antivirus

D) firewall

Answer:  A

Page Ref: 420

AACSB:  Use of Information Technology

Difficulty:  Easy

Course LO:  Describe different methods of managing IS security

Chapter LO:  1

What do you think?

Written by Homework Lance

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

Information Systems Management

The International Dimension