Ch.4 Ethics + Information Security Mis + Verified Test Bank - M Information Systems 5th Edition | Test Bank with Answer Key by Paige Baltzan by Paige Baltzan. DOCX document preview.
M: Information Systems, 5e (Baltzan)
Chapter 4 Ethics + Information Security: MIS Business Concerns
1) Ethics and security are two fundamental building blocks for all organizations.
2) Privacy is the legal protection afforded an expression of an idea, such as a song, book, or video game.
3) Information governance is a method or system of government for information management or control.
4) Confidentiality is the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent.
5) Digital rights management is a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution.
6) The Child Online Protection Act was passed to protect minors from accessing inappropriate material on the Internet.
7) Counterfeit software is the unauthorized use, duplication, distribution, or sale of copyrighted software.
8) Pirated software is software that is manufactured to look like the real thing and sold as such.
9) A patent is the legal protection afforded an expression of an idea, such as a song, book, or video game.
10) Intellectual property is intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents.
11) Copyright is an exclusive right to make, use, and sell an invention and is granted by a government to the inventor.
12) Rule 41 is the part of the United States Federal Rules of Criminal Procedure that covers the search and seizure of physical and digital evidence.
13) Information management examines the organizational resource of information and regulates its definitions, uses, value, and distribution ensuring it has the types of data/information required to function and grow effectively.
14) Information compliance is the act of conforming, acquiescing, or yielding information.
15) Information property is an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged.
16) Information secrecy is an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged.
17) Information secrecy is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity.
18) Information property is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity.
19) Epolicies are policies and procedures that address information management along with the ethical use of computers and the Internet in the business environment.
20) An acceptable use policy (AUP) requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet.
21) Companies do not need a privacy policy for email because an employee's work email is private and cannot be viewed by the company.
22) A social media policy outlines the corporate guidelines or principles governing employee online communications.
23) An ethical computer use policy contains general principles to guide computer user behavior.
24) Employee monitoring policies explicitly state how, when, and where the company monitors its employees.
25) Workplace MIS monitoring tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed.
26) Cybervandalism is the electronic defacing of an existing website.
27) Cybervandalism is a problem that occurs when someone registers purposely misspelled variations of well-known domain names.
28) Website name stealing is the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website to another website owner.
29) Internet governance is government attempts to control Internet traffic, thus preventing some material from being viewed by a country's citizens.
30) Cybervandalism includes threats, negative remarks, or defamatory comments transmitted via the Internet or posted on the website.
31) Bring your own device is a policy that allows employees to use their personal mobile devices and computers to access enterprise data and applications.
32) Fair information practices are policies that allows employees to use their personal mobile devices and computers to access enterprise data and applications.
33) Fair information practices is a general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy.
34) Bring your own devices is a general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy.
35) BYOD policies offer four basic options, including unlimited access for personal devices, access only to nonsensitive systems and data, access, but with IT control over personal devices, apps, and stored data, access, but preventing local storage of data on personal devices.
36) Different organizations and countries have their own terms for privacy concerns. The United Kingdom terms it "Data Protection," and the European Union calls it "Personal Data Privacy"; the Organization for Economic Co-operation and Development (OECD) has written Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.
37) Teergrubing is an antispamming approach where the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam.
38) Click-fraud is the abuse of pay-per-click, pay-per-call, and pay-per-conversion revenue models by repeatedly clicking on a link to increase charges or costs for the advertiser.
39) Competitive click-fraud is a computer crime where a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking on the advertiser's link.
40) A user can opt out of receiving emails by choosing to deny permission to incoming emails.
41) A user can opt in to receive emails by choosing to allow permissions to incoming emails.
42) A user can opt in of receiving emails by choosing to deny permission to incoming emails.
43) A user can opt out to receive emails by choosing to allow permissions to incoming emails.
44) Social media monitoring is the process of monitoring and responding to what is being said about a company, individual, product, or brand.
45) A social media manager is a person within the organization who is trusted to monitor, contribute, filter, and guide the social media presence of a company, individual, product, or brand.
46) A social media manager refers to the process of monitoring and responding to what is being said about a company, individual, product, or brand.
47) Cyberbulling is a person within the organization who is trusted to monitor, contribute, filter, and guide the social media presence of a company, individual, product, or brand.
48) Cyberbulling is an act or object that poses a danger to assets.
49) Spyware is software that, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user.
50) The Trojan-horse virus hides inside other software, usually as an attachment or a downloadable file.
51) Information security is a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization.
52) Two of the common forms of viruses discussed in the book include the Trojan-horse virus and the acceptance-of-service attack.
53) A hacker weapon called a splog (spam blog) is a fake blog created solely to raise the search engine rank of affiliated websites.
54) Information security is a high priority for protection of the company's information and it is critical to implement an information security procedure to combat misuse of this information.
55) Smoking areas are targeted by hackers as they regularly use smoking entrances to gain building access where they pose as employees to gain access to the company network.
56) Downtime refers to a period of time when a system is unavailable and unplanned downtime can strike at any time for various reasons.
57) Drive-by hacking is a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network.
58) White-hat hackers break into other people's computer systems and may just look around or may steal and destroy information.
59) Black-hat hackers work at the request of the system owners to find system vulnerabilities and plug the holes.
60) Ransomware is a form of malicious software that infects your computer and asks for money.
61) Simplelocker is a new ransomware program that encrypts your personal files and demands payment for the files' decryption keys.
62) A worm is a form of malicious software that infects your computer and asks for money.
63) A worm spreads itself not only from file to file but also from computer to computer.
64) Script-kiddies have criminal intent when hacking.
65) Cyberterrorists seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction.
66) White-hat hackers have philosophical and political reasons for breaking into systems and will often deface the website as a protest.
67) Script kiddies or script bunnies find hacking code on the Internet and click-and-point their way into systems to cause damage or spread viruses.
68) A worm spreads itself, not only from file to file, but also from computer to computer. The primary difference between a virus and a worm is that a virus must attach to something, such as an executable file, to spread. Worms do not need to attach to anything to spread and can tunnel themselves into computers.
69) Backdoor programs change their form as they propagate.
70) Backdoor programs open a way into the network for future attacks.
71) Denial-of-service attack (DoS) floods a website with so many requests for service that it slows down or crashes the site.
72) Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident are called insiders.
73) Insiders are illegitimate users who purposely or accidentally misuse their access to the environment to do business.
74) Information security policies detail how an organization will implement the information security plan.
75) Dumpster diving is another security breach for companies and is where people not associated with the company jump into the company's outside garbage bins and try to gather and steal any valuable company products they can resell on eBay.
76) Organizations address security risks through two lines of defense. The first is people and the second is technology.
77) Pretexting is a form of social engineering in which one individual lies to obtain confidential data about another individual.
78) Ransomware is a form of social engineering in which one individual lies to obtain confidential data about another individual.
79) Through social engineering, hackers use their social skills to trick people into revealing access credentials or other valuable information.
80) Through pretexting, hackers use their social skills to trick people into revealing access credentials or other valuable information.
