Information Security And Controls Exam Questions Chapter 4 - Test Bank | Introduction to Info Systems 4th Canadian Edition by Rainer and Sanchez by Rainer Prince, Splettstoesser Hogeterp, Sanchez Rodriguez. DOCX document preview.
Chapter 4
Information Security and Controls
Question Type: True/False
1) The goal of risk management is to reduce risk to acceptable levels.
Difficulty: Easy
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 4.4 What Organizations Are Doing to Protect Information Resources
AACSB: Use of Information Technology
Bloomcode: Knowledge
2) The security of each computer on the Internet is independent of the security of all other computers on the Internet.
Difficulty: Easy
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.
Section Reference: 4.1 Introduction to Information Security
AACSB: Use of Information Technology
Bloomcode: Knowledge
3) The computing skills necessary to be a hacker are decreasing.
Difficulty: Easy
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.
Section Reference: 4.1 Introduction to Information Security
AACSB: Use of Information Technology
Bloomcode: Knowledge
4) Human errors cause more than half of the security-related problems in many organizations.
Difficulty: Easy
Learning Objective: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Section Reference: 4.2 Unintentional Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
5) The higher the level of an employee in organization, the greater the threat that he or she poses to the organization.
Difficulty: Easy
Learning Objective: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Section Reference: 4.2 Unintentional Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
6) Dumpster diving is always illegal because it involves trespassing on private property.
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
7) Software can be copyrighted.
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
8) Trojan horses are software programs that hide in other computer programs and reveal their designed behaviour only when they are activated.
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
9) Zero-day attacks use deceptive e-mails to acquire sensitive personal information.
Difficulty: Medium
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Comprehension
10) In most cases, cookies track your path through websites and are therefore invasions of your privacy.
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
11) Cyberterrorism and cyberwarfare can attack supervisory control and data acquisition (SCADA) systems to cause widespread physical damage.
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
12) Supervisory control and data acquisition (SCADA) systems require human data input.
Difficulty: Medium
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Comprehension
13) Cyberterrorism is usually carried out by nations.
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
14) IT security is the responsibility of everyone in the organization.
Difficulty: Easy
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 4.4 What Organizations Are Doing to Protect Information Resources
AACSB: Use of Information Technology
Bloomcode: Knowledge
15) Risk analysis involves determining whether security programs are working.
Difficulty: Medium
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 4.4 What Organizations Are Doing to Protect Information Resources
AACSB: Use of Information Technology
Bloomcode: Comprehension
16) A password refers to “something the user is.”
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
17) Organizations utilize layers of controls because they face so many diverse threats to information security.
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
18) Public-key encryption uses two different keys, one public and one private.
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
19) Voice recognition is an example of “something a user does” authentication.
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
20) Organizations use authentication to establish privileges to systems operations.
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
21) The area located between two firewalls within an organization is called the demilitarized zone.
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
22) A VPN is a network within the organization.
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
23) A URL that begins with “https” rather than “http” indicates that the site transmits using an extra layer of security called transport layer security.
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
24) Backup plans are not always necessary.
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
25) Social engineers often impersonate legitimate employees.
Difficulty: Easy
Learning Objective: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Section Reference: 4.2 Unintentional Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
26) Cookies in your web browser are not tracked by businesses.
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attack.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
27) SCADA attacks like Stuxnet are an act of cyberwarfare.
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
28) Authentication and authorization are synonyms.
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each on.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
29) The main purpose for the attack on Sony Pictures Entertainment on November 24, 2014, was to stop the release of the movie The Interview.
Difficulty: Medium
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.
Section reference: Case 4.1 The Sony Pictures Entertainment Hack
AACSB: Use of Information Technology
Bloomcode: Knowledge
30) You start a dog-walking service, and you store your client’s records on your smart phone. You don’t need to worry about information security.
Difficulty: Easy
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one
Section Reference: 4.1 Introduction to Information Security
AACSB: Use of Information Technology
Bloomcode: Knowledge
Question Type: Multiple Choice
31) Which of the following is not a consequence of poor information security practices?
a) Stolen information
b) Stolen identities
c) Financial loss
d) Loss of service
e) All of the above are consequences of poor information security practices.
