Test Bank Ch4 Information Security - Info Systems 9e | Test Bank by Rainer by R. Kelly Rainer. DOCX document preview.
Package Title: Chapter 4, Testbank
Course Title: Rainer, IS 9e
Chapter Number: 4
Question type: Multiple Choice
1) The first quarter of 2020 set the record for data breaches with more than ____ records stolen.
a) 8 million
b) 8 billion
c) 20 million
d) 20 billion
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
2) The ____ web is a part of the internet that is not visible to search engines and requires the use of an anonymizing browser such as ___ to be accessed.
a) black; DuckDuckGo
b) black; Tor
c) dark; DuckDuckGo
d) dark; Tor
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
3) The _____ data breach was the result of the company having a weak hashing format for its passwords.
a) People Data Labs
b) Verifications.io
c) Wawa
d) Wishbone
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
4) The _____ data breach was the result of malware on the company’s point-of-sale system.
a) People Data Labs
b) Verifications.io
c) Wawa
d) Wishbone
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
5) The _____ data breach was the result of the company storing unencrypted records.
a) People Data Labs
b) Verifications.io
c) Wawa
d) Wishbone
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
6) ________ is an email validation company.
a) People Data Labs
b) Verifications.io
c) Wawa
d) Wishbone
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
7) The _____ data breach was the result of either customers mishandling data or the company exposing the data itself.
a) People Data Labs
b) Verifications.io
c) Wawa
d) Wishbone
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
8) _____ is a data broker.
a) People Data Labs
b) Verifications.io
c) Wawa
d) Wishbone
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
9) A(n) _________ to an information resource is any danger to which a system may be exposed.
a) exposure
b) risk
c) threat
d) vulnerability
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
10) The _________ of an information resource is the harm, loss, or damage that can result if a threat compromises that resource.
a) exposure
b) risk
c) threat
d) vulnerability
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
11) An information resource’s _________ is the possibility that the system will be harmed by a threat.
a) exposure
b) risk
c) threat
d) vulnerability
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
12) Which of the following does NOT contribute to the increasing vulnerability of organizational information resources?
a) Increasing skills necessary to be a computer hacker
b) International organized crime taking over cybercrime
c) Lack of management support
d) Smaller, faster, cheaper computers and storage devices
e) Today’s interconnected, interdependent, wirelessly networked business environment
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
13) Which of the following does NOT contribute to the increasing vulnerability of organizational information resources?
a) Additional management support
b) Decreasing skills necessary to be a computer hacker
c) International organized crime taking over cybercrime
d) Smaller, faster, cheaper computers and storage devices
e) Today’s interconnected, interdependent, wirelessly networked business environment
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
14) A(n) _________ network is any network within your organization; a(n) _________ network is any network external to your organization.
a) trusted; trusted
b) trusted; untrusted
c) untrusted; trusted
d) untrusted; untrusted
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
15) Computer crimes typically average _________ of dollars.
a) hundreds
b) thousands
c) hundreds of thousands
d) billions
Difficulty: Medium
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
16) For organizations to take security policies and procedures seriously, _____ must set the tone while ____ follow-up with employees.
a) executives; knowledge workers
b) executives; lower-level managers
c) knowledge workers; lower-level managers
d) knowledge workers; executives
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
17) To access Car2Go cars, customers waved their ____-enabled membership card over the windshield.
a) Bluetooth
b) QR code
c) RFID
d) Wi-Fi
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
18) Car2Go’s experience with theft was the result of ____
a) accessing their networks over VPN.
b) dropping their manual background checks.
c) not encrypting their data properly.
d) using unsecure Bluetooth devices.
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Comprehension
Standard 1: AACSB || Technology
19) A major category of unintentional threats is ____.
a) human error
b) malware
c) ransomware
d) ubiquitous computing
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
20) The ____ the level of employee, the great threat he or she poses to information security; ____ employees pose especially significant threats to information security.
a) higher; human resources
b) higher; sales
c) lower; human resources
d) lower; sales
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
21) Careless Internet surfing is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
22) You leave your laptop at your desk while you go to the restroom. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
23) You lose the company’s USB with your sales spreadsheets on it. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
24) You open an e-mail from your friend that looks a little odd, but you figure your friend would never send you anything bad. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
25) You don’t lock your computer when you go to the restroom. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
26) Carelessness using unmanaged devices is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
27) You get a new smartphone and throw your old one away without erasing all your data. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
28) You never wipe the dust off your computer. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
29) _________ is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords.