81) The three primary information security areas are 1) authentication and authorization, 2) policies and rewards, and 3) detection and response.
82) Tokens are small electronic devices that change user passwords automatically.
83) The technique to gain personal information for the purpose of identity theft, often through fraudulent emails that look as though they came from legitimate businesses, is called phishing.
84) A process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space is called authentication.
85) One of the most ineffective ways to set up authentication techniques is by setting up user ID's and passwords.
86) Biometrics is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting.
87) A firewall scrambles information into an alternative form that requires a key or password to decrypt.
88) Identity theft is the forging of someone's identity for the purpose of fraud.
89) Identity theft is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity.
90) Phishing expedition is a masquerading attack that combines spam with spoofing. The perpetrator sends millions of spam emails that appear to be from a respectable company. The emails contain a link to a website that is designed to look exactly like the company's website. The victim is encouraged to enter his or her username, password, and sometimes credit card information.
91) Spear phishing is a phishing expedition in which the emails are carefully designed to target a particular person or organization.
92) Spear phishing is a phone scam that attempts to defraud people by asking them to call a bogus telephone number to "confirm" their account information.
93) Phishing reroutes requests for legitimate websites to false websites.
94) A zombie is a program that secretly takes over another computer for the purpose of launching attacks on other computers.
95) A zombie farm is a group of computers on which a hacker has planted zombie programs.
96) A pharming attack uses a zombie farm, often by an organized crime association, to launch a massive phishing attack.
97) Worms are computer viruses that wait for a specific date before executing their instructions.
98) Decrypt information is to decode it and is the opposite of encrypt.
99) Cryptography is the science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them.
100) A certificate authority is a trusted third party, such as VeriSign, that validates user identities by means of digital certificates.
101) A certificate authority is a data file that identifies individuals or organizations online and is comparable to a digital signature.
102) A voiceprint is a data file that identifies individuals or organizations online and is comparable to a digital signature.
103) A voiceprint is a set of measurable characteristics of a human voice that uniquely identifies an individual. These characteristics, which are based on the physical configuration of a speaker's mouth and throat, can be expressed as a mathematical formula. Unfortunately, biometric authentication such as voiceprints can be costly and intrusive.
104) Single-factor authentication is the traditional security process, which requires a user name and password.
105) Two-factor authentication requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token).
106) Multifactor authentication requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification).
107) Multi-factor authentication is the traditional security process, which requires a user name and password.
108) Single-factor authentication requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification).
109) Single-factor authentication requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token).
110) The goal of multifactor authentication is to make it difficult for an unauthorized person to gain access to a system because, if one security level is broken, the attacker will still have to break through additional levels.
111) Which of the following represents the two fundamental building blocks that protect organizational information?
A) security and sales
B) human resources and security
C) ethics and security
D) ethics and technology
112) What is the legal protection afforded an expression of an idea, such as a song, book, or video game?
A) privacy
B) confidentiality
C) intellectual property
D) copyright
113) What is the intangible creative work that is embodied in physical form and includes trademarks and patents?
A) intellectual software
B) intellectual property
C) trademark property
D) ethical property
114) Trust between companies, customers, partners, and suppliers is the support structure of which of the following?
A) ebusiness
B) eharmony
C) esoftware
D) epolicies
115) In relation to privacy, which of the following is the assurance that messages and information remain available only to those authorized to view them?
A) contentment
B) ethical standard
C) confidentiality
D) firewall security
116) Which of the following key terms represents the principles and standards that guide our behavior toward other people?
A) ethics
B) intellectual property
C) standards of living
D) security
117) What is the difference between pirated and counterfeit software?
A) Counterfeit is fake technology products, where pirated is invisible technological cameras placed online.
B) Pirated is the unauthorized use, duplication, distribution, or sale of copyrighted software, where counterfeit is software that is manufactured to look like the real thing and sold as such.
C) Counterfeit is the unauthorized use, duplication, distribution, or sale of copyrighted software, where pirated is software that is manufactured to look like the real thing and sold as such.
D) Pirated is stolen software used to hack into a company's classified material, where counterfeit is a fake version of firewall software.
118) Which of the following governs the ethical and moral issues arising from the development and use of information technologies, and the creation, collection, duplication, distribution, and processing of information?
A) ethical information
B) information technology
C) information policies
D) information ethics
119) Which of the following means the right to be left alone when you want to be, to have control over your personal possessions, and not to be observed without your consent?
A) safety
B) ethical standard
C) privacy
D) confidentiality
120) Determining what is ethical can sometimes be difficult because certain actions can be justified or condemned depending on how you view the relationship between
A) legal and confidential.
B) legal and ethical.
C) legal and technical.
D) confidential and open.
121) What is a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution?
A) digital rights management
B) counterfeit software
C) privacy
D) pirated software
122) Which of the following examines the organizational resource of information and regulates its definitions, uses, value, and distribution ensuring it has the types of data or information required to function, and grow effectively?
A) information code
B) information technology
C) information management
D) information governance
123) Sophie Black works as a computer programmer for a software company. Her boss, Mike Jones, is responsible for developing a new software game for the Wii. After completion of the project Mike gives all of the team members a free copy of the game without consent from the company. Sophie is a little hesitant and unsure about accepting the game because legally it would be considered
A) counterfeit software.
B) pirated software.
C) ethical software.
D) governance software.
124) What is the method or system of government for information management or control?
A) information management
B) information compliance
C) information governance
D) information secrecy
125) What is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity?
A) information management
B) information compliance
C) information secrecy
D) information ethics
126) Which of the below represents the definition of information property?
A) an ethical issue that focuses on who owns information about individuals and how information can be sold and exchanged
B) a method or system of government for information management or control
C) the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity
D) examines the organizational resource of information and regulates its definitions, uses, values, and distribution, ensuring that it has the types of data/information required to function and grow effectively
127) Which of the below represents the definition of information governance?
A) the act of conforming, acquiescing, or yielding information
B) a method or system of government for information management or control
C) the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity
D) examines the organizational resource of information and regulates its definitions, uses, values, and distribution, ensuring that it has the types of data/information required to function and grow effectively
128) Which of the below represents the definition of information secrecy?
A) the act of conforming, acquiescing, or yielding information
B) a method or system of government for information management or control
C) the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity
D) examines the organizational resource of information and regulates its definitions, uses, values, and distribution, ensuring that it has the types of data/information required to function and grow effectively
129) Which of the below represents the definition of information management?
A) the act of conforming, acquiescing, or yielding information
B) a method or system of government for information management or control
C) information secrecy is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity
D) examines the organizational resource of information and regulates its definitions, uses, values, and distribution, ensuring that it has the types of data/information required to function and grow effectively
130) Which of the below represents the definition of information compliance?
A) the act of conforming, acquiescing, or yielding information
B) a method or system of government for information management or control
C) information secrecy is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity
D) examines the organizational resource of information and regulates its definitions, uses, values, and distribution, ensuring that it has the types of data/information required to function and grow effectively
131) Which of the below represents the definition of information compliance?
A) the act of conforming, acquiescing, or yielding information
B) the ability to comply with software
C) the understanding of technology
D) the verbalization of information governance in a company's policies and procedures
132) Which of the following is served as key evidence in many legal cases today and also provides a faster, easier way to search and organize paper documents?
A) confidentiality
B) digital information
C) privacy policies
D) information ethics
133) Which of the following refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or an information inquiry?
A) eauthorization
B) emanagement
C) ediscovery
D) epolicies
134) In the information technology world, which of the following are examples of ethical issues that a company may have to manage?
A) employees copying and distributing company owned software
B) employees searching other employee's private information without consent
C) employees intentionally creating or spreading viruses to confuse IT
D) all of these
135) As the president of a local trade company, Kristin is faced with leadership, ethical, and operational decisions on a daily basis. Kristen's responsibilities include examining the organizational resource of information and regulating its definitions, uses, value, and distribution ensuring it has the types of information required to function and grow effectively. What is Kristin overseeing for the company?
A) information codes
B) information management
C) information deployment
D) information security
136) When studying the figure of the four quadrants of ethical and legal behavior, the goal is for organizations to make decisions in which of the following quadrants?
A) quadrant IV
B) quadrants I and III
C) quadrant I
D) quadrant III
137) Which of the following is included in the four quadrants of ethical and legal behavior?
A) legal behavior and ethical behavior
B) illegal behavior and ethical behavior
C) legal behavior and unethical behavior
D) all of these
138) What is intangible creative work that is embodied in physical form and includes copyrights, trademarks, and patents?
A) ethics
B) intellectual property
C) privacy
D) confidentiality
139) Which of the following describes privacy?
A) the assurance that messages and data are available only to those who are authorized to view them
B) policies and procedures that address the ethical use of computers and Internet usage in the business environment
C) the right to be left alone when you want to be, to have control over your own personal possessions, and to not be observed without your consent
D) the principles and standards that guide our behavior toward other people
140) Which of the following is an example of acting ethically?
A) individuals copy, use, and distribute software
B) employees search organizational databases for sensitive corporate and personal information
C) individuals hack into computer systems to steal proprietary information
D) none of these offers an example of acting ethically
141) Which of the following describes confidentiality?
A) the assurance that messages and information are available only to those who are authorized to view them
B) policies and procedures that address the ethical use of computers and Internet usage in the business environment
C) the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent
D) the principles and standards that guide our behavior toward other people
142) What refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry?
A) ediscovery
B) Child Online Protection Act
C) digital rights management
D) pirated software
143) What passed to protect minors from accessing inappropriate material on the Internet?
A) ediscovery
B) Child Online Protection Act
C) digital rights management
D) pirated software
144) What is a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution?
A) ediscovery
B) Child Online Protection Act
C) digital rights management
D) pirated software
145) What is the unauthorized use, duplication, distribution, or sale of copyrighted software?
A) ediscovery
B) Child Online Protection Act
C) digital rights management
D) pirated software
146) What is ediscovery?
A) the unauthorized use, duplication, distribution, or sale of copyrighted software
B) refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry
C) passed to protect minors from accessing inappropriate material on the Internet
D) a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution
147) What is the Child Online Protection Act?
A) the unauthorized use, duplication, distribution, or sale of copyrighted software
B) refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry
C) passed to protect minors from accessing inappropriate material on the Internet
D) a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution
148) What is digital rights management?
A) the unauthorized use, duplication, distribution, or sale of copyrighted software
B) refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry
C) passed to protect minors from accessing inappropriate material on the Internet
D) a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution
149) What is pirated software?
A) the unauthorized use, duplication, distribution, or sale of copyrighted software
B) refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry
C) passed to protect minors from accessing inappropriate material on the Internet
D) a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution
150) What are policies and procedures that address information management along with the ethical use of computers and the Internet in the business environment?
A) information systems policy
B) epolicies
C) technology applied policy
D) emastery
151) Which of the below is not one of the six epolicies that a company should implement for information protection as discussed in the text?
A) information privacy policy
B) workplace monitoring policy
C) acceptable use policy
D) downtime monitoring policy
152) Which of the following contains general principles to guide computer user behavior?
A) information technology code
B) technology policy
C) ethical computer use policy
D) information systems
153) Which of the following clauses is typically contained in an acceptable use policy?
A) a nonrepudiation clause
B) a repudiation clause
C) a confidentiality clause
D) an employee use clause
154) Which of the below would not be found in a typical acceptable use policy?
A) not using the service as part of violating any law
B) not posting commercial messages to groups where the employee has received user consent
C) not performing any nonrepudiation
D) not attempting to break the security of any computer network
155) Which of the following terms refers to a contractual stipulation to ensure that ebusiness participants do not deny their online actions?
A) compliance
B) noncommittal
C) nonrepudiation
D) erepudiation
156) According to the ethical computer use policy, users should be ________ of the rules and, by agreeing to use the system on that basis, ________ to abide by the rules.
A) informed; collaborate
B) consent; informed
C) informed; consent
D) consent; information
157) Which of the following policies states that users agree to follow it in order to be given access to corporate email, information systems, and the Internet?
A) acceptable use policy
B) social media policy
C) information privacy policy
D) email privacy policy
158) Which of the following is not considered an epolicy?
A) acceptable use policy
B) internet use policy
C) ethical computer use policy
D) anti-hacker use policy
159) Which policy contains general principles regarding information privacy?
A) information privacy policy
B) acceptable use policy
C) internet use policy
D) anti-Spam policy
160) Which of the following represents the classic example of unintentional information reuse?
A) phone number
B) Social Security number
C) address
D) driver's license number
161) What is one of the guidelines an organization can follow when creating an information privacy policy?
A) adoption and implementation of an anti-spam policy
B) notice and disclosure
C) choice and quality
D) none of these
162) What is one of the major problems with email?
A) intellectual property
B) nonrepudiation
C) user's expectation of privacy
D) none of these
163) If an organization implemented only one policy, which one would it want to implement?
A) information privacy policy
B) acceptable use policy
C) Internet use policy
D) ethical computer use policy
164) Jackie is the head teller at ABC Bank and her responsibilities include overseeing and managing the tellers, resolving customer issues, and developing and implementing systems for an optimal and efficient team. She notices a steady increase in customer complaints and tracks back to find that the complaints started right around the time ABC Bank provided Internet access to all employees. Jackie watched the tellers closely and found that they were spending significant amounts of time playing Internet games and posting on Facebook. Which policy should the company implement to help eliminate this problem?
A) an information privacy policy
B) an email privacy policy
C) an Internet use policy
D) a workplace monitoring policy
165) Which of the below would you find in a typical Internet use policy?
A) user ramifications if the policy is violated
B) user responsibility for properly handling offensive material
C) user responsibility for protecting the company's good name
D) all of these
166) Which of the following policies details the extent to which email messages may be read by others?
A) email privacy policy
B) email confidential policy
C) anti-spam policy
D) spam policy
167) Employees need to understand that email privacy exists to an extent and that corporate email is solely owned by
A) the individual user.
B) the company.
C) the human resources department.
D) the individual user's department.
168) Which of the below should be included in a company email privacy policy?
A) defines legitimate email users and explains what happens to accounts after a person leaves the organization
B) discourages sending junk email or spam to anyone who doesn't want to receive it
C) informs users that the organization has no control over email once it has been transmitted outside the organization
D) all of these
169) What sends massive amounts of email to a specific person or system that can cause that user's server to stop functioning?
A) mail bomb
B) spam
C) intellectual spam
D) junk mail
170) What is unsolicited email that plagues employees at all levels and clogs email systems?
A) spyware
B) spam
C) adware
D) none of these
171) What kind of policy can a company implement that can help diminish the activity of sending unsolicited email?
A) email privacy policy
B) spam policy and procedures
C) anti-spam policy
D) Internet user policy
172) To find out your company policy regarding such websites as YouTube, Facebook, and Twitter you would have to refer to the ________ policy.
A) Internet use policy
B) social media policy
C) information use policy
D) employee monitoring policy
173) Social media can be a very valuable tool for a company if used properly. Which of the following represents social media uses for a company?
A) building a strong brand identity
B) protecting the company reputation through counter-damage control
C) engaging directly with customers and prospective customers
D) all of these
174) Which policy can protect a company's brand identity and outlines the corporate principles governing employee online communication?
A) an Internet workplace policy
B) a social media policy
C) a technology information policy
D) a YouTube policy
175) With so much information and moving parts within a company, technology has made it possible for employers to monitor many aspects of employee jobs and duties. What is a system that can track employee's activities by measures as keystrokes, error rate, and number of transaction processed?
A) anti-spam system
B) information intelligence system
C) workplace MIS monitoring
D) company technology monitoring
176) Which of the below is a common Internet monitoring technology?
A) key logger
B) hardware key logger
C) cookie
D) all of these
177) What is an Internet monitoring technique that captures keystrokes on their journey from the keyboard to the motherboard?
A) spyware
B) web log
C) adware
D) hardware key logger
178) What type of Internet monitoring technique records information about a customer during a web surfing session such as what websites were visited and how long the visit was, what ads were viewed, and what was purchased?
A) key logger
B) stealthware
C) clickstream
D) web log
179) Which of the below is not included as a common stipulation an organization would follow when creating an employee monitoring policy?
A) Be as specific as possible stating when and what will be monitored.
B) Do not state the consequences of violating the policy.
C) Always enforce the policy the same for everyone.
D) Expressly communicate that the company reserves the right to monitor all employees.
180) What is a mail bomb?
A) sending a massive amount of email to a specific person or system resulting in filling up the recipient's disk space
B) a contractual stipulation to ensure that ebusiness participants do not deny their online actions
C) sending a few emails to a specific person or system resulting in filling up the recipient's disk space
D) a contractual stipulation to ensure that ebusiness participants deny their online actions
181) Which policy details the extent to which email messages may be read by others?
A) acceptable use policy
B) email privacy policy
C) Internet use policy
D) all of these
182) Which of the following describes workplace MIS monitoring?
A) tracking people's activities by such measures as number of keystrokes
B) tracking people's activities by such measures as error rate
C) tracking people's activities by such measures as number of transactions processed
D) all of these
183) What is a program that, when installed on a computer, records every keystroke and mouse click?
A) key logger software
B) spyware
C) cookie
D) adware
184) What is a small file deposited on a hard drive by a website containing information about customers and their Web activities?
A) key logger
B) hardware key logger
C) cookie
D) adware
185) What includes threats, negative remarks, or defamatory comments transmitted via the Internet or posted on the website?
A) cyberbulling
B) information vandalism
C) cookie
D) BYOD
186) What is the electronic defacing of an existing website?
A) information bullying
B) cybervandalism
C) cookie
D) BYOD
187) What includes threats, negative remarks, or defamatory comments transmitted via the Internet or posted on the website?
A) cyberbulling
B) cybervandalism
C) click-fraud
D) competitive click-fraud
188) What is the electronic defacing of an existing website?
A) cyberbulling
B) cybervandalism
C) click-fraud
D) competitive click-fraud
189) What is a general term for a set of standards governing the collection and use of personal data and addressing issues of privacy and accuracy?
A) cyberbulling
B) fair information practices
C) click-fraud
D) bring your own device
190) What is a policy that allows employees to use their personal mobile devices and computers to access enterprise data and applications?
A) cyberbulling
B) fair information practices
C) click-fraud
D) bring your own device
191) Which of the following is one of the four basic options included in a bring your own device policy?
A) unlimited access for personal devices
B) access only to nonsensitive systems and data
C) access, but preventing local storage of data on personal devices
D) all of these
192) Different organizations and countries have their own terms for fair information practices. Which of the following is correct?
A) The United Kingdom terms it "Data Protection."
B) The European Union terms it "Data Protection."
C) The United Kingdom terms it "Personal Data Privacy."
D) The United States terms it "Personal Data Privacy."
193) What refers to denying permissions to incoming emails?
A) opt out
B) opt in
C) BYOD
D) nonrepudiation
194) What refers to choosing to allow permissions to incoming emails?
A) opt out
B) opt in
C) BYOD
D) nonrepudiation
195) What is the process of monitoring and responding to what is being said about a company, individual, product, or brand?
A) social media monitoring
B) social media manager
C) social media policy
D) anti-spam policy
196) Who is a person within the organization who is trusted to monitor, contribute, filter, and guide the social media presence of a company, individual, product, or brand?
A) social media monitoring
B) social media manager
C) social media policy
D) information privacy manager
197) What outlines the corporate guidelines or principles governing employee online communications?
A) social media monitoring
B) social media manager
C) social media policy
D) information privacy manager
198) What is the abuse of pay-per-click, pay-per-call, and pay-per-conversion revenue models by repeatedly clicking on a link to increase charges or costs for the advertiser?
A) cyberbulling
B) cybervandalism
C) click-fraud
D) competitive click-fraud
199) What is a computer crime where a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking on the advertiser's link?
A) cyberbulling
B) cybervandalism
C) click-fraud
D) competitive click-fraud
200) What is an act or object that poses a danger to assets?
A) cyberbulling
B) threat
C) click-fraud
D) competitive click-fraud
201) What is cybervandalism?
A) the electronic defacing of an existing website
B) the abuse of pay-per-click, pay-per-call, and pay-per-conversion revenue models by repeatedly clicking on a link to increase charges or costs for the advertiser
C) a computer crime where a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking on the advertiser's link
D) an act or object that poses a danger to assets
202) What is click-fraud?
A) the electronic defacing of an existing website
B) the abuse of pay-per-click, pay-per-call, and pay-per-conversion revenue models by repeatedly clicking on a link to increase charges or costs for the advertiser
C) a computer crime where a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking on the advertiser's link
D) an act or object that poses a danger to assets
203) What is competitive click-fraud?
A) the electronic defacing of an existing website
B) the abuse of pay-per-click, pay-per-call, and pay-per-conversion revenue models by repeatedly clicking on a link to increase charges or costs for the advertiser
C) a computer crime where a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking on the advertiser's link
D) an act or object that poses a danger to assets
204) What is a threat?
A) the electronic defacing of an existing website
B) the abuse of pay-per-click, pay-per-call, and pay-per-conversion revenue models by repeatedly clicking on a link to increase charges or costs for the advertiser
C) a computer crime where a competitor or disgruntled employee increases a company's search advertising costs by repeatedly clicking on the advertiser's link
D) an act or object that poses a danger to assets
205) What is a problem that occurs when someone registers purposely misspelled variations of well-known domain names?
A) typosquatting
B) website name stealing
C) Internet censorship
D) teergrubing
206) What is the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website to another website owner?
A) typosquatting
B) website name stealing
C) Internet censorship
D) teergrubing
207) What is government attempts to control Internet traffic, thus preventing some material from being viewed by a country's citizens?
A) typosquatting
B) website name stealing
C) Internet censorship
D) teergrubing
208) What is an antispamming approach where the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam?
A) typosquatting
B) website name stealing
C) Internet censorship
D) teergrubing
209) What occurs when a person chooses to deny permission to incoming emails?
A) opt out
B) website name stealing
C) Internet censorship
D) teergrubing
210) Which of the following definitions represents typosquatting?
A) a problem that occurs when someone registers purposely misspelled variations of well-known domain names
B) the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website to another website owner
C) government attempts to control Internet traffic, thus preventing some material from being viewed by a country's citizens
D) an antispamming approach where the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam
211) Which of the following definitions represents website name stealing?
A) a problem that occurs when someone registers purposely misspelled variations of well-known domain names
B) the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website to another website owner
C) government attempts to control Internet traffic, thus preventing some material from being viewed by a country's citizens
D) an antispamming approach where the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam
212) Which of the following definitions represents Internet censorship?
A) a problem that occurs when someone registers purposely misspelled variations of well-known domain names
B) the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website to another website owner
C) government attempts to control Internet traffic, thus preventing some material from being viewed by a country's citizens
D) an antispamming approach where the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam
213) Which of the following definitions represents teergrubing?
A) a problem that occurs when someone registers purposely misspelled variations of well-known domain names
B) the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website to another website owner
C) government attempts to control Internet traffic, thus preventing some material from being viewed by a country's citizens
D) an antispamming approach where the receiving computer launches a return attack against the spammer, sending email messages back to the computer that originated the suspected spam
214) Which of the following definitions represents opt out?
A) a problem that occurs when someone registers purposely misspelled variations of well-known domain names
B) the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website to another website owner
C) choosing to allow permission to incoming emails
D) choosing to deny permission to incoming emails
215) Which of the following definitions represents opt in?
A) a problem that occurs when someone registers purposely misspelled variations of well-known domain names
B) the theft of a website's name that occurs when someone, posing as a site's administrator, changes the ownership of the domain name assigned to the website to another website owner
C) choosing to allow permission to incoming emails
D) choosing to deny permission to incoming emails
216) Which of the following definitions represents physical security?
A) a problem that occurs when someone registers purposely misspelled variations of well-known domain names
B) tangible protection such as alarms, guards, fireproof doors, fences, and vaults
C) government attempts to control Internet traffic, thus preventing some material from being viewed by a country's citizens
D) choosing to deny permission to incoming emails
217) Which of the following refers to a period of time when a system is unavailable?
A) downtime
B) MIS down
C) direct data loss
D) downtown
218) Which of the following is not an example of unplanned downtime?
A) power outages
B) tornados
C) a system upgrade
D) network failure
219) Which of the following is a cost of downtime in addition to lost revenue?
A) legal expenses
B) loss in financial performance
C) damage to reputation
D) all of these
220) A company should be able to calculate the cost of downtime by which of the following?
A) per hour, per day, and per week
B) per employee, per computer, and per company
C) per stock, per stockholder, and per investment capital
D) none of these
221) Which quadrant in the cost of downtime includes equipment rental, overtime costs, and travel expenses?
A) fiscal responsibility
B) damaged reputation
C) other expenses
D) regeneration quadrant
222) Jensen is a senior developer for HackersRUs, a company that helps secure management information systems. Jensen's new task is to break into the computer system of one of HackersRUs' top clients to identify system vulnerabilities and plug the holes. What type of hacker is Jensen?
A) cracker
B) white-hat hacker
C) script bunnies
D) black-hat hacker
223) Which of the below defines information security?
A) a broad term encompassing the protection of information
B) protects information from accidental misuse
C) protects information from intentional misuse
D) all of these
224) What are experts in technology who use their knowledge to break into computers and networks for profit, or just as a challenge, known as?
A) elevation of privilege
B) virus
C) hacker
D) worm
225) What is a hacker who breaks into other people's computer systems and may just look around or steal and destroy information?
A) script kiddies
B) black-hat hacker
C) white-hat hacker
D) cracker
226) Which of the following is the correct list of the six different types of hackers listed in your text?
A) black-hat, cracker, cyberterrorist, hactivist, script kiddies, and white-hat hackers
B) black-top, cookie, script kids, environment, Web 3.0, and white-top hackers
C) black-hat, script kiddies, script bats, spider crawlers, ad spiders, and white-hat hackers
D) none of these
227) What is software written with malicious intent to cause annoyance or damage?
A) elevation of privilege
B) spoofing
C) sniffer
D) virus
228) What includes a variety of threats such as viruses, worms, and Trojan horses?
A) malicious code
B) hoaxes
C) spoofing
D) sniffer
229) What is the forging of the return address on an email so that the email message appears to come from someone other than the actual sender?
A) malicious code
B) hoaxes
C) spoofing
D) sniffer
230) What is a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission?
A) sniffer
B) spyware
C) spoofware
D) splog
231) What is a new ransomware program that encrypts your personal files and demands payment for the files' decryption keys?
A) sniffer
B) spyware
C) spoofware
D) simplelocker
232) What is a form of malicious software that infects your computer and asks for money?
A) sniffer
B) spyware
C) spoofware
D) ransomware
233) What is ransomware?
A) a form of malicious software that infects your computer and asks for money
B) a new ransomware program that encrypts your personal files and demands payment for the file's decryption keys
C) software that allows Internet advertisers to display advertisements without the consent of the computer user
D) a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission
234) What is simplelocker?
A) a form of malicious software that infects your computer and asks for money
B) a new ransomware program that encrypts your personal files and demands payment for the file's decryption keys
C) software that allows Internet advertisers to display advertisements without the consent of the computer user
D) a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission
235) What is adware?
A) a form of malicious software that infects your computer and asks for money
B) a new ransomware program that encrypts your personal files and demands payment for the file's decryption keys
C) software that allows Internet advertisers to display advertisements without the consent of the computer user
D) a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission
236) What is spyware?
A) a form of malicious software that infects your computer and asks for money
B) a new ransomware program that encrypts your personal files and demands payment for the file's decryption keys
C) software that allows Internet advertisers to display advertisements without the consent of the computer user
D) a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission
237) What is the primary difference between a worm and a virus?
A) A worm must attach to something to spread, where a virus does not need to attach to anything to spread and can tunnel itself into the computer.
B) A virus is copied and spread by a person, where a worm takes a string of tag words and deletes websites.
C) A virus must attach to something to spread, where a worm does not need to attach to anything to spread and can tunnel itself into the computer.
D) all of these
238) What is a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system?
A) elevation of privilege
B) packet tampering
C) spoofing
D) spyware
239) A DDoS stands for one of the common forms of viruses, that attack multiple computers to flood a website until it slows or crashes. What does DDoS stand for?
A) data distribution of systems attack
B) data denial-of-software attack
C) distributed data online systems attack
D) distributed denial-of-service attack
240) Which of the following are all common forms of viruses?
A) packet tampering, worms, cakes, and Trojan viruses
B) polymorphic, sniffer, splogs, and denial-of-service viruses
C) backdoor program, worm, Trojan-horse viruses
D) all of these
241) What is the software called that allows Internet advertisers to display advertisements without the consent of the computer user?
A) sploging
B) adware
C) spygloss
D) CPU buzzer
242) Who are hackers with criminal intent?
A) crackers
B) black-hat hacker
C) hoaxes
D) cyberterrorists
243) Who are those who seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction?
A) white-hat hacker
B) black-hat hacker
C) cyberterrorists
D) script bunnies
244) Which of the following types of viruses spread themselves, not just from file to file, but also from computer to computer?
A) polymorphic virus
B) worm
C) Trojan-horse virus
D) backdoor programs
245) What is the one of the most common forms of computer vulnerabilities that can cause massive computer damage?
A) virus
B) white-hat hackers
C) dumpster diving
D) all of these
246) Which of the following changes its form as it propagates?
A) backdoor programs
B) strikers
C) polymorphic viruses and worms
D) splogs
247) Which of the following is a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network?
A) backdoor programs
B) drive-by hacking
C) polymorphic viruses and worms
D) hacker
248) What is a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization?
A) information security
B) physical security
C) drive-by hacking
D) adware
249) Who are experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge?
A) information spy
B) hacker
C) spyware
D) adware
250) What is a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network?
A) spyware
B) hacker
C) drive-by hacking
D) adware
251) What is a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission?
A) spyware
B) hacker
C) drive-by hacking
D) adware
252) What is software that, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user?
A) spyware
B) hacker
C) drive-by hacking
D) adware
253) What is spyware?
A) a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission
B) experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge
C) a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network
D) software that, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user
254) What is adware?
A) a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission
B) experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge
C) a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network
D) software that, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user
255) What is drive-by hacking?
A) a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission
B) experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge
C) a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network
D) software that, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user
256) What is a hacker?
A) a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission
B) experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge
C) a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network
D) software that, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user
257) What is information security?
A) a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization
B) a special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission
C) a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network
D) software that, while purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user
258) What is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs?
A) bug bounty program
B) malware
C) scareware
D) ransomware
259) What is software that is intended to damage or disable computers and computer systems?
A) bug bounty program
B) malware
C) scareware
D) ransomware
260) What is a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software?
A) bug bounty program
B) malware
C) scareware
D) ransomware
261) What is a form of malicious software that infects your computer and asks for money?
A) bug bounty program
B) malware
C) scareware
D) ransomware
262) What is a bug bounty program?
A) a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs
B) software that is intended to damage or disable computers and computer systems
C) a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software
D) a form of malicious software that infects your computer and asks for money
263) What is malware?
A) a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs
B) software that is intended to damage or disable computers and computer systems
C) a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software
D) a form of malicious software that infects your computer and asks for money
264) What is scareware?
A) a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs
B) software that is intended to damage or disable computers and computer systems
C) a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software
D) a form of malicious software that infects your computer and asks for money
265) What is ransomware?
A) a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs
B) software that is intended to damage or disable computers and computer systems
C) a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software
D) a form of malicious software that infects your computer and asks for money
266) What are the first two lines of defense a company should take when addressing security risks?
A) technology first, customers second
B) technology first, people second
C) innovation first, technology second
D) people first, technology second
267) Which of the below represents the biggest problem of information security breaches?
A) people misusing organizational information
B) technology failures
C) customers misusing organizational systems
D) company departments missing sales goals
268) Angela works for an identity protection company that maintains large amounts of sensitive customer information such as usernames, passwords, personal information, and Social Security numbers. Angela and a coworker decide to use the sensitive information to open credit cards in a few of her customer's names. This is a classic example of which of the following security breaches?
A) a social engineer
B) an insider
C) a spammer
D) a dumpster diver
269) Using ones social skills to trick people into revealing access credentials or other valuable information is called
A) social engineering.
B) social media.
C) social viruses.
D) social processes.
270) What is it called when a hacker looks through your trash to find personal information?
A) striker bunny
B) dumpster diving
C) trash retrieval
D) approved consent
271) What is a form of social engineering in which one individual lies to obtain confidential data about another individual?
A) dumpster texting
B) dumpster diving
C) trash retrieval
D) pretexting
272) What is pretexting?
A) a form of social engineering in which one individual lies to obtain confidential data about another individual
B) a hacker looks through your trash to find personal information
C) legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
D) malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines
273) What is dumpster diving?
A) a form of social engineering in which one individual lies to obtain confidential data about another individual
B) a hacker that looks through your trash to find personal information
C) legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
D) malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines
274) What is an insider?
A) a form of social engineering in which one individual lies to obtain confidential data about another individual
B) a hacker looks through your trash to find personal information
C) legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
D) malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines
275) What is a destructive agent?
A) a form of social engineering in which one individual lies to obtain confidential data about another individual
B) a hacker looks through your trash to find personal information
C) legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
D) malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines
276) Working at a ski resort in the mountains has its own unique security issues. Kenny is the chief information officer for Sundance Ski Resort, and he is faced with both physical and information security threats every month. Since the resort implemented a new software system, they have been having larger number of threats and breaches of company information. He suspects that this may be caused by an internal employee. He needs to clarify and establish what type of plan to help reduce further problems?
A) an information security plan
B) an ethical information policy
C) an anti-virus plan
D) none of these
277) eBay is an example of an online company that has been faced with numerous security issues. For example, imagine you purchase a digital camera on eBay. Three months later you might receive an email asking you to log in to the system to update your credit card or PayPal information. Of course, this email is not actually from eBay and as soon as you log in your information will be stolen. What type of information security breach would you consider this to be?
A) an Insider
B) dumpster diving
C) social engineering
D) phishing
278) Which of the following is an example of a way to maintain information security that a company should include in their information security policies?
A) requiring computer users to log off before leaving for lunch
B) never sharing user or password information with anyone
C) changing passwords every 30–60 days
D) all of these
279) Janet is a financial aid counselor at a local community college and she shares an office with her three coworkers. Janet feels safe in her office environment and frequently leaves her username and password on a sticky note next to her computer. Without realizing it Janet is creating the potential for which type of information security breach to occur?
A) insiders to hack into the college system
B) dumpster diving to find usernames and passwords
C) viruses and worms to spread through the college system
D) all of these
280) Applications allowed to be placed on the corporate network, like IM software, and corporate computer equipment used for personal reason on personal networks are two areas that should be addressed by managers in which of the below company policies?
A) information ethics policy
B) information security policies
C) information technology plan
D) all of these
281) Which of the following represents the three areas where technology can aid in the defense against information security attacks?
A) authentication and authorization, prevention and resistance, prevention and response
B) authentication and authorization, prevention and response, detection and response
C) analyzing and authenticating, prevention and repositioning, detection and response
D) authentication and authorization, prevention and resistance, detection and response
282) What is forging of someone's identity for the purpose of fraud?
A) identity crisis
B) identity theft
C) ediscovery
D) all of these
283) What is the use of a false identity to artificially stimulate demand for a product, brand, or service?
A) personally identifiable information (PII)
B) nonsensitive PII
C) sensitive PII
D) sock puppet marketing
284) What includes any data that could potentially identify a specific individual?
A) personally identifiable information (PII)
B) nonsensitive PII
C) sensitive PII
D) sock puppet marketing
285) What is information transmitted without encryption and includes information collected from public records, phone books, corporate directories, or websites?
A) personally identifiable information (PII)
B) nonsensitive PII
C) sensitive PII
D) sock puppet marketing
286) What is information transmitted with encryption and, when disclosed, results in a breach of an individual's privacy and can potentially cause the individual harm?
A) personally identifiable information (PII)
B) nonsensitive PII
C) sensitive PII
D) sock puppet marketing
287) What is sensitive PII?
A) any data that could potentially identify a specific individual
B) information transmitted without encryption and includes information collected from public records, phone books, corporate directories, websites, and so on
C) information transmitted with encryption and, when disclosed, results in a breach of an individual's privacy and can potentially cause the individual harm
D) the use of a false identity to artificially stimulate demand for a product, brand, or service
288) What is nonsensitive PII?
A) any data that could potentially identify a specific individual
B) information transmitted without encryption and includes information collected from public records, phone books, corporate directories, websites, and so on
C) information transmitted with encryption and, when disclosed, results in a breach of an individual's privacy and can potentially cause the individual harm
D) the use of a false identity to artificially stimulate demand for a product, brand, or service
289) What is personally identifiable information (PII)?
A) any data that could potentially identify a specific individual
B) information transmitted without encryption and includes information collected from public records, phone books, corporate directories, websites, and so on
C) information transmitted with encryption and, when disclosed, results in a breach of an individual's privacy and can potentially cause the individual harm
D) the use of a false identity to artificially stimulate demand for a product, brand, or service
290) What is sock puppet marketing?
A) any data that could potentially identify a specific individual
B) information transmitted without encryption and includes information collected from public records, phone books, corporate directories, websites, and so on
C) information transmitted with encryption and, when disclosed, results in a breach of an individual's privacy and can potentially cause the individual harm
D) the use of a false identity to artificially stimulate demand for a product, brand, or service
291) What is the difference between phishing and pharming?
A) Phishing is not illegal, pharming is illegal.
B) Phishing is the right of the company, where pharming is the right of the individual.
C) Phishing is a technique to gain personal information for the purpose of identity theft, and pharming reroutes requests for legitimate websites to false websites.
D) all of these
292) Imagine you accidently mistype the URL for your bank and you are redirected to a fake website that collects your information. What type of identity theft were you just a victim of?
A) pharming
B) worm holes
C) phishing
D) insider hacking
293) What area of information security focuses on preventing identity theft, phishing, and pharming scams?
A) prevention and resistance
B) detection and authorizing
C) detection and response
D) authentication and authorization
294) What is the process that provides a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space?
A) pharming
B) authentication
C) authorization
D) programming
295) What is a method for confirming users' identities?
A) phishing
B) authentication
C) authorization
D) programming
296) The most secure procedures combine which of the following authentication and authorization techniques?
A) something the user knows, such as a user ID and password
B) something the user has, such as a smart card or token
C) something that is part of the user, such as a fingerprint or voice signature
D) all of these
297) A smart card is a device, the size of a credit card, that contains embedded technology that stores information and small amounts of software, and can act as
A) identification instruments.
B) a form of digital cash.
C) a data storage device.
D) all of these.
298) The best and most effective way to manage authentication is through
A) smart technology card.
B) tokens.
C) biometrics.
D) passwords.
299) Which of the following is not considered a form of biometrics?
A) iris scan
B) password
C) fingerprint
D) handwriting
300) Which of the following is the main drawback of biometrics?
A) It is considered illegal.
B) It is viewed as an invasion of privacy.
C) It can be costly and intrusive.
D) It requires constant monitoring and upgrading.
301) How do prevention and resistance technologies stop intruders from accessing and reading sensitive information?
A) content filtering, encryption, and firewalls
B) calculating, locking, and firewalls
C) content prohibiting, and cookies
D) none of these
302) Which of the following occurs when organizations use software that filters content, such as email, to prevent the accidental or malicious transmission of unauthorized information?
A) antivirus software
B) content filtering
C) encryption
D) firewalls
303) What prevention technique scrambles information into an alternative form that requires a key or password to decrypt?
A) encryption
B) content filtering
C) firewalls
D) antivirus software
304) What can encryption technology perform?
A) Switch the order of characters.
B) Replace characters with other characters.
C) Insert or remove characters.
D) all of these.
305) What type of encryption technology uses multiple keys, one for public and one for private?
A) private key encryption
B) policy key encryption
C) public key encryption
D) protective key code
306) What is a data file that identifies individuals or organizations online and is comparable to a digital signature?
A) digital code
B) digital sign
C) digital certificate
D) digital card
307) Charles Mott works for a company called VeriSign that acts as a trusted third party to verify information. One of Charles' largest clients is CheckMD, which holds and authenticates customer reviews of doctors and dentists online and having a third party validating the reviews is critical to CheckMD's success. What type of authentication technique is VeriSign providing for CheckMD?
A) firewall
B) certificate authority
C) online certificate
D) digital content certificate
308) What is hardware or software that guards a private network by analyzing incoming and outgoing information for the correct markings?
A) firewall
B) certificate authority
C) online certificate
D) digital certificate
309) Which of the following protection techniques scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware?
A) firewall
B) digital certificate
C) virus software
D) antivirus software
310) What must you do with antivirus software to make it protect effectively?
A) must never upgrade or change vendors
B) must download a portable button for it to activate
C) must frequently update it to protect against viruses
D) all of these
311) Which of the following systems is designed with full-time monitoring tools that search for patterns in network traffic to identify intruders and to protect against suspicious network traffic which attempts to access files and data?
A) interconnected data software (IDS)
B) intrusion detection software (IDS)
C) security information system (SIS)
D) Internet detection scanner (IDS)
312) What is the most secure type of authentication?
A) something the user knows such as a user ID and password
B) something the user has such as a smart card or token
C) something that is part of the user such as a fingerprint or voice signature
D) combination of all of these
313) What is a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing?
A) token
B) password
C) smart card
D) biometrics
314) What is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting?
A) smart card
B) token
C) biometrics
D) content filtering
315) Which of the following is considered a type of biometrics?
A) voice
B) face
C) iris
D) all of these
316) What is a set of measurable characteristics of a human voice that uniquely identifies an individual?
A) voiceprint
B) face
C) iris
D) all of these
317) What is single-factor authentication?
A) the traditional security process, which requires a user name and password
B) requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token)
C) requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification)
D) the identification of a user based on physical characteristic such as a fingerprint, iris, face, voice, or handwriting
318) What is multifactor authentication?
A) the traditional security process, which requires a user name and password
B) requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token)
C) requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification)
D) the identification of a user based on physical characteristic such as a fingerprint, iris, face, voice, or handwriting
319) What is two-factor authentication?
A) the traditional security process, which requires a user name and password
B) requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token)
C) requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification)
D) the identification of a user based on physical characteristic such as a fingerprint, iris, face, voice, or handwriting
320) What gathers an organization's computer network traffic patterns to identify unusual or suspicious operations?
A) network behavior analysis
B) cyber-vigilantes
C) cyberterrorism
D) cyber-espionage
321) What includes individuals that seek notoriety or want to make a social or political point such as WikiLeaks?
A) network behavior analysis
B) cyber-vigilantes
C) cyberterrorism
D) cyber-espionage
322) What includes governments that are after some form of information about other governments?
A) network behavior analysis
B) cyber-vigilantes
C) cyberterrorism
D) cyber-espionage
323) What is the use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals?
A) network behavior analysis
B) cyber-vigilantes
C) cyberterrorism
D) cyber-espionage
324) What is the traditional security process, which requires a user name and password?
A) single-factor authentication
B) two-factor authentication
C) multifactor authentication
D) biometrics
325) What requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification)?
A) single-factor authentication
B) two-factor authentication
C) multifactor authentication
D) biometrics
326) What requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token)?
A) single-factor authentication
B) two-factor authentication
C) multifactor authentication
D) biometrics
327) What are biometrics?
A) the traditional security process, which requires a user name and password
B) requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token)
C) requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification)
D) the identification of a user based on physical characteristic such as a fingerprint, iris, face, voice, or handwriting
328) Which of the following authentication methods is 100 percent accurate?
A) smart card
B) fingerprint authentication
C) user ID
D) none of these
329) Where do organizations typically place firewalls?
A) between a personal computer and the server
B) between a personal computer and a printer
C) between the server and the content filtering software
D) between the server and the Internet
330) What is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity?
A) information secrecy
B) phishing
C) phishing expedition
D) spear phishing
331) What is a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses?
A) pharming
B) phishing
C) phishing expedition
D) spear phishing
332) What is a masquerading attack that combines spam with spoofing?
A) pharming
B) phishing
C) phishing expedition
D) spear phishing
333) What is a phone scam that attempts to defraud people by asking them to call a bogus telephone number to "confirm" their account information?
A) pharming
B) phishing
C) phishing expedition
D) vishing
334) What reroutes requests for legitimate websites to false websites?
A) pharming
B) phishing
C) phishing expedition
D) spear phishing
335) What is information secrecy?
A) the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity
B) a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses
C) a masquerading attack that combines spam with spoofing
D) a phishing expedition in which the emails are carefully designed to target a particular person or organization
336) What is phishing?
A) reroutes requests for legitimate websites to false websites
B) a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses
C) a masquerading attack that combines spam with spoofing
D) a phishing expedition in which the emails are carefully designed to target a particular person or organization
337) What is a phishing expedition?
A) reroutes requests for legitimate websites to false websites
B) a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses
C) a masquerading attack that combines spam with spoofing
D) a phishing expedition in which the emails are carefully designed to target a particular person or organization
338) What is spear phishing?
A) reroutes requests for legitimate websites to false websites
B) a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses
C) a masquerading attack that combines spam with spoofing
D) a phishing expedition in which the emails are carefully designed to target a particular person or organization
339) What is vishing?
A) reroutes requests for legitimate websites to false websites
B) a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses
C) a masquerading attack that combines spam with spoofing
D) a phone scam that attempts to defraud people by asking them to call a bogus telephone number to "confirm" their account information
340) What is pharming?
A) reroutes requests for legitimate websites to false websites
B) a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses
C) a masquerading attack that combines spam with spoofing
D) a phone scam that attempts to defraud people by asking them to call a bogus telephone number to "confirm" their account information
341) What reroutes requests for legitimate websites to false websites?
A) zombie
B) zombie farm
C) pharming attack
D) pharming
342) What is a program that secretly takes over another computer for the purpose of launching attacks on other computers?
A) zombie
B) zombie farm
C) pharming attack
D) time bomb
343) What is a group of computers on which a hacker has planted zombie programs?
A) zombie
B) zombie farm
C) pharming attack
D) time bomb
344) What uses a zombie farm, often by an organized crime association, to launch a massive phishing attack?
A) zombie
B) zombie farm
C) pharming attack
D) time bomb
345) What are computer viruses that wait for a specific date before executing their instructions?
A) zombie
B) zombie farm
C) pharming attack
D) time bomb
346) What is a data file that identifies individuals or organizations online and is comparable to a digital signature?
A) digital certificate
B) encryption
C) decrypt
D) cryptography
347) What scrambles information into an alternative form that requires a key or password to decrypt?
A) digital certificate
B) encryption
C) decrypt
D) cryptography
348) What decodes information?
A) digital certificate
B) encryption
C) decryption
D) cryptography
349) What is the science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them?
A) digital certificate
B) encryption
C) decrypt
D) cryptography
350) Explain the ethical issues in the use of information technology.
351) Identify the six epolicies organizations should implement to protect themselves.
352) Describe the relationships and differences between hackers and viruses.
353) Describe the relationship between information security policies and an information security plan.
354) Provide an example of each of the three primary information security areas: (1) authentication and authorization, (2) prevention and resistance, and (3) detection and response.
Document Information
Connected Book
M Information Systems 5th Edition | Test Bank with Answer Key by Paige Baltzan
By Paige Baltzan
Explore recommendations drawn directly from what you're reading
Chapter 2 Decisions + Processes Value Driven Business
DOCX Ch. 2
Chapter 3 Ebusiness Electronic Business Value
DOCX Ch. 3
Chapter 4 Ethics + Information Security Mis Business Concerns
DOCX Ch. 4 Current
Chapter 5 Infrastructures Sustainable Technologies
DOCX Ch. 5
Chapter 6 Data Business Intelligence
DOCX Ch. 6