Difficulty: Easy
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.
Section Reference: Introduction
AACSB: Use of Information Technology
Bloomcode: Knowledge
32) The Heartbleed bug is an encryption security flaw in the ___________ software package that was an _____________ mistake by the software developer.
a) Microsoft; intended
b) Microsoft; unintended
c) OpenSSL; intended
d) OpenSSL; unintended
Difficulty: Medium
Learning Objective: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Section Reference: IT’s About Business 4.1: The Heartbleed Bug
AACSB: Use of Information Technology
Bloomcode: Knowledge
33) Which of the following factors is not increasing the threats to information security?
a) Smaller computing devices
b) Downstream liability
c) The Internet
d) Limited storage capacity on portable devices
e) Due diligence
Difficulty: Medium
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.
Section Reference: 4.1 Introduction to Information Security
AACSB: Use of Information Technology
Bloomcode: Comprehension
34) The computing skills necessary to be a hacker are decreasing for which of the following reasons?
a) More information systems and computer science departments are teaching courses on hacking so that their graduates can recognize attacks on information assets.
b) Computer attack programs, called scripts, are available for download from the Internet.
c) International organized crime is training hackers.
d) Cybercrime is much more lucrative than regular white-collar crime.
e) Almost anyone can buy or access a computer today.
Difficulty: Hard
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.
Section Reference: 4.1 Introduction to Information Security
AACSB: Use of Information Technology
Bloomcode: Comprehension
35) Rank the following in terms of dollar value of the crime, from highest to lowest.
a) Robbery – white-collar crime – cybercrime
b) White-collar crime – extortion – robbery
c) Cybercrime – white-collar crime – robbery
d) Cybercrime – robbery – white-collar crime
e) White-collar crime – burglary – robbery
Difficulty: Medium
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.
Section Reference: 4.1 Introduction to Information Security
AACSB: Use of Information Technology
Bloomcode: Comprehension
36) A ______ is any danger to which an information resource may be exposed.
a) vulnerability
b) risk
c) control
d) threat
e) compromise
Difficulty: Easy
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.
Section Reference: 4.1 Introduction to Information Security
AACSB: Use of Information Technology
Bloomcode: Knowledge
37) An information system’s _______ is the possibility that the system will be harmed by a threat.
a) vulnerability
b) risk
c) control
d) danger
e) compromise
Difficulty: Easy
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.
Section Reference: 4.1 Introduction to Information Security
AACSB: Use of Information Technology
Bloomcode: Knowledge
38) The most overlooked people in information security are:
a) consultants and temporary hires.
b) secretaries and consultants.
c) contract labourers and executive assistants.
d) janitors and guards.
e) executives and executive secretaries.
Difficulty: Easy
Learning Objective: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Section Reference: 4.2 Unintentional Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
39) Employees in which functional areas of the organization pose particularly grave threats to information security?
a) Human resources, finance
b) Human resources, information systems
c) Finance, marketing
d) Operations management, management information systems
e) Finance, management information systems
Difficulty: Easy
Learning Objective: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Section Reference: 4.2 Unintentional Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
40) Unintentional threats to information systems include all of the following except:
a) Malicious software
b) Tailgating
c) Power outage
d) Lack of user experience
e) Tornados
Difficulty: Medium
Learning Objective: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Section Reference: 4.2 Unintentional Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Comprehension
41) _____ involves building an inappropriate trust relationship with employees for the purpose of gaining sensitive information or unauthorized access privileges.
a) Tailgating
b) Hacking
c) Spoofing
d) Social engineering
e) Spamming
Difficulty: Easy
Learning Objective: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Section Reference: 4.2 Unintentional Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
42) The cost of a stolen laptop includes all of the following except:
a) Loss of intellectual property
b) Loss of data
c) Backup costs
d) Loss of productivity
e) Replacement cost
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
43) Dumpster diving is:
a) always illegal because it is considered trespassing.
b) never illegal because it is not considered trespassing.
c) typically committed for the purpose of identity theft.
d) always illegal because individuals own the material in the dumpster.
e) always legal because the dumpster is not owned by private citizens.
