Ch4 Information Security and Controls Test Test Bank Docx - Info Systems Canada 5e | Exam Pack by R. Kelly Rainer. DOCX document preview.
Package Title: Chapter 4, Testbank
Course Title: Rainer, IS 5e
Chapter Number: 4
Question type: Multiple Choice
1) The 2017 Equifax data breach occurred because attackers _______.
a) exploited a vulnerability in some web application software
b) sent e-mails to consumers with links to websites with malicious software
c) used social engineering to get user IDs and passwords from employees
d) were able to access discarded equipment with sensitive information
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 1: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
2) Equifax hired _______ to help after they suffered two breaches in 2017.
a) Cylance
b) Mandiant
c) Praetorian
d) Zero Trust
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 1: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
3) Consumers ___ put a freeze on their credit with the three credit bureaus; this is ____ for consumers.
a) can; an appealing fix
b) can; not an appealing fix
c) cannot; is a problem for
d)cannot; irrelevant
Difficulty: Medium
Section Reference 1: Opening Case
Learning Objective 1: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Analysis
Standard 1: AACSB || Technology
4) A(n) _________ to an information resource is any danger to which a system may be exposed.
a) exposure
b) risk
c) threat
d) vulnerability
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
5) The _________ of an information resource is the harm, loss, or damage that can result if a threat compromises that resource.
a) exposure
b) risk
c) threat
d) vulnerability
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
6) An information resource’s _________ is the possibility that the system will be harmed by a threat.
a) exposure
b) risk
c) threat
d) vulnerability
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
7) Which of the following does NOT contribute to the increasing vulnerability of organizational information resources?
a) Increasing skills necessary to be a computer hacker
b) International organized crime taking over cybercrime
c) Lack of management support
d) Smaller, faster, cheaper computers and storage devices
e) Today’s interconnected, interdependent, wirelessly networked business environment
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
8) Which of the following does NOT contribute to the increasing vulnerability of organizational information resources?
a) Additional management support
b) Decreasing skills necessary to be a computer hacker
c) International organized crime taking over cybercrime
d) Smaller, faster, cheaper computers and storage devices
e) Today’s interconnected, interdependent, wirelessly networked business environment
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
9) A(n) _________ network is any network within your organization; a(n) _________ network is any network external to your organization.
a) trusted; trusted
b) trusted; untrusted
c) untrusted; trusted
d) untrusted; untrusted
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
10) Computer crimes typically average _________ of dollars and cause businesses _________ of dollars in damages.
a) hundreds; millions
b) hundreds; billions
c) hundreds of thousands; millions
d) hundreds of thousands; billions
Difficulty: Medium
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
11) Careless Internet surfing is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
12) You leave your laptop at your desk while you go to the restroom. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
13) You lose the company’s USB with your sales spreadsheets on it. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
14) You open an e-mail from your friend that looks a little odd, but you figure your friend would never send you anything bad. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
15) You don’t lock your computer when you go to the restroom. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
16) Carelessness using unmanaged devices is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
17) You get a new smartphone and throw your old one away without erasing all your data. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
18) You never wipe the dust off your computer. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
19) _________ is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords.
a) Espionage
b) Malware
c) Profiling
d) Social engineering
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
20) You are a nice person, so you hold the door open for the person running in behind you. Since you needed to use your ID badge to open the door, the person running in behind you is __________; this is _________.
a) shoulder surfing; a good way to show kindness that causes no harm
b) shoulder surfing; an unintentional threat to your organization
c) tailgating; a good way to show kindness that causes no harm
d) tailgating; an unintentional threat to your organization
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
21) _________ is an unintentional threat.
a) Espionage
b) Identity theft
c) Social engineering
d) Software attacks
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
22) _________ occurs when an unauthorized individual attempts to gain illegal access to organizational information.
a) Alien software
b) Espionage
c) Identity theft
d) Information extortion
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
23) _________ occur(s) when an attacker either threatens to steal, or actually steals, information from a company and then demands payment for not carrying out a particular act.
a) Alien software
b) Espionage
c) Information extortion
d) SCADA attacks
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
24) _________ is a deliberate act that involves defacing an organization’s website, potentially damaging the organization’s image and causing its customers to lose faith.