a) Espionage
b) Malware
c) Profiling
d) Social engineering
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
30) You are a nice person, so you hold the door open for the person running in behind you. Since you needed to use your ID badge to open the door, the person running in behind you is __________; this is _________.
a) shoulder surfing; a good way to show kindness that causes no harm
b) shoulder surfing; an unintentional threat to your organization
c) tailgating; a good way to show kindness that causes no harm
d) tailgating; an unintentional threat to your organization
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
31) _________ is an unintentional threat.
a) Espionage
b) Identity theft
c) Social engineering
d) Software attacks
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
32) _________ occurs when an unauthorized individual attempts to gain illegal access to organizational information.
a) Alien software
b) Espionage
c) Identity theft
d) Information extortion
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
33) _________ occur(s) when an attacker either threatens to steal, or actually steals, information from a company and then demands payment for not carrying out a particular act.
a) Alien software
b) Espionage
c) Information extortion
d) SCADA attacks
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
34) Ransomware is a type of _____.
a) alien software
b) espionage
c) information extortion
d) SCADA attack
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
35) Ransomware attacks typically use _____.
a) alien software
b) malware
c) SCADA attacks
d) whaling attacks
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
36) When cybercriminals threaten to release information to the public, it is called ____.
a) cyberjacking
b) doxxing
c) extortion
d) ransomware-as-a-service
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
37) _________ is a deliberate act that involves defacing an organization’s website, potentially damaging the organization’s image and causing its customers to lose faith.
a) Espionage
b) Sabotage
c) SCADA attacks
d) Software attacks
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
38) If humans are careless with laptops, this is an _________ error which could cause theft of equipment or information (an _________ error) .
a) intentional; intentional
b) intentional; unintentional
c) unintentional; intentional
d) unintentional; unintentional
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
39) Intellectual property is NOT protected under _________ laws.
a) copyright
b) patent
c) privacy
d) trade secret
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
40) A _________ is an intellectual work that is not based on public information.
a) copyright
b) patent
c) trade secret
d) trademark
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
41) A _________ is an official document that grants the holder exclusive rights on an invention or a process for a specified period of time.
a) copyright
b) patent
c) trade secret
d) trademark
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
42) A _________ is a statutory grant that provides the creators or owners of intellectual property with ownership of the property for a designated period.
a) copyright
b) patent
c) trade secret
d) trademark
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
43) Current US laws award patents for _________ years and copyright protection for _________ years.
a) 20; 20
b) 20; life+70
c) life+70; 20
d) life+70; life+70
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
44) You purchased a copy of Microsoft Office and give a copy to a friend so he/she doesn’t have to buy it too. This is _________ and is _________.
a) piracy; legal
b) piracy; illegal
c) social engineering; legal
d) social engineering; illegal
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
45) Piracy costs businesses _________ of dollars per year.
a) hundreds
b) millions
c) billions
d) trillions
Difficulty: Hard
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
46) _________ is a remote attack requiring user action.
a) DoS
b) A logic bomb
c) A Trojan horse
d) Virus
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
47) _________ is a remote attack requiring user action.
a) DoS
b) A back door
c) A Trojan horse
d) A whaling attack
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
48) _________ is a remote attack requiring user action.
a) DDoS
b) A logic bomb
c) A Trojan horse
d) A spear phishing attack
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
49) _________ targets large groups of people.
a) DoS
b) A logic bomb
c) A Trojan horse
d) A spear phishing attack
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
50) _________ is a remote attack requiring no user action.
a) DoS
b) A logic bomb
c) A Trojan horse
d) Virus
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
51) _________ is a remote attack requiring no user action.
a) DoS
b) A logic bomb
c) A Trojan horse
d) A whaling attack
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
52) _________ targets high-value individuals such as senior executives in an attempt to steal sensitive information from a company.
a) DoS
b) A logic bomb
c) A Trojan horse
d) A whaling attack
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
53) _________ is an attack by a programmer developing a system.
a) DoS
b) A phishing attack
c) A Trojan horse
d) Virus
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
54) _________ is an attack by a programmer developing a system.
a) DDoS
b) A whaling attack
c) A back door
d) Virus
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
55) _________ is an attack by a programmer developing a system.
a) DoS
b) A spear phishing attack
c) A logic bomb
d) Worm
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
56) Hackers would use a botnet to perform a _________.
a) DDoS
b) a logic bomb
c) a Trojan horse
d) virus
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
57) A _____ is a segment of computer code that modifies itself.
a) DDoS
b) a logic bomb
c) a Trojan horse
d) a polymorphic virus
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
58) _________ causes pop-up advertisements to appear on your screen.
