In this method of encryption, a single encryption key is sent to the receiver so both sender and receiver share the same key.

In this method of encryption, a single encryption key is sent to the receiver so both sender and receiver share the same key.

a. SSL
b. Symmetric key encryption
c. Public key encryption
d. Private key encryption

Answer: B

A digital certificate system:

A digital certificate system:

a. uses third-party CAs to validate a user's identity.
b. uses digital signatures to validate a user's identity.
c. uses tokens to validate a user's identity.
d. are used primarily by individuals for personal correspondence.

Answer: A

Currently, the protocols used for secure information transfer over the Internet are:

Currently, the protocols used for secure information transfer over the Internet are:

a. TCP/IP and SSL.
b. S-HTTP and CA.
c. HTTP and TCP/IP.
d. SSL, TLS, and S-HTTP.

Answer: D

______ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.

______ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.

a. Stateful inspections
b. Intrusion detection systems
c. Application proxy filtering technologies
d. Packet filtering technologies

Answer: B

In this technique, network communications are analyzed to see whether packets are part of an ongoing dialogue between a sender and a receiver.

In this technique, network communications are analyzed to see whether packets are part of an ongoing dialogue between a sender and a receiver.

a. Stateful inspection
b. Intrusion detection system
c. Application proxy filtering
d. Packet filtering

Answer: A

A firewall allows the organization to:

A firewall allows the organization to:

a. enforce a security policy on traffic between its network and the Internet.
b. check the accuracy of all transactions between its network and the Internet.
c. create an enterprise system on the Internet.
d. check the content of all incoming and outgoing e-mail messages

Answer: A

Biometric authentication:

Biometric authentication:

a. is inexpensive.
b. is used widely in Europe for security applications.
c. can use a person's face as a unique, measurable trait.
d. only uses physical traits as a measurement.

Answer: C

A token is a(n):

A token is a(n):

a. device the size of a credit card that contains access permission data.
b. type of smart card.
c. gadget that displays passcodes.
d. electronic marker attached to a digital authorization file.

Answer: C

Rigorous password systems:

Rigorous password systems:

a. are one of the most effective security tools.
b. may hinder employee productivity.
c. are costly to implement.
d. are easily disregarded by employees.

Answer: B

Smaller firms can outsource security functions to:

Smaller firms can outsource security functions to:

a. MISs.
b. CSOs.
c. MSSPs.
d. CAs.

Answer: C

Using methods to make computer systems recover more quickly after mishaps is called:

Using methods to make computer systems recover more quickly after mishaps is called:

a. high availability computing.
b. recovery oriented computing.
c. fault tolerant computing.
d. disaster-recovery planning.

Answer: B

High-availability computing:

High-availability computing:

a. promises continuous availability.
b. promises the elimination of recovery time.
c. uses online transaction and backup systems.
d. helps firms recover quickly from a crash.

Answer: D

Downtime refers to periods of time in which:

Downtime refers to periods of time in which:

a. a computer system is malfunctioning.
b. a computer system is not operational.
c. a corporation is not operational.
d. a computer is not able to perform online transactions.

Answer: B

Online transaction processing requires:

Online transaction processing requires:

a. more processing time.
b. a large server network.
c. fault-tolerant computer systems.
d. a dedicated phone line.

Answer: C

A CSO is a:

A CSO is a:

a. chief security officer.
b. computer security organization.
c. chief systems officer.
d. continuity systems officer.

Answer: A

An analysis of the firm's most critical systems and the impact a system's outage would have on the business is included in a(n):

An analysis of the firm's most critical systems and the impact a system's outage would have on the business is included in a(n):

a. security policy.
b. AUP.
c. risk assessment.
d. business impact analysis.

Answer: D

Statements ranking information risks are included in a(n):

Statements ranking information risks are included in a(n):

a. security policy.
b. AUP.
c. risk assessment.
d. business impact analysis.

Answer: A

Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n):

Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n):

a. security policy.
b. AUP.
c. risk assessment.
d. business impact analysis.

Answer: C

What is the key issue in information systems security and control?