Difficulty: Medium
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Comprehension
44) Cybercriminals can obtain the information they need in order to assume another person’s identity by:
a) infiltrating an organization that stores large amounts of personal information.
b) phishing.
c) hacking into a corporate database.
d) stealing mail.
e) All of the above are strategies to obtain information to assume another person’s identity.
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
45) A _____ is intellectual work that is known only to a company and is not based on public information.
a) copyright
b) patent
c) trade secret
d) knowledge base
e) private property
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
46) A pharmaceutical company’s research and development plan for a new class of drugs would be best described as which of the following?
a) Copyrighted material
b) Patented material
c) A trade secret
d) A knowledge base
e) Public property
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
47) A _____ is a document that grants the holder exclusive rights on an invention for 20 years.
a) copyright
b) patent
c) trade secret
d) knowledge base
e) private property notice
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
48) An organization’s e-mail policy has the least impact on which of the following software attacks?
a) Virus
b) Worm
c) Phishing
d) Denial-of-service attack
e) Spear phishing
Difficulty: Hard
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Comprehension
49) _____ are segments of computer code that attach to existing computer programs and perform malicious acts.
a) Viruses
b) Worms
c) Trojan horses
d) Back doors
e) Logic bombs
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
50) _____ are software programs that hide in other computer programs and reveal their designed behaviour only when they are activated.
a) Viruses
b) Worms
c) Trojan horses
d) Back doors
e) Logic bombs
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
51) _____ are segments of computer code embedded within an organization’s existing computer programs that activate and perform a destructive action at a certain time or date.
a) Viruses
b) Worms
c) Trojan horses
d) Back doors
e) Logic bombs
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
52) A _____ attack uses deception to fraudulently acquire sensitive personal information by masquerading as an official e-mail.
a) Virus
b) Denial-of-service
c) Distributed denial-of-service
d) Phishing
e) Brute force dictionary
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
53) In a _____ attack, a coordinated stream of requests is launched against a target system from many compromised computers at the same time.
a) phishing
b) virus
c) worm
d) back door
e) distributed denial-of-service
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
54) The term _____ refers to clandestine software that is installed on your PC through duplicitous channels but is not particularly malicious.
a) alien software
b) virus
c) worm
d) back door
e) logic bomb
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
55) Which of the following is/are designed to use your computer as a launch pad for sending unsolicited e-mail to other computers?
a) Spyware
b) Spamware
c) Adware
d) Viruses
e) Worms
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
56) When companies attempt to counter _____ by requiring users to accurately select characters in turn from a series of boxes, attackers respond by using _____.
a) keyloggers; screen scrapers
b) screen scrapers; uninstallers
c) keyloggers; spam
d) screen scrapers; keyloggers
e) spam; keyloggers
Difficulty: Medium
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Comprehension
57) _____ is the process in which an organization assesses the value of each asset being protected, estimates the probability that it will be compromised, and compares the probable costs of an attack with the costs of protecting the asset.
a) Risk management
b) Risk analysis
c) Risk mitigation
d) Risk acceptance
e) Risk transference
Difficulty: Easy
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 5.4 What Organizations Are Doing to Protect Information Resources
AACSB: Use of Information Technology
Bloomcode: Knowledge
58) Which of the following statements is false?
a) Credit card companies usually block stolen credit cards rather than prosecute.
b) People tend to shortcut security procedures because the procedures are inconvenient.
c) It is easy to assess the value of a hypothetical attack.
d) The online commerce industry isn’t willing to install safeguards on credit card transactions.
e) The cost of preventing computer crimes can be very high.
Difficulty: Easy
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 4.4 What Organizations Are Doing to Protect Information Resources
AACSB: Use of Information Technology
Bloomcode: Knowledge
59) In _____, the organization takes concrete actions against risks.
a) risk management
b) risk analysis
c) risk mitigation
d) risk acceptance
e) risk transference
Difficulty: Easy
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 4.4 What Organizations Are Doing to Protect Information Resources
AACSB: Use of Information Technology
Bloomcode: Knowledge
60) Which of the following is not a strategy for mitigating the risk of threats against information?
a) Continue operating with no controls and absorb any damages that occur.
b) Transfer the risk by purchasing insurance.
c) Implement controls that minimize the impact of the threat.
d) Install controls that block the risk.
e) All of the above are strategies for mitigating risk.