a) Adware
b) Marketware
c) Spamware
d) Spyware
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
59) _________ collects personal information about users without their consent.
a) Adware
b) Marketware
c) Spamware
d) Spyware
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
60) Keystroke loggers and screen scrapers are examples of _________.
a) adware
b) marketware
c) spamware
d) spyware
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
61) _________ is pestware that users your computer as a launch pad for unsolicited e-mail, usually advertising for products and services.
a) Adware
b) Marketware
c) Spamware
d) Spyware
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
62) Spam costs US companies _________ of dollars per year.
a) hundreds
b) millions
c) billions
d) trillions
Difficulty: Hard
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
63) If a hacker takes control of equipment such as power grids or nuclear power plants, this is an example of a(n) _________ attack.
a) DOS
b) espionage
c) SCADA
d) virus
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
64) _________ refers to malicious acts in which attackers use a target’s computer systems to cause physical, real-world harm or severe disruption, often to carry out a political agenda.
a) A SCADA attack
b) Cyberterrorism
c) Espionage
d) Identity theft
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
65) In the ____ ransomware attack, the organization paid the hackers 116.4 bitcoins.
a) City of New Orleans
b) Heritage Company
c) Norsk Hydro ASA
d) UCSF School of Medicine
Difficulty: Easy
Section Reference 1: IT’s About Business 4.2
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
66) In the ____ ransomware attack, the organization shut down all computers and ordered all employees to shut down their computers and disconnect from Wi-Fi.
a) City of New Orleans
b) Heritage Company
c) Norsk Hydro ASA
d) UCSF School of Medicine
Difficulty: Easy
Section Reference 1: IT’s About Business 4.2
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
67) In the ____ ransomware attack, the IT recovery efforts were not successful and 300 employees were left without jobs.
a) City of New Orleans
b) Heritage Company
c) Norsk Hydro ASA
d) UCSF School of Medicine
Difficulty: Easy
Section Reference 1: IT’s About Business 4.2
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
68) In the ____ ransomware attack, the organization turned to pen and paper to avoid having to pay the ransom.
a) City of New Orleans
b) Heritage Company
c) Norsk Hydro ASA
d) UCSF School of Medicine
Difficulty: Easy
Section Reference 1: IT’s About Business 4.2
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
69) Jim finds out that someone accessed his bank account pretending to be him and stole thousands of dollars. This is an example of ____________.
a) sabotage
b) identity theft
c) intellectual property
d) information extortion
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Technology
70) Sarah received an email that claimed to be from her bank. The email asked her to provide her password. Sarah later found out that the email was not from her bank and that she had given sensitive information to someone who gained access to her accounts. This is an example of a ____________.
a) worm
b) trojan horse
c) phishing attack
d) denial of service attack
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Technology
71) An employee at ABC Inc. downloaded an email and opened the attachment contained within the message. Shortly afterwards all employees were blocked from accessing files on the company’s servers and the criminals told ABC Inc. they would have to pay a large amount of Bitcoin to regain access to their files. ABC Inc. was a victim of ____________.
a) ransomware
b) identity theft
c) spyware
d) cyber warfare
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Technology
72) If you accept the potential risk, continue operating with no controls, and absorb any damages that occur, you have adopted a risk _________ strategy.
a) acceptance
b) avoidance
c) limitation
d) transference
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 4.4: Describe the three risk mitigation strategies and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
73) Your company decides not to implement security procedures because employees refuse to comply anyway. This is an example of risk _________.
a) acceptance
b) avoidance
c) limitation
d) transference
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 4.4: Describe the three risk mitigation strategies and provide an example of each one in the context of owning a home.
Bloomcode: Application
Standard 1: AACSB || Technology
74) If you limit your risk by implementing controls that minimize the impact of the threat, you have implemented a risk _________ strategy.
a) acceptance
b) avoidance
c) limitation
d) transference
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 4.4: Describe the three risk mitigation strategies and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
75) Your company hires Avast to install security software and monitor your systems. This is an example of risk _________.
a) acceptance
b) avoidance
c) limitation
d) transference
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 4.4: Describe the three risk mitigation strategies and provide an example of each one in the context of owning a home.
Bloomcode: Application
Standard 1: AACSB || Technology
76) If you shift your risk by using other means to compensate for the loss like purchasing insurance, you have implemented a risk _________ strategy.
a) acceptance
b) avoidance
c) limitation
d) transference
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 4.4: Describe the three risk mitigation strategies and provide an example of each one in the context of owning a home.
Bloomcode: Comprehension
Standard 1: AACSB || Technology
77) Your company decides to purchase security insurance from Travelers Insurance in case your systems get hacked and employee information is stolen. This is an example of risk _________.
a) acceptance
b) avoidance
c) limitation
d) transference
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 4.4: Describe the three risk mitigation strategies and provide an example of each one in the context of owning a home.
Bloomcode: Application
Standard 1: AACSB || Technology
78) _________ is a physical control.
a) A company gate
b) Encryption
c) A firewall
d) VPN
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
79) _________ is a physical control.
a) A alarm system
b) Encryption
c) A firewall
d) VPN
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
80) _________ is an access control.
a) A company gate
b) Encryption
c) A firewall
d) RFID
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
81) _________ is a communications control.
a) A company gate
b) Encryption
c) A firewall
d) RFID
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
82) _________ controls prevent unauthorized individuals from gaining access to a company’s facilities.
a) Access
b) Communications
c) Physical
d) Useful
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
83) _________ controls restrict unauthorized individuals from using information resources.
a) Access
b) Communications
c) Physical
d) Useful
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
84) _________ controls secure the movement of data across networks.
a) Access
b) Communications
c) Physical
d) Useful
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
85) Suppose your university automatically logs you off of a university computer after 15 minutes of disuse. This is an example of a(n) _________ control.
a) access
b) communication
c) physical
d) useful
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Analysis
Standard 1: AACSB || Technology
86) A _________ site is a fully configured computer facility with all of the company’s services, communication links, and physical plant operations.
a) cold
b) hot
c) medium
d) warm
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
87) A _________ site typically does not include the actual application the company needs to get the business back up and running immediately.
a) cold
b) hot
c) medium
d) warm
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
88) A _________ site provides only rudimentary services and facilities.
a) cold
b) hot
c) medium
d) warm
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
89) A _________ site is the most expensive option.
a) cold
b) hot
c) medium
d) warm
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
90) A _________ site is the least expensive option.
a) cold
b) hot
c) medium
d) warm
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
91) Suppose you have a primary location in New York City where you main corporate servers are located. Just in case something happens in New York City, you have backup servers that are updated every minute in Chicago. This is an example of a _________ site.
a) cold
b) hot
c) medium
d) warm
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
92) _______ confirms the identity of a person requiring access; _____ determines which actions, rights, or privileges the person has.
a) Authentication; authentication
b) Authentication; authorization
c) Authorization; authentication
d) Authorization; authorization
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
93) Biometrics is a type of _____; least privilege is a type of _____.
a) authentication; authentication
b) authentication; authorization
c) authorization; authentication
d) authorization; authorization
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
94) Biometrics is an example of something the user _________.
a) does
b) has
c) is
d) knows
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
95) Your student ID is an example of something the user _________.
a) does
b) has
c) is
d) knows
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Comprehension
Standard 1: AACSB || Technology
96) If you have to speak into your phone to unlock it, this is an example of something the user _________.
a) does
b) has
c) is
d) knows
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Comprehension
Standard 1: AACSB || Technology
97) Typing in your password to access a system is an example of something the user _________.
a) does
b) has
c) is
d) knows
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
98) A(n) _________ is a system that prevents a specific type of information from moving between untrusted networks and private networks.
a) anti-malware system
b) DMZ
c) ERP
d) firewall
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
99) A(n) _________ is located between two firewalls.
a) BYOD
b) DMZ
c) ERP
d) VPN
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
100) A(n) _________ is a software package that attempts to identify and eliminate viruses and worms.
a) anti-malware system
b) DMZ
c) ERP
d) firewall
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
101) A(n) _________ typically handle web page requests and email.
a) anti-malware system
b) DMZ
c) ERP
d) spamware detector
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
102) _______ listing only allows software on the list to run; _____ allows everything to run unless it is on the list.
a) Black; Red
b) Black; White
c) White; Black
d) White; Red
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
103) _________ is the process of converting an original message into a form that cannot be read by anyone except the intended receiver.
a) Authorization
b) Blacklisting
c) Encryption
d) Firewalling
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
104) In public-key encryption, the _________ key is used for locking and the _________ key is used for unlocking.
a) private; private
b) private; public
c) public; private
d) public; public
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
105) _________ is a private network that uses a public network to connect users.
a) DoS
b) ERP
c) RFID
d) VPN
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
106) Which of the following is NOT an advantage of VPN?
a) Cost
b) Flexibility
c) Remote access
d) Security
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
107) A URL that begins with https uses _________.
a) DMZ
b) ERP
c) TLS
d) VPN
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
108) Dave and Darla are worried about their home’s security as there have been a lot of robberies in the neighborhood lately. To ease their concern, they purchase insurance for their home and possessions. This is an example of __________.
a) risk analysis
b) risk acceptance
c) risk transference
d) controls
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
109) XYZ Inc. scanned the fingerprints of all of their employees and now uses these fingerprints to authenticate their employees and grant them access to different areas of the company’s facilities. XYZ Inc. is utilizing which type of technology?
a) Cookies
b) Intellectual Property
c) Biometrics
d) Malware
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
110) Judith works from home. In order to access her corporate email and other computer systems she logs into a virtual private network (VPN). The VPN is an example of _____________.
a) a communications control
b) a passphrase
c) a digital certificate
d) an audit
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
111) Triple Z Travelsite allows customers to reserve discount hotel rooms and airline tickets with certain companies they have relationships with. In order to secure the credit card information used by customers, which of the following controls would you recommend Triple Z use?
a) Biometrics
b) Transport layer security
c) Whitelisting
d) Audits
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
112) In January 2020, Robert Williams was arrested by officers of the ____ Police Department due to evidence provided by ______.
a) Chicago; facial recognition software
b) Chicago; a machine learning algorithm
c) Detroit; facial recognition software
d) Detroit; a machine learning algorithm
Difficulty: Easy
Section Reference 1: IT’s About Business 4.3
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
113) Detroit’s police chief admitted that facial recognition technology used by the department misidentified subjects about ____ percent of the time.
a) 4
b) 44
c) 66
d) 96
Difficulty: Easy
Section Reference 1: IT’s About Business 4.3
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
114) ______________ schemes involve creating compelling scam emails often purporting to be from senior executives.
a) Business email compromise
b) Phishing
c) Social business engineering
d) Spearphishing
Difficulty: Easy
Section Reference 1: Closing Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
115) Encrochat modified ____ to allow criminals to be anonymous but was shut down due to an attack from ____.
a) Android phones; a nation-state
b) Android phones; ransomware hackers
c) iPhones; a nation-state
d) iPhones; ransomware hackers
Difficulty: Easy
Section Reference 1: Closing Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
116) Necurs operated a ______ that was disrupted by ____.
a) botnet; Google
b) botnet; Microsoft
c) cyberjacking network; Google
d) cyberjacking network; Microsoft
Difficulty: Easy
Section Reference 1: Closing Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
117) Welcome to Video was a ____ network-based site that accepted _____.
a) Firefox; Bitcoin
b) Firefox; Ethereum
c) Tor; Bitcoin
d) Tor; Ethereum
Difficulty: Easy
Section Reference 1: Closing Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
Question type: True/False
118) Data breaches impacts consumers because they could experience identity theft and companies because they might get sued.
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
119) Data breaches are the most damaging to consumers.
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
119) According to Equifax, more than 50 percent of data breach victims later experience identity theft.
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
120) According to Experian, more than 30 percent of data breach victims later experience identity theft.
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
121) After a data breach, security professionals hope that users change their passwords as soon as they are notified about the breach.
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
122) Information security is the responsibility of executives.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
123) Information security is every employee’s responsibility.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
124) Employee negligence causes many data breaches.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
125) An intranet is a trusted network.
Difficulty: Hard
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Synthesis
Standard 1: AACSB || Technology
126) VPN is a trusted network.
Difficulty: Hard
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Synthesis
Standard 1: AACSB || Technology
127) The internet is an untrusted network.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
128) The computing skills necessary to be a hacker are increasing.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
129) The computing skills necessary to be a hacker are decreasing.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
130) Organized crime is taking over cybercrime.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
131) The recent trend indicates that CEOs lose their jobs after data breaches. In theory, this should impact the “lack of management support” factor that increases the vulnerability of organizational information resources.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
132) Executives must set the tone for cybersecurity but knowledge workers must implement it.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
133) Executives must set the tone for cybersecurity but lower-level managers must implement it.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
134) Cybercrime is typically nonviolent but lucrative.
Difficulty: Medium
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
135) Car2Go asked the New York Police Department for help when their cars were hijacked by theives.
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
136) Car2Go asked the Chicago Police Department for help when their cars were hijacked by theives.
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
137) Car2Go experienced the theft of more than 100 luxury vehicles when they dropped their manual background checks.
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
138) A major category of unintentional threats is human error.
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
139) Lower-level employees pose the greatest threat to information security.
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
140) Executives pose the greatest threat to information security.
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
141) Employees in human resources and information systems pose the greatest threat to information security.
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
142) Janitors and guards are a threat to information security.
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
143) It is always safe to open e-mails and click on links from your friends.
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
144) If a hacker enters a building with an official-looking ID badge. This is considered social engineering.
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
145) Social engineers will often pose as real employees or contractors such as exterminators or fire marshals.
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
146) Social engineering is an unintentional threat on the part of the employee.
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
147) You are a nice person, so you hold the door open for the person running in behind you. Since you needed to use your ID badge to open the door, the person running in behind you is tailgating.
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
148) You need to be particularly careful of tailgating at airport terminals.
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
149) Competitive intelligence and espionage are similar except that competitive intelligence crosses the legal boundary.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
150) Competitive intelligence is legal while espionage is illegal even though both involve collecting information about competitors.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
151) Ransomware is a type of espionage.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
152) Ransomware is a type of information extortion.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
153) Ransomware attacks frequently use spear phishing and whaling attacks.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
154) There is nothing an organization or individual can do to prevent a ransomware attack.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
155) Sabotage of a political website is often conducted by hactivists.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
156) Dumpster diving is always theft and is always illegal.
Difficulty: Hard
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
157) Once a copyright and patent is established, it applies to all countries in the world.
Difficulty: Hard
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
158) You purchased a copy of Microsoft Office and give a copy to a friend so he/she doesn’t have to buy it too. This is piracy and is illegal.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
159) A virus spreads itself without requiring another computer program.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
160) A worm spreads itself without requiring another computer program.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
161) A polymorphic virus modifies itself to avoid detection by anti-malware systems.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
162) A whaling attack targets large groups of people.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
163) A spear phishing attack targets large groups of people.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
164) A whaling attack targets executives.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
165) A phishing attack targets executives.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
166) A DoS is conducted by using a botnet.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
167) A DDoS is conducted by using a botnet.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
168) You are a computer programmer who feels short-changed by your organization. To get back at them, you would most likely use a Trojan horse, back door, or logic bomb.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
169) Stalkerware is a type of adware.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
170) Stalkerware is a type of spyware.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
171) Cookies can be classified as alien software.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
172) SCADA attacks target critical infrastructure.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Comprehension
Standard 1: AACSB || Technology
173) Cyberterrorism is typically carried out by individuals or groups whereas cyberwarfare is carried out by nation states or nonstate actors such as terrorists.
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
174) Hackers who use ransomware only target large companies who can pay a large ransom.
Difficulty: Easy
Section Reference 1: IT’s About Business 4.2
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
175) Hackers who use ransomware target large and small companies.
Difficulty: Easy
Section Reference 1: IT’s About Business 4.2
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
176) Some organizations choose to rebuild their IT infrastructure instead of pay the ransom when they are attacked with ransomware.
Difficulty: Easy
Section Reference 1: IT’s About Business 4.2
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
177) IT security is the business of everyone in an organization.
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 4.4: Describe the three risk mitigation strategies and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
178) People tend to violate security procedures because the procedures are inconvenient.
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 4.4: Describe the three risk mitigation strategies and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
179) If you choose not to protect your information systems, you have adopted a risk acceptance strategy.
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 4.4: Describe the three risk mitigation strategies and provide an example of each one in the context of owning a home.
Bloomcode: Analysis
Standard 1: AACSB || Technology
180) If you choose to spend as much as you can to protect your information systems, you have adopted a risk transference strategy.
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 4.4: Describe the three risk mitigation strategies and provide an example of each one in the context of owning a home.
Bloomcode: Analysis
Standard 1: AACSB || Technology
181) If you choose limit your risk by implementing firewalls and other security measures, you have adopted a risk limitation strategy.
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 4.4: Describe the three risk mitigation strategies and provide an example of each one in the context of owning a home.
Bloomcode: Analysis
Standard 1: AACSB || Technology
182) ID cards address physical and access controls.
Difficulty: Hard
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Evaluation
Standard 1: AACSB || Technology
183) Authentication occurs after authorization.
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
184) Passwords are a huge information security problem for all organizations.
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
185) Weak passwords can be addressed through multi-factor authentication.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
186) Authorization means someone has privileges to do certain things on a system.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Comprehension
Standard 1: AACSB || Technology
187) Anti-malware systems are generally reactive.
Difficulty: Hard
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
188) Whitelisting allows nothing to run unless it is on the whitelist.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
189) Blacklisting allows everything to run unless it is on the list.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
190) People, devices, software, and websites can be blacklisted and whitelisted.
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
191) Employee monitoring systems are illegal and unethical.
