Chapter 4 Information Security and Controls Exam Questions

Package Title: Practice Questions

Course Title: Rainer, Introduction to Information Systems, Fifth Canadian Edition

Chapter Number: 04

Shuffle: No

Question type: True/False

1) The emergence of the Internet has decreased the threats to information security.

Difficulty: Easy

Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.

Section Reference 1: Introduction to Information Security

AACSB: Reflective Thinking

Bloomcode: Knowledge

2) If you have copied a software package (computer program) from a friend without paying for it, you are guilty of software piracy.

Difficulty: Easy

Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.

Section Reference 1: Introduction to Information Security

AACSB: Ethics

Bloomcode: Knowledge

3) You should regularly delete any spyware that might be residing on your computer, because it may be dangerous.

Difficulty: Easy

Learning Objective 1: Discuss the 10 types of deliberate software attacks.

Section Reference 1: Deliberate Threats to Information Systems

AACSB: Technology

Bloomcode: Knowledge

4) Backup and recovery procedures are recommended only to safeguard against hardware/software failures.

Difficulty: Easy

Learning Objective 1: Define the three risk mitigation strategies, and provide an example of each one in the context of owning a home.

Section Reference 1: What Organizations Are Doing to Protect Information Resources

AACSB: Technology

Bloomcode: Knowledge

5) Risk management identifies, controls, and minimizes the impact of threats to the organization's information security.

Difficulty: Medium

Learning Objective 1: Define the three risk mitigation strategies, and provide an example of each one in the context of owning a home.

Section Reference 1: What Organizations Are Doing to Protect Information Resources

AACSB: Technology

Bloomcode: Knowledge

6) Low-level employees pose the greatest threat to information security.

Difficulty: Easy

Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.

Section Reference 1: Information Security Controls

AACSB: Technology

Bloomcode: Knowledge

Question type: Multiple Choice

7) The threats to information security are ___, and the greatest threat is ___.

a) increasing, human

b) decreasing, human

c) increasing, technological

d) decreasing, technological

e) staying about the same, software

Difficulty: Easy

Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.

Section Reference 1: Introduction to Information Security

AACSB: Reflective Thinking

Bloomcode: Knowledge

8) An information system's ___ is the likelihood that the system or resource will be compromised by a ___ that will result in its ___ to further attacks.

a) vulnerability, threat, exposure

b) vulnerability, security, threat

c) threat, vulnerability, liability

d) threat, vulnerability, exposure

Difficulty: Hard

Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.

Section Reference 1: Introduction to Information Security

AACSB: Reflective Thinking

Bloomcode: Knowledge

9) Which of the following factors that make information resources more vulnerable to attack can be most easily remedied?

a) interconnected/dependent business environments

b) larger and cheaper storage

c) organized cybercrime

d) decrease the skill level of hackers

e) lack of management control

f) none – all factors are exogenous

Difficulty: Medium

Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.

Section Reference 1: Introduction to Information Security

AACSB: Reflective Thinking

Bloomcode: Knowledge

10) Which of the following is not a potential computer-related action that can be used to protect personal information assets?

a) use passwords based on word phrases

b) take regular backups of your data and system and store them off-site

c) use the linux operating system

d) use current software that is updated regularly

Difficulty: Easy

Learning Objective 1: Explain why it is critical that you protect your information assets, and identify actions that you could take to do so.

Section Reference 1: Personal Information Asset Protection

AACSB: Technology

Bloomcode: Knowledge

11) Which of the following can be classified as unintentional threats to information systems caused by human errors?

a) selecting a weak password

b) revealing your password

c) leaking company data to others

d) both (a) and (b)

e) none of the above

Difficulty: Easy

Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.

Section Reference 1: Unintentional Threats to Information Systems

AACSB: Technology

Bloomcode: Knowledge

12) An unintentional attack in which the perpetrator uses social skills to trick or manipulate a legitimate employee into providing confidential company information is known as

a) trespass.

b) social engineering.

c) identity theft.

d) information extortion.

Difficulty: Medium

Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.

Section Reference 1: Unintentional Threats to Information Systems

AACSB: Reflective Thinking

Bloomcode: Knowledge

13) Which of the following is not a social engineering technique?

a) tailgating

b) shoulder surfing

c) careless internet surfing

d) All of the choices are social engineering techniques.

e) None of the choices are social engineering techniques.

Difficulty: Medium

Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.

Section Reference 1: Unintentional Threats to Information Systems

AACSB: Technology

Bloomcode: Comprehension

14) Precisely targeted attacks, usually in the form of personal messages from a known social contact, are referred to as

a) spam.

b) malware.

c) spear phishing.

d) social engineering.

Difficulty: Medium

Learning Objective 1: Discuss the 10 types of deliberate software attacks.

Section Reference 1: Deliberate Threats to Information Systems

AACSB: Technology

Bloomcode: Knowledge

15) Making and distributing information goods to which you do not own the ___ is referred to as ___.

a) copyright, piracy

b) intellectual property, piracy

c) copyright, appropriation

d) intellectual property, theft

Difficulty: Easy

Learning Objective 1: Discuss the 10 types of deliberate software attacks.

Section Reference 1: Deliberate Threats to Information Systems

AACSB: Ethics

Bloomcode: Knowledge

16) Whereas phishing attacks are ___, denial of service attacks are ___.

a) remote attacks requiring user action, remote attacks requiring no user action

b) remote attacks requiring no user action, attacks by a programmer developing a system

c) remote attacks requiring no user action, remote attacks requiring user action

d) distributed remote attacks requiring user action, attacks by a programmer developing a system

Difficulty: Hard

Learning Objective 1: Discuss the 10 types of deliberate software attacks.

Section Reference 1: Deliberate Threats to Information Systems

AACSB: Technology

Bloomcode: Knowledge

17) Although the second and larger Equifax data breach in the chapter's opening case resulted from attackers exploiting a vulnerability in the Apache Struts Web-application software, the attack most closely resembled

a) a worm attack.

b) a spear-phishing attack.

c) a denial of service attack.

d) a back door attack.

Difficulty: Medium

Learning Objective 1: Discuss the 10 types of deliberate software attacks.

Section Reference 1: Deliberate Threats to Information Systems

AACSB: Technology

Bloomcode: Knowledge

18) Which type of remote software attack does not require user action?

a) virus

b) worm

c) phishing attack

d) denial-of-service attack

Difficulty: Easy

Learning Objective 1: Discuss the 10 types of deliberate software attacks.

Section Reference 1: Deliberate Threats to Information Systems

AACSB: Technology

Bloomcode: Knowledge

19) Which type of alien software uses your computer to send emails that look like they came from you to all the people in your address book?

a) adware

b) spyware

c) spamware

d) cookies

Difficulty: Easy

Learning Objective 1: Discuss the 10 types of deliberate software attacks.

Section Reference 1: Deliberate Threats to Information Systems

AACSB: Technology

Bloomcode: Knowledge

20) Which of the following would be an example of a SCADA attack?

a) Bank accounts are hacked into after Internet purchases.

b) Social Security numbers are deleted from a company's database.

c) Computer viruses are introduced into the electrical company's systems resulting in a shutdown of the power plant.

d) Email accounts are hacked, and kinky messages are sent to all of the user's contacts.

Difficulty: Medium

Learning Objective 1: Discuss the 10 types of deliberate software attacks.

Section Reference 1: Deliberate Threats to Information Systems

AACSB: Technology

Bloomcode: Comprehension

21) If you are an employee of a large organization and your Facebook account is hacked, the attackers can potentially obtain access to

a) your personal information and photographs on Facebook.

b) your personal financial information.

c) information on all your Facebook friends.

d) your company's data and resources.

e) all of the above

Difficulty: Easy

Learning Objective 1: Define the three risk mitigation strategies, and provide an example of each one in the context of owning a home.

Section Reference 1: What Organizations Are Doing to Protect Information Resources

AACSB: Reflective Thinking

Bloomcode: Knowledge

22) Computer programs like CAPTCHA are used to counter

a) hackers using key loggers.

b) malware.

c) hackers using screen scrappers.

d) websites leaving cookies on the local machine.

Difficulty: Medium

Learning Objective 1: Define the three risk mitigation strategies, and provide an example of each one in the context of owning a home.

Section Reference 1: What Organizations Are Doing to Protect Information Resources

AACSB: Technology

Bloomcode: Knowledge

23) Buying health insurance is an example of risk ___, whereas going without is an example of risk ___.

a) transference, limitation

b) transference, acceptance

c) limitation, acceptance

d) limitation, transference

Difficulty: Easy

Learning Objective 1: Define the three risk mitigation strategies, and provide an example of each one in the context of owning a home.

Section Reference 1: What Organizations Are Doing to Protect Information Resources

AACSB: Reflective Thinking

Bloomcode: Knowledge

24) Which if the following is not a common risk mitigation strategy?

a) risk analysis

b) risk limitation

c) risk acceptance

d) risk transference

Difficulty: Easy

Learning Objective 1: Define the three risk mitigation strategies, and provide an example of each one in the context of owning a home.

Section Reference 1: What Organizations Are Doing to Protect Information Resources

AACSB: Reflective Thinking

Bloomcode: Knowledge

25) Implementing controls to prevent threats from occurring, and developing a recovery plan should the threats occur, are two broad functions of

a) risk mitigation.

b) risk acknowledgement.

c) risk acceptance.

d) all of the above

Difficulty: Easy

Learning Objective 1: Define the three risk mitigation strategies, and provide an example of each one in the context of owning a home.

Section Reference 1: What Organizations Are Doing to Protect Information Resources

AACSB: Reflective Thinking

Bloomcode: Knowledge

26) Access controls consist of ___, which confirms user identity, and ___, which determines user access levels.

a) access, privileges

b) authorization, privileges

c) authentication, authorization

d) passwords, privileges

Difficulty: Easy

Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.

Section Reference 1: Information Security Controls

AACSB: Reflective Thinking

Bloomcode: Knowledge

27) ___ can be used to create strong passwords that are easy to remember.

a) Mnemonics

b) Passphrases

c) Birthdates

d) Numbers

Difficulty: Medium

Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.

Section Reference 1: Information Security Controls

AACSB: Technology

Bloomcode: Knowledge

28) A password system on a computer network is an example of which type of information security control?

a) physical

b) access

c) communication

d) application

Difficulty: Easy

Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.

Section Reference 1: Information Security Controls

AACSB: Technology

Bloomcode: Knowledge

29) Which of the following statements is true?

a) Multifactor authentication systems are more reliable and less expensive than single-factor.

b) Multifactor authentication systems are more reliable and more expensive than single-factor.

c) Multifactor authentication systems are less reliable and less expensive than single-factor.

d) Multifactor and single-factor authentications have the same degree of reliability.

Difficulty: Easy

Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.

Section Reference 1: Information Security Controls

AACSB: Technology

Bloomcode: Knowledge

30) ___ is an encryption standard used for secure transactions such as credit card processing and online banking.

a) VPN

b) TLS

c) DMZ

d) whitelisting

Difficulty: Medium

Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.

Section Reference 1: Information Security Controls

AACSB: Technology

Bloomcode: Knowledge