In this method of encryption, a single encryption key is sent to the receiver so both sender and receiver share the same key.
a. SSL
b. Symmetric...
A digital certificate system:
A digital certificate system:
a. uses third-party CAs to validate a user's identity.
b. uses digital signatures to validate a user's identity.
c....
Currently, the protocols used for secure information transfer over the Internet are:
Currently, the protocols used for secure information transfer over the Internet are:
a. TCP/IP and SSL.
b. S-HTTP and CA.
c. HTTP and TCP/IP.
d. SSL,...
______ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.
______ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system...
In this technique, network communications are analyzed to see whether packets are part of an ongoing dialogue between a sender and a receiver.
In this technique, network communications are analyzed to see whether packets are part of an ongoing dialogue between a sender and a receiver.
a....
A firewall allows the organization to:
A firewall allows the organization to:
a. enforce a security policy on traffic between its network and the Internet.
b. check the accuracy of all...
Biometric authentication:
Biometric authentication:
a. is inexpensive.
b. is used widely in Europe for security applications.
c. can use a person's face as a unique, measurable...
A token is a(n):
A token is a(n):
a. device the size of a credit card that contains access permission data.
b. type of smart card.
c. gadget that displays passcodes.
d....
Rigorous password systems:
Rigorous password systems:
a. are one of the most effective security tools.
b. may hinder employee productivity.
c. are costly to implement.
d. are...
Smaller firms can outsource security functions to:
Smaller firms can outsource security functions to:
a. MISs.
b. CSOs.
c. MSSPs.
d. CAs.
Answer: ...
Using methods to make computer systems recover more quickly after mishaps is called:
Using methods to make computer systems recover more quickly after mishaps is called:
a. high availability computing.
b. recovery oriented computing.
c....
High-availability computing:
High-availability computing:
a. promises continuous availability.
b. promises the elimination of recovery time.
c. uses online transaction and backup...
Downtime refers to periods of time in which:
Downtime refers to periods of time in which:
a. a computer system is malfunctioning.
b. a computer system is not operational.
c. a corporation is...
Online transaction processing requires:
Online transaction processing requires:
a. more processing time.
b. a large server network.
c. fault-tolerant computer systems.
d. a dedicated phone...
A CSO is a:
A CSO is a:
a. chief security officer.
b. computer security organization.
c. chief systems officer.
d. continuity systems officer.
Answer:...
An analysis of the firm's most critical systems and the impact a system's outage would have on the business is included in a(n):
An analysis of the firm's most critical systems and the impact a system's outage would have on the business is included in a(n):
a. security policy.
b....
Statements ranking information risks are included in a(n):
Statements ranking information risks are included in a(n):
a. security policy.
b. AUP.
c. risk assessment.
d. business impact analysis.
Answer:...
Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n):
Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n):
a. security policy.
b....
What is the key issue in information systems security and control?
What is the key issue in information systems security and control?
a. Appropriate use of security software
b. Intelligent management policies
c. Effective...
Electronic evidence on computer storage media that is not visible to the average user is called:
Electronic evidence on computer storage media that is not visible to the average user is called:
a. defragmented data.
b. ambient data.
c. forensic...
The most common type of electronic evidence is:
The most common type of electronic evidence is:
a. word-processing documents.
b. spreadsheets.
c. instant messages.
d. e-mail.
Answer:...
ISO 17799:
ISO 17799:
a. requires financial institutions to ensure the security of customer data.
b. specifies best practices in information systems security...
The Sarbanes-Oxley Act:
The Sarbanes-Oxley Act:
a. requires financial institutions to ensure the security of customer data.
b. specifies best practices in information systems...
The Health Insurance Portability and Accountability Act (HIPAA) of 1996:
The Health Insurance Portability and Accountability Act (HIPAA) of 1996:
a. requires financial institutions to ensure the security of customer data.
b....
Policies, procedures, and tools for managing the retention, destruction, and storage of electronic records is called:
Policies, procedures, and tools for managing the retention, destruction, and storage of electronic records is called:
a. ERM.
b. ERD.
c. information...
You have been hired as a security consultant for a legal firm. Which of the following constitutes the greatest threat, in terms of security, to the firm?