What is the key issue in information systems security and control?

a. Appropriate use of security software
b. Intelligent management policies
c. Effective employee monitoring and authentication
d. Fault-tolerant computer systems

Answer: B

Electronic evidence on computer storage media that is not visible to the average user is called:

Electronic evidence on computer storage media that is not visible to the average user is called:

a. defragmented data.
b. ambient data.
c. forensic data.
d. recovery data.

Answer: B

The most common type of electronic evidence is:

The most common type of electronic evidence is:

a. word-processing documents.
b. spreadsheets.
c. instant messages.
d. e-mail.

Answer: D

ISO 17799:

ISO 17799:

a. requires financial institutions to ensure the security of customer data.
b. specifies best practices in information systems security and control.
c. imposes responsibility on companies and management to safeguard the accuracy of financial information.
d. outlines medical security and privacy rules.

Answer: B

The Sarbanes-Oxley Act:

The Sarbanes-Oxley Act:

a. requires financial institutions to ensure the security of customer data.
b. specifies best practices in information systems security and control.
c. imposes responsibility on companies and management to safeguard the accuracy of financial information.
d. outlines medical security and privacy rules.

Answer: C

The Health Insurance Portability and Accountability Act (HIPAA) of 1996:

The Health Insurance Portability and Accountability Act (HIPAA) of 1996:

a. requires financial institutions to ensure the security of customer data.
b. specifies best practices in information systems security and control.
c. imposes responsibility on companies and management to safeguard the accuracy of financial information.
d. outlines medical security and privacy rules.

Answer: D

Policies, procedures, and tools for managing the retention, destruction, and storage of electronic records is called:

Policies, procedures, and tools for managing the retention, destruction, and storage of electronic records is called:

a. ERM.
b. ERD.
c. information policy.
d. information management.

Answer: A

You have been hired as a security consultant for a legal firm. Which of the following constitutes the greatest threat, in terms of security, to the firm?

You have been hired as a security consultant for a legal firm. Which of the following constitutes the greatest threat, in terms of security, to the firm?

a. Wireless network
b. Employees
c. Authentication procedures
d. Lack of data encryption

Answer: B

How do software vendors correct flaws in their software after it has been distributed?

How do software vendors correct flaws in their software after it has been distributed?

a. Issue bug fixes.
b. Issue patches.
c. Re-release software.
d. Issue updated versions.

Answer: B

Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is referred to as:

Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is referred to as:

a. sniffing.
b. social engineering.
c. phishing.
d. pharming.

Answer: B

Evil twins are:

Evil twins are:

a. Trojan horses that appears to the user to be a legitimate commercial software application.
b. e-mail messages that mimic the e-mail messages of a legitimate business.
c. fraudulent Web sites that mimic a legitimate business's Web site.
d. bogus wireless networks that look legitimate to users.

Answer: D

Pharming involves:

Pharming involves:

a. redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.
b. pretending to be a legitimate business's representative in order to garner information about a security system.
c. setting up fake Web sites to ask users for confidential information.
d. using e-mails for threats or harassment.

Answer: A

Phishing involves:

Phishing involves:

a. redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.
b. pretending to be a legitimate business's representative in order to garner information about a security system.
c. setting up fake Web sites to ask users for confidential information.
d. using e-mails for threats or harassment.

Answer: C

Which of the following is an example of a computer used as an instrument of crime?

Which of the following is an example of a computer used as an instrument of crime?

a. Knowingly accessing a protected computer to commit fraud
b. Accessing a computer system without authority
c. Illegally accessing stored electronic communication
d. Breaching the confidentiality of protected computerized data

Answer: C

The approach taken by Akamai Technologies when it discovered its servers were under attack illustrates that:

The approach taken by Akamai Technologies when it discovered its servers were under attack illustrates that:

a. enforcing security is a complex endeavor that involves multiple approaches.
b. educating clients about their role in security is paramount.
c. multistep authentication procedures can cause more problems than solutions.
d. anti-virus software must be updated continually to remain effective.

Answer: A

Which of the following offers the greatest protection against bot attacks?

Which of the following offers the greatest protection against bot attacks?

a. Securing the network properly
b. Alerting employees to virus threats
c. Having individuals use adequate anti-virus protection
d. Having corporations use adequate anti-virus protection

Answer: C

How do hackers create a botnet?

How do hackers create a botnet?

a. Infecting Web shopping bots with malware
b. Using Web search bots to infect other computers
c. Causing other people's computers to become "zombie" PCs following a master computer
d. Infecting corporate servers with "zombie" Trojan horses that allow undetected access through a back door

Answer: C

Using numerous computers to inundate and overwhelm the network from numerous launch points is called:

Using numerous computers to inundate and overwhelm the network from numerous launch points is called:

a. spamming.
b. spoofing.
c. DDoS.
d. cybervandalism

Answer: C

A key logger is a type of:

A key logger is a type of:

a. worm.
b. Trojan horse.
c. virus.
d. spyware.

Answer: D

Redirecting a Web link to a different address is a form of:

Redirecting a Web link to a different address is a form of:

a. snooping.
b. spoofing.
c. sniffing.
d. phishing.

Answer: B

In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, a small program called Mitglieder was downloaded to the user's machine. The program enabled outsiders to infiltrate the user's machine. What type of malware is this an example of?

In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, a small program called Mitglieder was downloaded to the user's machine. The program enabled outsiders to infiltrate the user's machine. What type of malware is this an example of?

a. Virus
b. Worm
c. Trojan horse
d. Spyware

Answer: C

An independent computer program that copies itself from one computer to another over a network is called a:

An independent computer program that copies itself from one computer to another over a network is called a:

a. worm.
b. Trojan horse.
c. bug.
d. pest.

Answer: A

The vulnerability inherent in wireless networking is due to:

The vulnerability inherent in wireless networking is due to:

a. use of the SSIDs.
b. the broadcasting nature of wireless transmission media.
c. the lack of robust encryption capabilities.
d. lack of protection against war driving.

Answer: B

Computers linked to the Internet are more vulnerable if they are linked through:

Computers linked to the Internet are more vulnerable if they are linked through:

a. a cable modem.
b. an ISP.
c. a dial-up line.
d. both a and c.

Answer: A

Security challenges specifically faced by corporate servers include:

Security challenges specifically faced by corporate servers include:

a. copying of data, alteration of data, and loss of machine.
b. theft and fraud.
c. computer viruses, line taps, and hacking.
d. tapping, sniffing, and message alteration.

Answer: B

Security challenges posed by the communications between layers in a client/server environment are:

Security challenges posed by the communications between layers in a client/server environment are:

a. line taps and denial of service attacks.
b. tapping, sniffing, and message alteration.
c. computer viruses, line taps, and loss of machine.
d. vandalism, theft and fraud, and line taps.

Answer: B

Automated data are more susceptible to destruction, fraud, error, and misuse because information systems concentrate data in computer files that:

Automated data are more susceptible to destruction, fraud, error, and misuse because information systems concentrate data in computer files that:

a. are usually embedded in legacy systems that are easy to access.
b. are not secure because the technology to secure them did not exist at the time the files were created.
c. have the potential to be accessed by large numbers of people and by groups outside of the organization.
d. are frequently available on the Internet.

Answer: C

Large amounts of data stored in electronic form are _____________ than the same data in manual form.

Large amounts of data stored in electronic form are _____________ than the same data in manual form.

a. less vulnerable to damage
b. more secure
c. vulnerable to many more kinds of threats
d. more critical to most businesses

Answer: C

All of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards refers to:

All of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards refers to:

a. legacy systems.
b. SSID standards.
c. vulnerabilities.
d. controls.

Answer: D

Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems refers to:

Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems refers to:

a. security.
b. controls.
c. benchmarks.
d. algorithms.

Answer: A

What is the most far-reaching effect of identity theft?

What is the most far-reaching effect of identity theft?

a. Corporations implementing more rigorous authentication procedures
b. More governmental control of security standards
c. Lowering of revenues and profits due to public mistrust of e-commerce safety
d. ISPs implementing more active counter-crime techniques

Answer: C

The fact that phishing is growing at an explosive rate indicates that:

The fact that phishing is growing at an explosive rate indicates that:

a. Internet security applications are less able to prevent cyber crime.
b. consumer trust of the Internet is too great.
c. the increasing use of the Internet for online finance is a factor in drawing attention from larger numbers of criminals.
d. consumers need to be educated about phishing and phishing techniques.

Answer: C