Plug-In B06 Information Security Complete Test Bank nan nan

Business Driven Technology, 8e (Baltzan)

Plug-In B06 Information Security

1) Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident are called insiders.

2) Insiders are illegitimate users who purposely or accidentally misuse their access to the environment to do business.

3) Information security policies detail how an organization will implement the information security plan.

4) Dumpster diving is another security breach for companies and is where people not associated with the company jump into the company's outside garbage bins and try to gather and steal any valuable company products they can resell on eBay.

5) Organizations address security risks through two lines of defense. The first is people and the second is technology.

6) Pretexting is a form of social engineering in which one individual lies to obtain confidential data about another individual.

7) Ransomware is a form of social engineering in which one individual lies to obtain confidential data about another individual.

8) Through social engineering, hackers use their social skills to trick people into revealing access credentials or other valuable information.

9) Through pretexting, hackers use their social skills to trick people into revealing access credentials or other valuable information.

10) The three primary information security areas are 1) authentication and authorization, 2) policies and rewards, and 3) detection and response.

11) Tokens are small electronic devices that change user passwords automatically.

12) The technique to gain personal information for the purpose of identity theft, often through fraudulent emails that look as though they came from legitimate businesses, is called phishing.

13) A process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space is called authentication.

14) One of the most ineffective ways to set up authentication techniques is by setting up user IDs and passwords.

15) Biometrics is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting.

16) A firewall scrambles information into an alternative form that requires a key or password to decrypt.

17) Identity theft is the forging of someone's identity for the purpose of fraud.

18) Identity theft is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity.

19) A phishing expedition is a masquerading attack that combines spam with spoofing. The perpetrator sends millions of spam emails that appear to be from a respectable company. The emails contain a link to a website that is designed to look exactly like the company's website. The victim is encouraged to enter his or her username, password, and sometimes credit card information.

20) Spear phishing is a phishing expedition in which the emails are carefully designed to target a particular person or organization.

21) Spear phishing is a phone scam that attempts to defraud people by asking them to call a bogus telephone number to "confirm" their account information.

22) Phishing reroutes requests for legitimate websites to false websites.

23) A zombie is a program that secretly takes over another computer for the purpose of launching attacks on other computers.

24) A zombie farm is a group of computers on which a hacker has planted zombie programs.

25) A pharming attack uses of a zombie farm, often by an organized crime association, to launch a massive phishing attack.

26) Worms are computer viruses that wait for a specific date before executing their instructions.

27) Decrypt information is to decode it and is the opposite of encrypt.

28) Cryptography is the science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them.

29) A certificate authority is a trusted third party, such as VeriSign, that validates user identities by means of digital certificates.

30) A certificate authority is a data file that identifies individuals or organizations online and is comparable to a digital signature.

31) A voiceprint is a data file that identifies individuals or organizations online and is comparable to a digital signature.

32) A voiceprint is a set of measurable characteristics of a human voice that uniquely identifies an individual. These characteristics, which are based on the physical configuration of a speaker's mouth and throat, can be expressed as a mathematical formula. Unfortunately, biometric authentication such as voiceprints can be costly and intrusive.

33) Single-factor authentication is the traditional security process, which requires a username and password.

34) Two-factor authentication requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token).

35) Multifactor authentication requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification).

36) Multifactor authentication is the traditional security process, which requires a username and password.

37) Single-factor authentication requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification).

38) Single-factor authentication requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token).

39) The goal of multifactor authentication is to make it difficult for an unauthorized person to gain access to a system because, if one security level is broken, the attacker will still have to break through additional levels.

40) What are the first two lines of defense a company should take when addressing security risks?

A) Technology first, customers second

B) Technology first, people second

C) Innovation first, technology second

D) People first, technology second

41) Which of the below represents the biggest problem of information security breaches?

A) People misusing organizational information

B) Technology failures

C) Customers misusing organizational systems

D) Company departments missing sales goals

42) Angela works for an identity protection company that maintains large amounts of sensitive customer information such as usernames, passwords, personal information, and social security numbers. Angela and a coworker decide to use the sensitive information to open credit cards in a few of her customer's names. This is a classic example of which of the following security breaches?

A) A social engineer

B) An insider

C) A spammer

D) A dumpster diver

43) Using one's social skills to trick people into revealing access credentials or other valuable information is called ________.

A) social engineering

B) social media

C) social viruses

D) social processes

44) What is it called when a hacker looks through your trash to find personal information?

A) Striker bunny

B) Dumpster diving

C) Trash retrieval

D) Approved consent

45) What is a form of social engineering in which one individual lies to obtain confidential data about another individual?

A) Dumpster texting

B) Dumpster diving

C) Trash retrieval

D) Pretexting

46) What is pretexting?

A) A form of social engineering in which one individual lies to obtain confidential data about another individual.

B) A hacker looks through your trash to find personal information.

C) Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident.

D) Malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines.

47) What is dumpster diving?

A) A form of social engineering in which one individual lies to obtain confidential data about another individual.

B) A hacker that looks through your trash to find personal information.

C) Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident.

D) Malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines.

48) What is an insider?

A) A form of social engineering in which one individual lies to obtain confidential data about another individual.

B) A hacker looks through your trash to find personal information.

C) Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident.

D) Malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines.

49) What is a destructive agent?

A) A form of social engineering in which one individual lies to obtain confidential data about another individual.

B) A hacker looks through your trash to find personal information.

C) Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident.

D) Malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines.

50) Working at a ski resort in the mountains has its own unique security issues. Kenny is the chief information officer for Sundance Ski Resort, and he is faced with both physical and information security threats every month. Since the resort implemented a new software system, they have been having larger number of threats and breaches of company information. He suspects that this may be caused by an internal employee. He needs to clarify and establish what type of plan to help reduce further problems?

A) An information security plan

B) An ethical information policy

C) An antivirus plan

D) None of these

51) eBay is an example of an online company that has been faced with numerous security issues. For example, imagine you purchase a digital camera on eBay. Three months later you might receive an email asking you to log in to the system to update your credit card or PayPal information. Of course, this email is not actually from eBay and as soon as you log in your information will be stolen. What type of information security breach would you consider this to be?

A) An Insider

B) Dumpster diving

C) Social engineering

D) Phishing

52) Which of the following is an example of a way to maintain information security that a company should include in their information security policies?

A) Requiring computer users to log off before leaving for lunch

B) Never sharing user or password information with anyone

C) Changing passwords every 30–60 days

D) All of these

53) Janet is a financial aid counselor at a local community college and she shares an office with her three coworkers. Janet feels safe in her office environment and frequently leaves her username and password on a sticky note next to her computer. Without realizing it Janet is creating the potential for which type of information security breach to occur?

A) Insiders to hack into the college system

B) Dumpster diving to find usernames and passwords

C) Viruses and worms to spread through the college system

D) All of these

54) Applications allowed to be placed on the corporate network, like IM software, and corporate computer equipment used for personal reason on personal networks are two areas that should be addressed by managers in which of the below company policies?

A) Information ethics policy

B) Information security policy

C) Information technology plan

D) All of these

55) Which of the following represents the three areas where technology can aid in the defense against information security attacks?

A) Authentication and authorization, prevention and resistance, prevention and response

B) Authentication and authorization, prevention and response, detection and response

C) Analyzing and authenticating, prevention and repositioning, detection and response

D) Authentication and authorization, prevention and resistance, detection and response

56) What is forging of someone's identity for the purpose of fraud?

A) Identity crisis

B) Identity theft

C) Ediscovery

D) All of these

57) What is the difference between phishing and pharming?

A) Phishing is not illegal, pharming is illegal

B) Phishing is the right of the company, where pharming is the right of the individual

C) Phishing is a technique to gain personal information for the purpose of identity theft, and pharming reroutes requests for legitimate websites to false websites

D) All of these

58) Imagine you accidently mistype the URL for your bank and you are redirected to a fake website that collects your information. What type of identity theft were you just a victim of?

A) Pharming

B) Worm holes

C) Phishing

D) Insider hacking

59) What area of information security focuses on preventing identity theft, phishing, and pharming scams?

A) Prevention and resistance

B) Detection and authorizing

C) Detection and response

D) Authentication and authorization

60) What is the process that provides a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space?

A) Pharming

B) Authentication

C) Authorization

D) Programming

61) What is a method for confirming users' identities?

A) Phishing

B) Authentication

C) Authorization

D) Programming

62) The most secure procedures combine which of the following authentication and authorization techniques?

A) Something the user knows, such as a user ID and password

B) Something the user has, such as a smart card or token

C) Something that is part of the user, such as a fingerprint or voice signature

D) All of these

63) A smart card is a device the size of a credit card that contains embedded technology that stores information and small amounts of software, and can act as ________.

A) identification instruments

B) a form of digital cash

C) a data storage device

D) All of these

64) The best and most effective way to manage authentication is through ________.

A) smart technology card

B) tokens

C) biometrics

D) passwords

65) Which of the following is not considered a form of biometrics?

A) Iris scan

B) Password

C) Fingerprint

D) Handwriting

66) Which of the following is the main drawback of biometrics?

A) It is considered illegal

B) It is viewed as an invasion of privacy

C) It can be costly and intrusive

D) It requires constant monitoring and upgrading

67) How do prevention and resistance technologies stop intruders from accessing and reading sensitive information?

A) Content filtering, encryption, and firewalls

B) Calculating, locking, and firewalls

C) Content prohibiting, and cookies

D) None of these

68) Which of the following occurs when organizations use software that filters content, such as email, to prevent the accidental or malicious transmission of unauthorized information?