You have been hired as a security consultant for a legal firm. Which of the following constitutes the greatest threat, in terms of security, to the...
How do software vendors correct flaws in their software after it has been distributed?
How do software vendors correct flaws in their software after it has been distributed?
a. Issue bug fixes.
b. Issue patches.
c. Re-release software.
d....
Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is referred to as:
Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is referred to as:
a. sniffing.
b. social engineering.
c....
Evil twins are:
Evil twins are:
a. Trojan horses that appears to the user to be a legitimate commercial software application.
b. e-mail messages that mimic the e-mail...
Pharming involves:
Pharming involves:
a. redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.
b. pretending...
Phishing involves:
Phishing involves:
a. redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.
b. pretending...
Which of the following is an example of a computer used as an instrument of crime?
Which of the following is an example of a computer used as an instrument of crime?
a. Knowingly accessing a protected computer to commit fraud
b....
The approach taken by Akamai Technologies when it discovered its servers were under attack illustrates that:
The approach taken by Akamai Technologies when it discovered its servers were under attack illustrates that:
a. enforcing security is a complex endeavor...
Which of the following offers the greatest protection against bot attacks?
Which of the following offers the greatest protection against bot attacks?
a. Securing the network properly
b. Alerting employees to virus threats
c....
How do hackers create a botnet?
How do hackers create a botnet?
a. Infecting Web shopping bots with malware
b. Using Web search bots to infect other computers
c. Causing other people's...
Using numerous computers to inundate and overwhelm the network from numerous launch points is called:
Using numerous computers to inundate and overwhelm the network from numerous launch points is called:
a. spamming.
b. spoofing.
c. DDoS.
d. cybervandalism
Answer:...
A key logger is a type of:
A key logger is a type of:
a. worm.
b. Trojan horse.
c. virus.
d. spyware.
Answer: ...
Redirecting a Web link to a different address is a form of:
Redirecting a Web link to a different address is a form of:
a. snooping.
b. spoofing.
c. sniffing.
d. phishing.
Answer: ...
In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, a small program called Mitglieder was downloaded to the user's machine. The program enabled outsiders to infiltrate the user's machine. What type of malware is this an example of?
In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, a small program called Mitglieder was downloaded...
An independent computer program that copies itself from one computer to another over a network is called a:
An independent computer program that copies itself from one computer to another over a network is called a:
a. worm.
b. Trojan horse.
c. bug.
d. pest.
Answer:...
The vulnerability inherent in wireless networking is due to:
The vulnerability inherent in wireless networking is due to:
a. use of the SSIDs.
b. the broadcasting nature of wireless transmission media.
c. the...
Computers linked to the Internet are more vulnerable if they are linked through:
Computers linked to the Internet are more vulnerable if they are linked through:
a. a cable modem.
b. an ISP.
c. a dial-up line.
d. both a and c.
Answer:...
Security challenges specifically faced by corporate servers include:
Security challenges specifically faced by corporate servers include:
a. copying of data, alteration of data, and loss of machine.
b. theft and fraud.
c....
Security challenges posed by the communications between layers in a client/server environment are:
Security challenges posed by the communications between layers in a client/server environment are:
a. line taps and denial of service attacks.
b....
Automated data are more susceptible to destruction, fraud, error, and misuse because information systems concentrate data in computer files that:
Automated data are more susceptible to destruction, fraud, error, and misuse because information systems concentrate data in computer files that:
a....
Large amounts of data stored in electronic form are _____________ than the same data in manual form.
Large amounts of data stored in electronic form are _____________ than the same data in manual form.
a. less vulnerable to damage
b. more secure
c....
All of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its accounting records, and operational adherence to management standards refers to:
All of the methods, policies, and organizational procedures that ensure the safety of the organization's assets, the accuracy and reliability of its...
Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems refers to:
Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems refers...
What is the most far-reaching effect of identity theft?
What is the most far-reaching effect of identity theft?
a. Corporations implementing more rigorous authentication procedures
b. More governmental...
The fact that phishing is growing at an explosive rate indicates that:
The fact that phishing is growing at an explosive rate indicates that:
a. Internet security applications are less able to prevent cyber crime.
b....
Subscribe to:
Posts (Atom)