a) Espionage
b) Sabotage
c) SCADA attacks
d) Software attacks
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
25) If humans are careless with laptops, this is an _________ error which could cause theft of equipment or information (an _________ error) .
a) intentional; intentional
b) intentional; unintentional
c) unintentional; intentional
d) unintentional; unintentional
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
26) Intellectual property is NOT protected under _________ laws.
a) copyright
b) patent
c) privacy
d) trade secret
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
27) A _________ is an intellectual work that is not based on public information.
a) copyright
b) patent
c) trade secret
d) trademark
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
28) A _________ is an official document that grants the holder exclusive rights on an invention or a process for a specified period of time.
a) copyright
b) patent
c) trade secret
d) trademark
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
29) A _________ is a statutory grant that provides the creators or owners of intellectual property with ownership of the property for a designated period.
a) copyright
b) patent
c) trade secret
d) trademark
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
30) Current US laws award patents for _________ years and copyright protection for _________ years.
a) 20; 20
b) 20; life+70
c) life+70; 20
d) life+70; life+70
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
31) You purchased a copy of Microsoft Office and give a copy to a friend so he/she doesn’t have to buy it too. This is _________ and is _________.
a) piracy; legal
b) piracy; illegal
c) social engineering; legal
d) social engineering; illegal
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
32) Piracy costs businesses _________ of dollars per year.
a) hundreds
b) millions
c) billions
d) trillions
Difficulty: Hard
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
33) _________ is a remote attack requiring user action.
a) DoS
b) A logic bomb
c) A Trojan horse
d) Virus
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
34) _________ is a remote attack requiring no user action.
a) DoS
b) A logic bomb
c) A Trojan horse
d) Virus
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
35) _________ is an attack by a programmer developing a system.
a) DoS
b) A phishing attack
c) A Trojan horse
d) Virus
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
36) Hackers would use a botnet to perform a _________.
a) DDoS
b) a logic bomb
c) a Trojan horse
d) virus
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
37) _________ causes pop-up advertisements to appear on your screen.
a) Adware
b) Marketware
c) Spamware
d) Spyware
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
38) _________ collects personal information about users without their consent.
a) Adware
b) Marketware
c) Spamware
d) Spyware
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
39) Keystroke loggers and screen scrapers are examples of _________.
a) adware
b) marketware
c) spamware
d) spyware
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
40) _________ is pestware that users your computer as a launch pad for unsolicited e-mail, usually advertising for products and services.
a) Adware
b) Marketware
c) Spamware
d) Spyware
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
41) Spam costs US companies _________ of dollars per year.
a) hundreds
b) millions
c) billions
d) trillions
Difficulty: Hard
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
42) If a hacker takes control of equipment such as power grids or nuclear power plants, this is an example of a(n) _________ attack.
a) alien software
b) espionage
c) SCADA
d) virus
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
43) _________ refers to malicious acts in which attackers use a target’s computer systems to cause physical, real-world harm or severe disruption, often to carry out a political agenda.
a) A SCADA attack
b) Cyberterrorism
c) Espionage
d) Identity theft
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
44) The U.S. government considers the Sony hack _________.
a) a SCADA attack
b) cyberterrorism
c) espionage
d) identity theft
Difficulty: Hard
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
45) Whaling attack is a targeted attempt to ____________
a) Bring down a company’s server
b) Steal sensitive information from a company such as financial data or personal details about employees
c) Break encryption keys
d) Perform SQL injection attacks on a server
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
46)
The DarkHotel Group has continually evolved its tactics and has integrated whaling and social engineering techniques into its malware in order to_______ ,_____________.
a) Conduct espionage on corporate research and development.
.
b) To advertise products with its malware.
c) Sell private data to companies for marketing purposes
d) Identify your search engine searches for Google ads targeting. .