Difficulty: Easy
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 4.4 What Organizations Are Doing to Protect Information Resources
AACSB: Use of Information Technology
Bloomcode: Knowledge
61) In _____, the organization purchases insurance as a means to compensate for any loss.
a) risk management
b) risk analysis
c) risk mitigation
d) risk acceptance
e) risk transference
Difficulty: Easy
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 4.4 What Organizations Are Doing to Protect Information Resources
AACSB: Use of Information Technology
Bloomcode: Knowledge
62) Which of the following statements concerning the difficulties in protecting information resources is not correct?
a) Computing resources are typically decentralized.
b) Computer crimes often remain undetected for a long period of time.
c) Rapid technological changes ensure that controls are effective for years.
d) Employees typically do not follow security procedures when the procedures are inconvenient.
e) Computer networks can be located outside the organization.
Difficulty: Medium
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 4.4 What Organizations Are Doing to Protect Information Resources
AACSB: Use of Information Technology
Bloomcode: Comprehension
63) _____ controls are concerned with user identification, and they restrict unauthorized individuals from using information resources.
a) Access
b) Physical
c) Data security
d) Administrative
e) Input
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
64) Access controls involve _______ before _______.
a) biometrics, signature recognition
b) authentication, authorization
c) iris scanning, voice recognition
d) strong passwords, biometrics
e) authorization, authentication
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
65) Biometrics are an example of:
a) something the user is.
b) something the user wants.
c) something the user has.
d) something the user knows.
e) something the user does.
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
66) Voice and signature recognition are examples of:
a) something the user is.
b) something the user wants.
c) something the user has.
d) something the user knows.
e) something the user does.
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
67) Passwords and passphrases are examples of:
a) something the user is.
b) something the user wants.
c) something the user has.
d) something the user knows.
e) something the user does.
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
68) Which of the following is not a characteristic of strong passwords?
a) They are difficult to guess.
b) They contain special characters.
c) They are not a recognizable word.
d) They are not a recognizable string of numbers
e) They tend to be short so they are easy to remember.
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
69) Which of the following is not an example of a weak password?
a) IloveIT
b) 08141990
c) 9AmGt/*
d) Rainer
e) InformationSecurity
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
70) Bob is using public key encryption to send a message to Ted. Bob encrypts the message with Ted’s _____ key, and Ted decrypts the message using his _____ key.
a) public, public
b) public, private
c) private, private
d) private, public
e) None of these
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
71) Which of the following statements concerning firewalls is not true?
a) Firewalls prevent unauthorized Internet users from accessing private networks.
b) Firewalls examine every message that enters or leaves an organization’s network.
c) Firewalls filter network traffic according to categories of activities that are likely to cause problems.
d) Firewalls filter messages the same way as anti-malware systems do.
e) Firewalls are sometimes located inside an organization’s private network.
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
72) In a process called _____, a company allows nothing to run unless it is approved, whereas in a process called _____, the company allows everything to run unless it is not approved.
a) whitelisting, blacklisting
b) whitelisting, encryption
c) encryption, whitelisting
d) encryption, blacklisting
e) blacklisting, whitelisting
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
73) Organizations use hot sites, warm sites, and cold sites to insure business continuity. Which of the following statements is not true?
a) A cold site has no equipment.
b) A warm site has no user workstations.
c) A hot site needs to be located close to the organization’s offices.
d) A hot site duplicates all of the organization’s resources.
e) A warm site does not include actual applications.
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
74) Shodan’s primary purpose is ___________.
a) to be a hacker website
b) to be a service that searches the Internet for devices connected to the Internet
c) to be a website that shows which devices are vulnerable to hackers
d) to help users search for other people who use similar devices
Difficulty: Medium
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: IT’s About Business 4.2 Shodan: Good Tool or Bad Tool?
AACSB: Use of Information Technology
Bloomcode: Knowledge
75) Shodan is used for _________.
a) creating a backdoor
b) SCADA attacks
c) spreading viruses
d) phishing
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: IT’s About Business 4.2 Shodan: Good Tool or Bad Tool?
AACSB: Use of Information Technology
Bloomcode: Knowledge
76) Discuss the possible consequences of a terrorist attack on a supervisory control and data acquisition (SCADA) system.
Difficulty: Hard
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Comprehension
77) According to the “Catching a Hacker” case, ____________ is one of the most sophisticated and destructive malicious software programs ever developed.
a) the Heartbleed bug
b) FireEye
c) Shodan
d) SpyEye
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: IT’s About Business 4.3 Catching a Hacker
AACSB: Use of Information Technology
Bloomcode: Knowledge
78) Your company’s headquarters was just hit head-on by a hurricane, and the building has lost power. The company sends you to their hot site to minimize downtime from the disaster. Which of the following statements is true?
a) The site will not have any servers.
b) The site will not have any workstations, so you need to bring your laptop.
c) The site is probably in the next town.
d) The site should be an almost exact replica of the IT configuration at headquarters.
e) The site will not have up-to-date data.
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
79) You receive an e-mail from your bank informing you that they are updating their records and need your password. Which of the following statements is true?
a) The message could be an industrial espionage attack.
b) The message could be a phishing attack.
c) The message could be a denial-of-service attack.
d) The message could be a back-door attack.
e) The message could be a Trojan horse attack.
Difficulty: Medium
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Comprehension
80) You start a new job, and the first thing your new company wants you to do is create a user ID and a password. Which of the following would be a strong password?
a) The name of the company
b) Your last name
c) Your birthdate
d) Your initials (capitalized) and the number of the floor you are on
e) The name of the company spelled backward
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
81) You start a new job, and Human Resources gives you a 10-page document that outlines the employee responsibilities for information security. Which of the following statements is most likely to be true?
a) The document recommends that login passwords be left on a piece of paper in the centre desk drawer so that others can use the laptop if necessary.
b) You are expected to read the document, and you could be reprimanded if you don’t follow its guidelines.
c) You can back up sensitive data to a thumb drive so you can take them home to work with.
d) The document indicates that you can leave your laptop unlocked if you leave your desk for less than an hour.
e) The document permits you to lend your laptop to your brother for the weekend.
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
82) Which of the following is not a way you can protect yourself online?
a) Creating a complex password
b) Clicking only on links from friends
c) Installing antivirus software
d) Manage your privacy settings
Difficulty: Hard
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
83) In the “Catching a Hacker” case study. The purpose of SpyEye is to _____________.
a) catch hackers in the act of hacking
b) collect personal and financial information
c) facilitate SCADA attacks by seeing which systems are vulnerable
d) watch what you do on your computer
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: IT’s About Business 4.3: Catching a Hacker
AACSB: Use of Information Technology
Bloomcode: Knowledge
84) Which of the following is a characteristic of backups?
a) They prevent computer failures.
b) They never have any problems.
c) They should only be done on a USB drive.
d) They make it easy to restore data.
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
85) A(n) ______________ is any danger to which a system may be exposed.
a) attack
b) security failure
c) threat
d) vulnerability
Difficulty: Easy
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.
Section Reference: 4.1 Introduction to Information Security
AACSB: Use of Information Technology
Bloomcode: Knowledge
86) Which of the following is not a factor increasing the vulnerability of information resources?
a) Business environments are more connected than ever.
b) Our small, portable devices are much easier to steal or lose.
c) Hacking is more difficult, but hackers are more skilled.
d) Management support is lacking.
Difficulty: Easy
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.
Section Reference: 4.1 Introduction to Information Security
AACSB: Use of Information Technology
Bloomcode: Knowledge
87) The Internet is a(n) ___________ network.
a) trusted
b) untrusted
c) neutral
d) unbiased
Difficulty: Medium
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.
Section Reference: 4.1 Introduction to Information Security
AACSB: Use of Information Technology
Bloomcode: Comprehension
88) The employees who pose the biggest risk to information security work in _____________.
a) customer service
b) IT
c) marketing
d) sales
Difficulty: Easy
Learning Objective: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Section Reference: 4.2 Unintentional Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
89) Being careless with your computing devices is ______________.
a) a deliberate threat
b) a human error
c) an intentional threat
d) social engineering
Difficulty: Easy
Learning Objective: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Section Reference: 4.2 Unintentional Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
90) Not logging off the company network when gone from the office for any extended period of time is an example of which type of human mistake?
a) Carelessness with computing devices
b) Poor password selection and use
c) Carelessness with one’s office
d) Carelessness using unmanaged devices
Difficulty: Easy
Learning Objective: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Section Reference: 4.2 Unintentional Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
91) Social engineering is typically _____________ human error on the part of an employee, but it is _____________ on the part of the attacker.
a) intentional, unintentional
b) intentional, intentional
c) unintentional, intentional
d) unintentional, unintentional
Difficulty: Easy
Learning Objective: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Section Reference: 4.2 Unintentional Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
92) ____________ is an intellectual work, such as a business plan, that is a company secret and is not based on public information.
a) Copyright
b) Intellectual property
c) Patent
d) Trade secret
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
93) The main goal of phishing is _______________.
a) espionage
b) identity theft
c) sabotage
d) cyberterrorism
Difficulty: Medium
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Comprehension
94) A copyright provides creators of intellectual property with ownership of the property for the life of the creator plus _________ years.
a) 20
b) 50
c) 70
d) 100
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
95) A segment of computer code that performs malicious actions and will spread by itself without requiring another computer program:
a) Logic bomb
b) Trojan horse
c) Virus
d) Worm
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
96) ___________ record(s) a continuous “movie” of what you do on a screen.
a) Adware programs
b) Keystroke loggers
c) Screen scrapers
d) Spamware
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
97) The Target data breach started with a ____________.
a) back-door attack
b) denial-of-service attack
c) logic bomb
d) phishing attack
Difficulty: Hard
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: Case 4.2 Lessons Learned from the Target Data Breach
AACSB: Use of Information Technology
Bloomcode: Knowledge
98) Biometrics is something the user _______.
a) does
b) has
c) is
d) knows
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
99) _______________ assesses the value of each asset being protected, estimates the probability it might be compromised, and compares the probable costs of it being compromised with the cost of protecting it.
a) Risk analysis
b) Risk determination
c) Risk management
d) Risk mitigation
Difficulty: Easy
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 4.4 What Organizations Are Doing to Protect Information Resources
AACSB: Use of Information Technology
Bloomcode: Knowledge
100) Risk _________ involves minimizing the impact of a threat.
a) acceptance
b) diversion
c) limitation
d) transference
Difficulty: Easy
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 4.4 What Organizations Are Doing to Protect Information Resources
AACSB: Use of Information Technology
Bloomcode: Knowledge
101) Which of the following is not a reason it is difficult to protect information resources?
a) Many individuals control or have access to information assets.
b) There aren’t enough security procedures in place.
c) It is easy to be a hacker.
d) The costs of preventing hazards can be very high.
Difficulty: Medium
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 4.4 What Organizations Are Doing to Protect Information Resources
AACSB: Use of Information Technology
Bloomcode: Comprehension
102) Purchasing insurance is an example of risk ___________.
a) acceptance
b) diversion
c) limitation
d) transference
Difficulty: Easy
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 4.4 What Organizations Are Doing to Protect Information Resources
AACSB: Use of Information Technology
Bloomcode: Knowledge
103) Walls, doors, and fences are examples of __________ controls.
a) access
b) communications
c) network
d) physical
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
104) ______________ is a process in which a company allows all software to run unless it is on the list.
a) Blacklisting
b) Graylisting
c) Hitlisting
d) Whitelisting
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
105) ______________ is a private network that uses a public network to connect users securely to the organization’s internal systems.
a) SSL
b) VPN
c) URL
d) A firewall
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
106) A DMZ is located ______________.
a) inside the company’s firewalls
b) outside the company’s firewalls
c) between two firewalls
d) on the Internet
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
107) A ___________ site does not include the actual applications the company runs.
a) cold
b) hot
c) warm
d) neutral
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
108) Auditing _____________ the computer means inputs, outputs, and processing are checked.
a) around
b) through
c) using
d) with
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
109) _______________ is a process whereby the organization takes concrete actions against risks, such as implementing controls and developing a disaster recovery plan.
a) Risk
b) Risk analysis
c) Risk management
d) Risk mitigation
Difficulty: Easy
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
Question type: Essay
110) Compare trade secrets, patents, and copyrights as forms of intellectual property.