Difficulty: Hard
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Synthesis
Standard 1: AACSB || Technology
192) The external audit of information systems is frequently a part of the overall external auditing performed by a CPA firm.
Difficulty: Hard
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
193) People are not liable for fraudulent use of their credit cards.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
194) A CPA firm typically performs an internal business audit.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
195) Facing recognition systems are biased against African-American and Asian-American faces.
Difficulty: Easy
Section Reference 1: IT’s About Business 4.3
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
196) Robert Williams was falsely accused of a robbery due to a failure with facial recognition software.
Difficulty: Easy
Section Reference 1: IT’s About Business 4.3
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
197) Robert Williams was convicted of a robbery due to the accuracy of facial recognition software.
Difficulty: Easy
Section Reference 1: IT’s About Business 4.3
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
198) Cryptojacking is the unauthorzed use of any computing device by cybercriminals to mine for cryptocurrency.
Difficulty: Easy
Section Reference 1: Closing Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
199) With the Have I Been Pwnd, WeLeakInfo, and LeakedSource websites shut down, criminals do not have a way to see a comprehensive list of victim’s credentials.
Difficulty: Easy
Section Reference 1: Closing Case
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
Question type: Text Entry
200) ___ refers to all the processes and policies designed to protect an organization’s information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
201) A(n) ___ to an information resource is any danger to which a system may be exposed.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
202) The ___ of an information resource is the harm, loss, or damage that can result if a threat compromises that resource.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
203) An information resource’s ___ is the possibility that the system will be harmed by a threat.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
204) A(n) __________ network is any network within your organization.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
205) A(n) __________ network is any network external to your organization.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
206) ___ refers to illegal activities conducted over computer networks, particularly the internet.
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
207) ___ is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords.
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Unintentional threats to information systems.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
208) Social engineering is an attack in which the perpetrator uses _________ to trick or manipulate legitimate employees into providing confidential company information such as passwords.
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 4.2: Unintentional threats to information systems.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
209) ___ is also called digital extortion.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
210) ___ involves rummaging through commercial or residential trash to find discarded information.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
211) ___ is the deliberate assumption of another person’s identity, usually to gain access to his or her financial information or to frame him or her for a crime.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
212) A ___ is an intellectual work that is not based on public information.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
213) A ___ is an official document that grants the holder exclusive rights on an invention or a process for a specified period of time.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
214) A ___ is a statutory grant that provides the creators or owners of intellectual property with ownership of the property for a designated period.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
215) Malicious software is called ____.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
216) _________ software is clandestine software that is installed on your computer through duplicitous methods.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
217) ___ is software that collects personal information about users without their consent.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
218) ___ is unsolicited email.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
219) ___ are small amounts of information that websites store on your computer, temporarily or more or less permanently.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
220) ________ refers to malicious acts in which attackers use a target’s computer systems to cause physical, real-world harm or severe disruption often to carry out a political agenda.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
221) ________ refers to malicious acts in which attackers use a target’s computer systems to cause physical, real-world harm or severe disruption often to carry out a political agenda; it is carried out by individuals or groups.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
222) ________ refers to malicious acts in which attackers use a target’s computer systems to cause physical, real-world harm or severe disruption often to carry out a political agenda; it is carried out by nation-states.
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
223) A ___ is the probability that a threat will impact an information resource.
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 4.4: Describe the three risk mitigation strategies and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
224) The goal of risk management is to identify, control, and _____ the impact of threats.
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 4.4: Describe the three risk mitigation strategies and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
225) In risk ___, the organization takes concrete actions against risks.
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 4.4: Describe the three risk mitigation strategies and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
226) A(n) ___________ is an examination of information systems, their inputs, outputs, and processing.
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 4.4: Describe the three risk mitigation strategies and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
227) Information security controls are also called ___.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
228) ___ controls prevent unauthorized individuals from gaining access to a company’s facilities.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
229) ___ is the chain of events linking planning to protection and to recovery.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
230) ___ controls restrict unauthorized individuals from using information resources.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
231) ___ confirms the identity of the person requiring access.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
232) ___ determines which actions, rights, or privileges the person has, based on his or her verified identity.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
233) Biometrics is a(n) ______ method.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
234) Biometrics is something the user ____.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
235) Smart ID cards are something the user ____.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
236) Voice recognition is something the user ____.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
237) Passwords are something the user ____.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
238) Access controls involve two major functions: ___ and ___.
Answer 1: authentication
Answer 2: authorization
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
239) ___ posits that users be granted the privilege for an activity only if there is a justifiable need for them to perform that activity.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
240) ___ controls secure the movement of data across networks.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
241) A(n) _______ is a system that prevents a specific type of information from moving between untrusted networks.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
242) A(n) ______ is located between two firewalls.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
243) ___ is a process in which a company identifies the software that it will allow to run on its computers.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
244) ___ allows everything to run unless it is on the list.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
245) _____ is the process of converting an original message into a form that cannot be read by anyone except the intended receiver.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
246) A(n)___ acts as a trusted intermediary between two companies.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
247) A(n) _________ is an electronic document attached to a file that certifies that the file is from the organization it claims to be from and has not been modified from its original format.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
248) _________ is an encryption standard used for secure transactions such as credit card purchases and online banking.
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
Question type: Essay
249) What are the five factors that contribute to the increasing vulnerability of organizational information resources? Describe a data breach from 2021 and explain how each of these factors contributed to that breach.
Difficulty: Hard
Section Reference 1: 4.1
Learning Objective 4.1: Identify the five factors that contribute to the increasing vulnerability of information resources and provide specific examples of each factor.
Bloomcode: Synthesis
Standard 1: AACSB || Communication
Standard 2 : AACSB || Analytic
Standard 3 : AACSB || Technology
Solution: 1) Today’s interconnected, interdependent, wirelessly networked business environment
2) Smaller, faster, cheaper computers and storage devices
3) Decreasing skills necessary to be a computer hacker
4) International organized crime taking over cybercrime
5) Lack of management support
See https://www.identityforce.com/blog/2021-data-breaches or https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-may-2021-116-million-records-breached for some 2021 data breaches
250) Why are employees the biggest threats to an organization? What can you do to protect your future company’s assets?
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 4.2: Compare and contrast human mistakes and social engineering and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Communication
Standard 2 : AACSB || Technology
Standard 3 : AACSB || Reflective Thinking
Solution: We tend to be careless with our devices and generally in our behavior (see Table 4.1)
251) Identity theft is a deliberate threat to information systems and is one of the largest concerns of consumers and businesses today. What are the four techniques the book mentions for illegally obtaining information? How can you protect yourself from each of these threats?
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 4.3: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Communication
Standard 2 : AACSB || Technology
Standard 3 : AACSB || Reflective Thinking
Solution: 1) Dumpster diving – shred your sensitive information
2) Stealing personal information in computer databases – have strong passwords, encrypt the data
3) Infiltrating organizations (data aggregators) that store large amounts of personal information - have strong passwords, encrypt the data
4) Phishing – never provide a user ID and password; always ensure the person/site is legitimate
252) Organizations spend a great deal of time and money protecting their information resources. To figure out what needs to be protected and how they are going to protect it, they need to perform risk management. What is the goal of risk management? List and describe the three processes of risk management. How can organizations mitigate risk? Describe a company that has adopted each risk mitigation strategy.
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 4.4: Describe the three risk mitigation strategies and provide an example of each one in the context of owning a home.
Bloomcode: Application
Standard 1: AACSB || Technology
Solution: goal = identify, control, and minimize the impact of threats; processes = analysis (with three steps: assess value of assets, estimate probability of attack, compare costs of protecting versus not protecting), mitigation (three types as noted next), and controls evaluation (cost versus benefit); mitigate = acceptance (no controls, absorb damage), limitation (try to minimize threat), transference (get insurance); examples: acceptance = Democratic National Committee, limitation (Target installed FireEye software; although they didn’t implement all the functionality), transference (see Travelers Insurance options)
253) What are the six basic guidelines for creating strong passwords? Without divulging your passwords, how do your passwords “add up” and why? HINT: You should specifically address each of the six guidelines for your passwords. Now suppose you are a manager and you know employees won’t have strong passwords, how do you address this issue?
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 4.5: Identify the three major types of controls that organizations can use to protect their information resources and provide an example of each one.
Bloomcode: Comprehension, Analysis
Standard 1: AACSB || Communication
Standard 2 : AACSB || Technology
Standard 3 : AACSB || Reflective Thinking
Solution: First question: 1) They should be difficult to guess.
2) They should be long rather than short.
3) They should have uppercase letters, lowercase letters, numbers, and special characters.
4) They should not be recognizable words.
5) They should not be the name of anything or anyone familiar, such as family names or names of pets.
6) They should not be a recognizable string of numbers, such as a social security number or a birthday.
Second question: Require password resets every 60–90 days and set limitations on characters, capitalizations, numbers, letters, etc.; since they may then write these passwords down, require multi-factor authentication