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Comprehension
Standard 1: AACSB || Technology
47) A ______ attack is a targeted attempt to steal sensitive information from a company, such as financial data or personal details about employees.
a) Phishing
b) Spear-phishing
c) Spear-whaling
d) Whaling
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
48) The goal of whaling is to trick a(n) _______ into revealing personal or corporate data.
a) executive
b) factory worker
c) janitor
d) salesperson
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
49) The entire basis of a whaling attack is to ___________.
a) appear as authentic as possible with actual logos, phone numbers, and various other details used in communications that come from fake email addresses.
b) be as ambiguous and broad as possible so that no one person is targeted; rather, a large division in a company is.
c) appeal to as many companies as possible at the same time, therefore increasing the likelihood that one will “take the bait.”
d) establish a line of communication with an entry-level employee or employees first to gain trust, and then gain access to larger systems.
Difficulty: Medium
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Technology
50) Which well-known company has NOT fallen victim to a whaling attack at present?
a) Snapchat
b) Yahoo!
c) Google
d) Facebook
Difficulty: Easy
Section Reference 1: IT’s About Business 4.2
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Comprehension
Standard 1: AACSB || Technology
51) What is TRUE of the DarkHotel Group attacks?
a) In 2017, they were able to extract over $100 million dollars from Facebook through whaling attacks.
b) Despite utilizing a variation of the same type of attack on intellectual property for over a decade, the group continues to perpetrate cybercrimes and elude arrest.
c) They have been specifically targeting political figures since sometime around 2007 by hacking into donor lists.
d) The group is effective largely because they continually evolve their tactics.
Difficulty: Medium
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Technology
52) Dyn is a cloud-based internet performance management company that provides DNS services for internet websites. It was attacked with _________ in 2016.
a) alien software
b) a DDoS
c) espionage
d) a SCADA attack
Difficulty: Easy
Section Reference 1: IT’s About Business 4.2
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
53) Dyn’s hackers formed a botnet from _________.
a) corporate servers
b) devices incorporating the Internet of Things
c) individuals willing to become part-time hackers
d) programmers within the company
Difficulty: Medium
Section Reference 1: IT’s About Business 4.2
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
54) Jim finds out that someone accessed his bank account pretending to be him and stole thousands of dollars. This is an example of ____________.
a) sabotage
b) identity theft
c) intellectual property
d) information extortion
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Technology
55) Sarah received an email that claimed to be from her bank. The email asked her to provide her password. Sarah later found out that the email was not from her bank and that she had given sensitive information to someone who gained access to her accounts. This is an example of a ____________.
a) worm
b) trojan horse
c) phishing attack
d) denial of service attack
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Technology
56) An employee at ABC Inc. downloaded an email and opened the attachment contained within the message. Shortly afterwards all employees were blocked from accessing files on the company’s servers and the criminals told ABC Inc. they would have to pay a large amount of Bitcoin to regain access to their files. ABC Inc. was a victim of ____________.
a) ransomware
b) identity theft
c) spyware
d) cyber warfare
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Technology
57) If you accept the potential risk, continue operating with no controls, and absorb any damages that occur, you have adopted a risk _________ strategy.
a) acceptance
b) avoidance
c) limitation
d) transference
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
58) Your company decides not to implement security procedures because employees refuse to comply anyway. This is an example of risk _________.
a) acceptance
b) avoidance
c) limitation
d) transference
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Application
Standard 1: AACSB || Technology
59) If you limit your risk by implementing controls that minimize the impact of the threat, you have implemented a risk _________ strategy.
a) acceptance
b) avoidance
c) limitation
d) transference
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
60) Your company hires FireEye to install security software and monitor your systems. This is an example of risk _________.
a) acceptance
b) avoidance
c) limitation
d) transference
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Application
Standard 1: AACSB || Technology
61) If you shift your risk by using other means to compensate for the loss like purchasing insurance, you have implemented a risk _________ strategy.
a) acceptance
b) avoidance
c) limitation
d) transference
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Comprehension
Standard 1: AACSB || Technology
62) Your company decides to purchase security insurance from Travelers Insurance in case your systems get hacked and employee information is stolen. This is an example of risk _________.
a) acceptance
b) avoidance
c) limitation
d) transference
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Application
Standard 1: AACSB || Technology
63) _________ is a physical control.
a) A company gate
b) Encryption
c) A firewall
d) VPN
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
64) _________ is an access control.
a) A company gate
b) Encryption
c) A firewall
d) RFID
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
65) _________ is a communications control.
a) A company gate
b) Encryption
c) A firewall
d) RFID
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
66) _________ controls prevent unauthorized individuals from gaining access to a company’s facilities.
a) Access
b) Communications
c) Physical
d) Useful
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
67) _________ controls restrict unauthorized individuals from using information resources.
a) Access
b) Communications
c) Physical
d) Useful
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
68) _________ controls secure the movement of data across networks.
a) Access
b) Communications
c) Physical
d) Useful
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
69) Suppose your university automatically logs you off of a university computer after 15 minutes of disuse. This is an example of a(n) _________ control.
a) access
b) communication
c) physical
d) useful
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Analysis
Standard 1: AACSB || Technology
70) Biometrics is an example of something the user _________.
a) does
b) has
c) is
d) knows
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
71) Your student ID is an example of something the user _________.
a) does
b) has
c) is
d) knows
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Comprehension
Standard 1: AACSB || Technology
72) If you have to speak into your phone to unlock it, this is an example of something the user _________.
a) does
b) has
c) is
d) knows
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Comprehension
Standard 1: AACSB || Technology
73) Typing in your password to access a system is an example of something the user _________.
a) does
b) has
c) is
d) knows
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
74) A(n) _________ is a system that prevents a specific type of information from moving between untrusted networks and private networks.
a) anti-malware system
b) DMZ
c) ERP
d) firewall
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
75) A(n) _________ is a software package that attempts to identify and eliminate viruses and worms.
a) anti-malware system
b) DMZ
c) ERP
d) firewall
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
76) A(n) _________ is located between two firewalls.
a) anti-malware system
b) DMZ
c) ERP
d) spamware detector
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
77) _________ is the process of converting an original message into a form that cannot be read by anyone except the intended receiver.
a) Authorization
b) Blacklisting
c) Encryption
d) Firewalling
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
78) In public-key encryption, the _________ key is used for locking and the _________ key is used for unlocking.
a) private; private
b) private; public
c) public; private
d) public; public
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
79) _________ is a private network that uses a public network to connect users.
a) DoS
b) ERP
c) RFID
d) VPN
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
80) Which of the following is NOT an advantage of VPN?
a) Cost
b) Flexibility
c) Remote access
d) Security
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
81) A URL that begins with https uses _________.
a) DMZ
b) ERP
c) TLS
d) VPN
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
82) A _________ site is a fully configured computer facility with all of the company’s services, communication links, and physical plant operations.
a) cold
b) hot
c) medium
d) warm
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
83) A _________ site typically does not include the actual application the company needs to get the business back up and running immediately.
a) cold
b) hot
c) medium
d) warm
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
84) A _________ site provides only rudimentary services and facilities.
a) cold
b) hot
c) medium
d) warm
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
85) A _________ site is the most expensive option.
a) cold
b) hot
c) medium
d) warm
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
86) A _________ site is the least expensive option.
a) cold
b) hot
c) medium
d) warm
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
87) Suppose you have a primary location in New York City where you main corporate servers are located. Just in case something happens in New York City, you have backup servers that are updated every minute in Chicago. This is an example of a _________ site.
a) cold
b) hot
c) medium
d) warm
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
88) Auditing _________ the computer means verifying processing by checking for known outputs using specific inputs.
a) around
b) into
c) through
d) with
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
89) Auditing _________ the computer means auditors check inputs, outputs, and processing.
a) around
b) into
c) through
d) with
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
90) Auditing _________ the computer means using a combination of client data, auditor software, and client and auditor hardware.
a) around
b) into
c) through
d) with
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
91) Dave and Darla are worried about their home’s security as there have been a lot of robberies in the neighborhood lately. To ease their concern, they purchase insurance for their home and possessions. This is an example of __________.
a) risk analysis
b) risk acceptance
c) risk transference
d) controls
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Application
Standard 1: AACSB || Technology
92) XYZ Inc. scanned the fingerprints of all of their employees and now uses these fingerprints to authenticate their employees and grant them access to different areas of the company’s facilities. XYZ Inc. is utilizing which type of technology?
a) Cookies
b) Intellectual Property
c) Biometrics
d) Malware
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
93) Judith works from home. In order to access her corporate email and other computer systems she logs into a virtual private network (VPN). The VPN is an example of _____________.
a) a communications control
b) a passphrase
c) a digital certificate
d) an audit
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
94) Triple Z Travelsite allows customers to reserve discount hotel rooms and airline tickets with certain companies they have relationships with. In order to secure the credit card information used by customers, which of the following controls would you recommend Triple Z use?
a) Biometrics
b) Transport layer security
c) Whitelisting
d) Audits
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
95) Ransomware negatively affected the city of Atlanta in many ways. Which vulnerability was the main cause of the problems?
a) Today’s interconnected, interdependent, wirelessly networked business environment
b) Smaller, faster, cheaper computers and storage devices
c) Decreasing skills necessary to be a computer hacker
d) International organized crime taking over cybercrime
e) Lack of management support
Difficulty: Hard
Section Reference 1: Closing Case
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Evaluation
Standard 1: AACSB || Technology
96) _______ is designed to erase information permanently, not to hold it ransom.
a) Petya
b) RobbinHood
c) SamSam
d) WannaCry
Difficulty: Easy
Section Reference 1: Closing Case
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
Question type: True/False
97) The 2017 Equifax data breach was more damaging to lenders than to consumers.
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
98) Equifax’s CIO, CTO, and CEO lost their jobs due to the 2017 data breach.
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 1: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
99) Equifax could have upgraded and patched the software that was the cause of the breach.
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
100) An intranet is a trusted network.
Difficulty: Hard
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Synthesis
Standard 1: AACSB || Technology
101) VPN is a trusted network.
Difficulty: Hard
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Synthesis
Standard 1: AACSB || Technology
102) The internet is an untrusted network.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
103) The recent trend indicates that CEOs lose their jobs after data breaches. In theory, this should impact the “lack of management support” factor that increases the vulnerability of organizational information resources.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
104) Cybercrime is typically nonviolent but lucrative.
Difficulty: Medium
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
105) It is always safe to open e-mails and click on links from your friends.
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
106) If a hacker enters a building with an official-looking ID badge. This is considered social engineering.
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
107) Social engineers will often pose as real employees or contractors such as exterminators or fire marshals.
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
108) Social engineering is an unintentional threat on the part of the employee.
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
109) You are a nice person, so you hold the door open for the person running in behind you. Since you needed to use your ID badge to open the door, the person running in behind you is tailgating.
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
110) You need to be particularly careful of tailgating at airport terminals.
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
111) Competitive intelligence and espionage are similar except that competitive intelligence crosses the legal boundary.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
112) Competitive intelligence is legal while espionage is illegal even though both involve collecting information about competitors.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
113) Dumpster diving is always theft and is always illegal.
Difficulty: Hard
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
114) Once a copyright and patent is established, it applies to all countries in the world.
Difficulty: Hard
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
115) You purchased a copy of Microsoft Office and give a copy to a friend so he/she doesn’t have to buy it too. This is piracy and is illegal.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
116) You are a computer programmer who feels short-changed by your organization. To get back at them, you would most likely use a Trojan horse, back door, or logic bomb.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
117) Cyberterrorism is typically carried out by individuals or groups whereas cyberwarfare is carried out by nation states or nonstate actors such as terrorists.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
118) DarkHotel’s attacks begin with high-level viruses individually designed to be interesting and convincing to the target victim.
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
119) In early 2017, reports confirmed that Google and Facebook had lost $100 million through whaling attacks.
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
120) Whaling attacks are easier to detect than typical phishing attacks because they are so highly personalized and targeted.
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
121) Whaling attacks have the biggest impact on financial institutions due to the nature of their business; it is not a true concern for other types of organizations.
Difficulty: Medium
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Technology
122) The Dyn DDoS hack illustrates the vulnerability of the Internet of Things.
Difficulty: Medium
Section Reference 1: IT’s About Business 4.2
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Analysis
Standard 1: AACSB || Technology
123) The SCADA attacks on Dyn were so severe that they eventually blocked or significantly slowed user access to dozens of other websites like Twitter, Netflix, and CNN.
Difficulty: Medium
Section Reference 1: IT’s About Business 4.2
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
124) Dyn is a cloud-based internet performance management company that provides virtual private networks for internet websites.
Difficulty: Easy
Section Reference 1: IT’s About Business 4.2
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
125) IT security is the business of everyone in an organization.
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
126) People tend to violate security procedures because the procedures are inconvenient.
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
127) If you choose not to protect your information systems, you have adopted a risk acceptance strategy.
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Analysis
Standard 1: AACSB || Technology
128) If you choose to spend as much as you can to protect your information systems, you have adopted a risk transference strategy.
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Analysis
Standard 1: AACSB || Technology
129) If you choose limit your risk by implementing firewalls and other security measures, you have adopted a risk limitation strategy.
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Analysis
Standard 1: AACSB || Technology
130) ID cards address physical and access controls.
Difficulty: Hard
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Evaluation
Standard 1: AACSB || Technology
131) Authentication occurs after authorization.
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
132) Passwords are a huge information security problem for all organizations.
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
133) Weak passwords can be addressed through multi-factor authentication.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
134) Authorization means someone has privileges to do certain things on a system.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Comprehension
Standard 1: AACSB || Technology
135) Anti-malware systems are generally reactive.
Difficulty: Hard
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
136) Whitelisting allows nothing to run unless it is on the whitelist.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
137) Blacklisting allows everything to run unless it is on the list.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
138) People, devices, software, and websites can be blacklisted and whitelisted.
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
139) Employee monitoring systems are illegal and unethical.
Difficulty: Hard
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Synthesis
Standard 1: AACSB || Technology
140) The external audit of information systems is frequently a part of the overall external auditing performed by a CPA firm.
Difficulty: Hard
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
141) People are not liable for fraudulent use of their credit cards.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
142) A CPA firm typically performs an internal business audit.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
143) Government systems typically lack resources and IT expertise and operate on outdated hardware and software. This makes them particularly vulnerable to ransomware attacks.
Difficulty: Easy
Section Reference 1: Closing Case
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
144) RobbinHood was a DDoS attack on the city of Atlanta.
Difficulty: Easy
Section Reference 1: Closing Case
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
Question type: Text Entry
145) ___ refers to all the processes and policies designed to protect an organization’s information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
146) A(n) ___ to an information resource is any danger to which a system may be exposed.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
147) The ___ of an information resource is the harm, loss, or damage that can result if a threat compromises that resource.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
148) An information resource’s ___ is the possibility that the system will be harmed by a threat.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
149) ___ refers to illegal activities conducted over computer networks, particularly the internet.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
150) ___ involves rummaging through commercial or residential trash to find discarded information.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
151) ___ is the deliberate assumption of another person’s identity, usually to gain access to his or her financial information or to frame him or her for a crime.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
152) A ___ is an intellectual work that is not based on public information.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
153) A ___ is an official document that grants the holder exclusive rights on an invention or a process for a specified period of time.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
154) A ___ is a statutory grant that provides the creators or owners of intellectual property with ownership of the property for a designated period.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
155) ___ are small amounts of information that websites store on your computer, temporarily or more or less permanently.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
156) A ___ is the probability that a threat will impact an information resource.
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
157) In risk ___, the organization takes concrete actions against risks.
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
158) Information security controls are also called ___.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
159) ___ controls prevent unauthorized individuals from gaining access to a company’s facilities.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
160) ___ controls restrict unauthorized individuals from using information resources.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
161) ___ controls secure the movement of data across networks.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
162) Access controls involve two major functions: ___ and ___.
Answer 1: authentication
Answer 2: authorization
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
163) ___ posits that users be granted the privilege for an activity only if there is a justifiable need for them to perform that activity.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
164) ___ is a process in which a company identifies the software that it will allow to run on its computers.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
165) ___ allows everything to run unless it is on the list.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
Question type: Essay
166) What are the five factors that contribute to the increasing vulnerability of organizational information resources? Consider a current data breach (e.g., Target’s credit card breach in 2013, Sony’s data breach in 2014, the Democratic National Committee breach in 2015) and how each of these factors contributed to that breach.
Difficulty: Hard
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Synthesis
Standard 1: AACSB || Communication
Standard 2 : AACSB || Analytic
Standard 3 : AACSB || Technology
Solution: 1) Today’s interconnected, interdependent, wirelessly networked business environment
Target – the Fazio connection, letting them have access; while the sensitive information was “walled off,” there were still “holes”
Sony – able to get access to a system via the Internet (not enough security)
DNC – Russians able to get into US systems during their office hours (employees made the internal network untrusted)
2) Smaller, faster, cheaper computers and storage devices
Target – it was easy for Target to store lots of customer information
Sony – everything was electronic (able to leak movies before officially released)
DNC – everything was electronic
3) Decreasing skills necessary to be a computer hacker
Target – the phishing attack on Fazio
Sony – used malware (a common tool was used)
DNC – used spear-phishing
4) International organized crime taking over cybercrime
Target – not in the US, stole lots of credit card numbers to sell them
Sony – conducted by North Korea (possibly to stop a controversial film)
DNC – Russia supposedly wanted to affect the election
5) Lack of management support
Target – while they installed FireEye, they didn’t work hard enough to use it properly
Sony – ignored threatening e-mails, hired the FBI and FireEye to protect employees
DNC – ignored FBI’s warnings; only one guy knew about it; they didn’t have secure systems
167) Why are employees the biggest threats to an organization? What can you do to protect your future company’s assets?
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Communication
Standard 2 : AACSB || Technology
Standard 3 : AACSB || Reflective Thinking
Solution: We tend to be careless with our devices and generally in our behavior (see Table 4.1)
168) Identity theft is a deliberate threat to information systems and is one of the largest concerns of consumers and businesses today. What are the four techniques the book mentions for illegally obtaining information? How can you protect yourself from each of these threats?
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Communication
Standard 2 : AACSB || Technology
Standard 3 : AACSB || Reflective Thinking
Solution: 1) Dumpster diving – shred your sensitive information
2) Stealing personal information in computer databases – have strong passwords, encrypt the data
3) Infiltrating organizations (data aggregators) that store large amounts of personal information - have strong passwords, encrypt the data
4) Phishing – never provide a user ID and password; always ensure the person/site is legitimate
169) Organizations spend a great deal of time and money protecting their information resources. To figure out what needs to be protected and how they are going to protect it, they need to perform risk management. What is the goal of risk management? List and describe the three processes of risk management. How can organizations mitigate risk? Describe a company that has adopted each risk mitigation strategy.
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Application
Standard 1: AACSB || Technology
Solution: goal = identify, control, and minimize the impact of threats; processes = analysis (with three steps: assess value of assets, estimate probability of attack, compare costs of protecting versus not protecting), mitigation (three types as noted next), and controls evaluation (cost versus benefit); mitigate = acceptance (no controls, absorb damage), limitation (try to minimize threat), transference (get insurance); examples: acceptance = Democratic National Committee, limitation (Target installed FireEye software; although they didn’t implement all the functionality), transference (see Travelers Insurance options)
170) What are the six basic guidelines for creating strong passwords? Without divulging your passwords, how do your passwords “add up” and why? HINT: You should specifically address each of the six guidelines for your passwords. Now suppose you are a manager and you know employees won’t have strong passwords, how do you address this issue?
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Comprehension, Analysis
Standard 1: AACSB || Communication
Standard 2 : AACSB || Technology
Standard 3 : AACSB || Reflective Thinking
Solution: First question: 1) They should be difficult to guess.
2) They should be long rather than short.
3) They should have uppercase letters, lowercase letters, numbers, and special characters.
4) They should not be recognizable words.
5) They should not be the name of anything or anyone familiar, such as family names or names of pets.
6) They should not be a recognizable string of numbers, such as a social security number or a birthday.
Second question: Require password resets every 60–90 days and set limitations on characters, capitalizations, numbers, letters, etc.; since they may then write these passwords down, require multi-factor authentication
Document Information
Connected Book
Explore recommendations drawn directly from what you're reading
Chapter 3 Ethics and Privacy Test Bank
DOCX Ch. 3
Chapter 4 Information Security and Controls Practice Quizzes
DOCX Ch. 4
Chapter 4 Information Security and Controls Test Bank
DOCX Ch. 4 Current
Chapter 5 Data and Knowledge Management Practice Quizzes
DOCX Ch. 5
Chapter 5 Data and Knowledge Management Test Bank
DOCX Ch. 5