Difficulty: Medium
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Comprehension
111) Contrast unintentional and deliberate threats to an information resource. Provide examples of both.
Difficulty: Medium
Learning Objective: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Section Reference: 4.2 Unintentional Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Comprehension
112) Contrast the following types of remote attacks: virus, worm, phishing, and spear phishing.
Difficulty: Medium
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Comprehension
113) Contrast the following types of attacks created by programmers: Trojan horse, back door, and logic bomb
Difficulty: Medium
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Comprehension
114) Contrast spyware and spamware.
Difficulty: Easy
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
115) Contrast risk acceptance, risk limitation, and risk transference.
Difficulty: Medium
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 4.4 What Organizations Are Doing to Protect Information Resources
AACSB: Use of Information Technology
Bloomcode: Comprehension
116) Describe public key encryption.
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
117) Compare a hot site, a warm site, and a cold site as strategies for business continuity.
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
118) Contrast the four types of authentication.
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
119) Identify and discuss the factors that are contributing to the increasing vulnerability of organizational information assets.
Difficulty: Hard
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one
Section Reference: 4.1 Introduction to Information Security
AACSB: Use of Information Technology
Bloomcode: Comprehension
120) Define identity theft, and explain the types of problems that it creates for the victims.
Difficulty: Medium
Learning Objective: Discuss the 10 types of deliberate software attacks.
Section Reference: 4.3 Deliberate Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Comprehension
121) Define the principle of least privilege, and consider how an organization’s senior executives might view the application of this principle.
Difficulty: Hard
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
122) Explain why anti-malware software is classified as reactive.
Difficulty: Hard
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
123) Describe how a digital certificate works.
Difficulty: Hard
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
124) Tim ventured out into the world of retail by renting a cart at a local mall. His product is personalized coffee mugs. He uses his laptop to track sales and to process credit card sales. He has a customer mailing list that is updated by customers on the laptop as well. At the end of each day, Tim backs up all of his data to a thumb drive and puts the drive into the laptop case with the laptop. Discuss Tim’s information security strategy.
Difficulty: Medium
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Comprehension
Question type: Fill-in-the-Blank
125) Security is the _____________ against criminal activity, danger, damage, and/or loss.
Difficulty: Easy
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources, and provide a specific example of each one.
Section Reference: 4.1 Introduction to Information Security
AACSB: Use of Information Technology
Bloomcode: Knowledge
126) Social engineering is when the attacker uses _____________ to trick a legitimate employee into providing confidential company information such as passwords.
Difficulty: Easy
Learning Objective: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Section Reference: 4.2 Unintentional Threats to Information Systems
AACSB: Use of Information Technology
Bloomcode: Knowledge
127) Risk is the ___________ that a threat will impact information resources.
Difficulty: Easy
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 4.4 What Organizations Are Doing to Protect Information Resources
AACSB: Use of Information Technology
Bloomcode: Knowledge
128) ______________ is when permission is issued to individuals and groups to do certain activities that can be performed by users of the system.
Difficulty: Easy
Learning Objective: Identify types of controls that organizations can use to protect their information resources, and provide an example of each one.
Section Reference: 4.5 Information Security Controls
AACSB: Use of Information Technology
Bloomcode: Knowledge
129) Risk is the ___________ that a threat will impact information resources.
Difficulty: Easy
Learning Objective: Define the three risk mitigation strategies.
Section Reference: 4.4 What Organizations Are Doing to Protect Information Resources
AACSB: Use of Information Technology
Bloomcode: Knowledge
Legal Notice
Copyright © 2016 by John Wiley & Sons Canada, Ltd. or related companies. All rights reserved.
The data contained in these files are protected by copyright. This manual is furnished under licence and may be used only in accordance with the terms of such licence.
The material provided herein may not be downloaded, reproduced, stored in a retrieval system, modified, made available on a network, used to create derivative works, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise without the prior written permission of John Wiley & Sons Canada, Ltd.
Document Information
Connected Book
Test Bank | Introduction to Info Systems 4th Canadian Edition by Rainer and Sanchez
By Rainer Prince, Splettstoesser Hogeterp, Sanchez Rodriguez