A) Antivirus software

B) Content filtering

C) Encryption

D) Firewalls

69) What prevention technique scrambles information into an alternative form that requires a key or password to decrypt?

A) Encryption

B) Content filtering

C) Firewalls

D) Antivirus software

70) What can encryption technology perform?

A) Switch the order of characters

B) Replace characters with other characters

C) Insert or remove characters

D) All of these

71) What type of encryption technology uses multiple keys, one for public and one for private?

A) Private key encryption

B) Policy key encryption

C) Public key encryption

D) Protective key code

72) What is a data file that identifies individuals or organizations online and is comparable to a digital signature?

A) Digital code

B) Digital sign

C) Digital certificate

D) Digital card

73) Charles Mott works for a company called VeriSign that acts a trusted third party to verify information. One of Charles' largest clients is CheckMd, which holds and authenticates customer reviews of doctors and dentists online and having a third party validating the reviews is critical to CheckMd's success. What type of authentication technique is VeriSign providing for CheckMD?

A) Firewall

B) Certificate authority

C) Online certificate

D) Digital content certificate

74) What is hardware or software that guards a private network by analyzing incoming and outgoing information for the correct markings?

A) Firewall

B) Certificate authority

C) Online certificate

D) Digital certificate

75) Which of the following protection techniques scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware?

A) Firewall

B) Digital certificate

C) Virus software

D) Antivirus software

76) What must you do with antivirus software to make it protect effectively?

A) Must never upgrade or change vendors

B) Must download a portable button for it to activate

C) Must frequently update it to protect against viruses

D) All of these

77) Which of the following systems is designed with full-time monitoring tools that search for patterns in network traffic to identify intruders and to protect against suspicious network traffic which attempts to access files and data?

A) Interconnected data software (IDS)

B) Intrusion detection software (IDS)

C) Security Information system (SIS)

D) Internet detection scanner (IDS)

78) What is the most secure type of authentication?

A) Something the user knows such as a user ID and password

B) Something the user has such as a smart card or token

C) Something that is part of the user such as a fingerprint or voice signature

D) Combination of all of these

79) What is a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing?

A) Token

B) Password

C) Smart card

D) Biometrics

80) What is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting?

A) Smart card

B) Token

C) Biometrics

D) Content filtering

81) Which of the following is considered a type of biometrics?

A) Voice

B) Face

C) Iris

D) All of these

82) What is a set of measurable characteristics of a human voice that uniquely identifies an individual?

A) Voiceprint

B) Face

C) Iris

D) All of these

83) What is single-factor authentication?

A) The traditional security process, which requires a username and password.

B) Requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token).

C) Requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification).

D) The identification of a user based on physical characteristic such as a fingerprint, iris, face, voice or handwriting.

84) What is multifactor authentication?

A) The traditional security process, which requires a username and password.

B) Requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token).

C) Requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification).

D) The identification of a user based on physical characteristic such as a fingerprint, iris, face, voice or handwriting.

85) What is two-factor authentication?

A) The traditional security process, which requires a username and password.

B) Requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token).

C) Requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification).

D) The identification of a user based on physical characteristic such as a fingerprint, iris, face, voice or handwriting.

86) What is the traditional security process, which requires a username and password?

A) Single-factor authentication

B) Two-factor authentication

C) Multifactor authentication

D) Biometrics

87) What requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification)?

A) Single-factor authentication

B) Two-factor authentication

C) Multifactor authentication

D) Biometrics

88) What requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token)?

A) Single-factor authentication

B) Two-factor authentication

C) Multifactor authentication

D) Biometrics

89) What are biometrics?

A) The traditional security process, which requires a username and password.

B) Requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token).

C) Requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification).

D) The identification of a user based on physical characteristic such as a fingerprint, iris, face, voice, or handwriting.

90) Which of the following authentication methods is 100 percent accurate?

A) Smart card

B) Fingerprint authentication

C) User ID

D) None of these

91) Where do organizations typically place firewalls?

A) Between a personal computer and the server

B) Between a personal computer and a printer

C) Between the server and the content filtering software

D) Between the server and the Internet

92) What is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity?

A) Information secrecy

B) Phishing

C) Phishing expedition

D) Spear phishing

93) What is a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses?

A) Pharming

B) Phishing

C) Phishing expedition

D) Spear phishing

94) What is a masquerading attack that combines spam with spoofing?

A) Pharming

B) Phishing

C) Phishing expedition

D) Spear phishing

95) What is a phone scam that attempts to defraud people by asking them to call a bogus telephone number to "confirm" their account information?

A) Pharming

B) Phishing

C) Phishing expedition

D) Vishing

96) What reroutes requests for legitimate websites to false website?

A) Pharming

B) Phishing

C) Phishing expedition

D) Spear phishing

97) What is information secrecy?

A) The category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity.