MIS 4th Edition Hossein Bidgoli – Test Bank

$25.00

Description

MIS 4th Edition Hossein Bidgoli – Test Bank

 

Instant Download

 

Sample Questions

 

Chapter 5: Protecting Information Resources

 

TRUE/FALSE

 

  1. Spoofing is sending fraudulent e-mails that seem to come from legitimate sources, such as a bank or university.

 

ANS:  F                    PTS:   1                    REF:   80                  NAT:  BUSPROG: Technology

TOP:   A-head: Risks Associated with Information Technologies

KEY:  Bloom’s: Knowledge

 

  1. Confidentiality, integrity, and availability are collectively referred to as the CIA triangle.

 

ANS:  T                    PTS:   1                    REF:   82                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. Black hats are also known as ethical hackers.

 

ANS:  F                    PTS:   1                    REF:   81                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. Part of ensuring integrity is identifying authorized users and granting them access privileges.

 

ANS:  T                    PTS:   1                    REF:   82                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. Level 1 security protects the back-end systems to ensure confidentiality, accuracy, and integrity of data.

 

ANS:  F                    PTS:   1                    REF:   83                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. If a drive in the RAID system fails, data stored on it can be reconstructed from data stored on the remaining drives.

 

ANS:  T                    PTS:   1                    REF:   83                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. When using mirror disks, if one of the two disks containing the same data fails, the other disk also fails.

 

ANS:  F                    PTS:   1                    REF:   83                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. Social engineering is an example of an unintentional security threat.

 

ANS:  F                    PTS:   1                    REF:   84                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. When a program containing a virus is used, the virus attaches itself to other files, and the cycle continues.

 

ANS:  T                    PTS:   1                    REF:   84                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. Viruses can only be transmitted through direct computer-to-computer contact.

 

ANS:  F                    PTS:   1                    REF:   84                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. A worm travels from computer to computer in a network, but it does not usually erase data.

 

ANS:  T                    PTS:   1                    REF:   85                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. Trojans do not replicate themselves, as viruses and worms do.

 

ANS:  T                    PTS:   1                    REF:   85                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. A distributed denial-of-service (DDoS) attack involves hundreds of computers working together to bombard a Web site with thousands of requests for information in a short period.

 

ANS:  T                    PTS:   1                    REF:   86                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. Social engineering techniques are easily detectable because they involve threatening employees with physical violence.

 

ANS:  F                    PTS:   1                    REF:   86                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. Social engineering takes advantage of the human element of security systems.

 

ANS:  T                    PTS:   1                    REF:   86                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. Hand geometry is an example of a biometric security measure.

 

ANS:  T                    PTS:   1                    REF:   87                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. A firewall cannot reject an incoming packet, but instead sends a warning to the network administrator.

 

ANS:  F                    PTS:   1                    REF:   89                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. Application-filtering firewalls are less expensive than packet-filtering firewalls.

 

ANS:  F                    PTS:   1                    REF:   89                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. A proxy server acts as an intermediary between network users and the Internet.

 

ANS:  T                    PTS:   1                    REF:   89                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. An intrusion detection system can protect against both external and internal access.

 

ANS:  T                    PTS:   1                    REF:   90                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. An intrusion detection system cannot prevent DoS attacks.

 

ANS:  F                    PTS:   1                    REF:   90                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. Corner bolts are secured to a computer at the power outlet.

 

ANS:  F                    PTS:   1                    REF:   91                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. Terminal resource security is a software feature that erases the screen and signs the user off automatically after a specified length of inactivity.

 

ANS:  T                    PTS:   1                    REF:   92                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. An ideal password should be eight characters or longer.

 

ANS:  T                    PTS:   1                    REF:   92                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. The cost of setting up a virtual private network is usually high.

 

ANS:  F                    PTS:   1                    REF:   93                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. Data encryption transforms data into a scrambled form called ciphertext.

 

ANS:  T                    PTS:   1                    REF:   93                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. Symmetric encryption is also called public key encryption.

 

ANS:  F                    PTS:   1                    REF:   94                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. The main advantage of asymmetric encryption is that it is faster and requires only a small amount of processing power.

 

ANS:  F                    PTS:   1                    REF:   94                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. In symmetric encryption, the same key is used to encrypt and decrypt the message.

 

ANS:  T                    PTS:   1                    REF:   94                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. Backup facilities should never be shared in an attempt to reduce costs.

 

ANS:  F                    PTS:   1                    REF:   97                  NAT:  BUSPROG: Technology

TOP:   A-head: Guidelines for a Comprehensive Security System

KEY:  Bloom’s: Knowledge

 

MULTIPLE CHOICE

 

  1. ____ is the process of capturing and recording network traffic.
a. Sniffing c. Spoofing
b. Phishing d. Pharming

 

 

ANS:  A                    PTS:   1                    REF:   80                  NAT:  BUSPROG: Technology

TOP:   A-head: Risks Associated with Information Technologies

KEY:  Bloom’s: Knowledge

 

  1. A ____ is an inexperienced, usually young hacker who uses programs that others have developed to attack computer and network systems.
a. script kiddie c. white hat
b. black hat d. hex editor

 

 

ANS:  A                    PTS:   1                    REF:   81                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. ____ are hackers who specialize in unauthorized penetration of information systems.
a. Script kiddies c. White hats
b. Black hats d. Hex editors

 

 

ANS:  B                    PTS:   1                    REF:   81                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. ____ are computer security experts who specialize in penetration testing and other testing methods to ensure that a company’s information systems are secure.
a. Script kiddies c. White hats
b. Black hats d. Hex editors

 

 

ANS:  C                    PTS:   1                    REF:   81                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. ____ means that a system must prevent disclosing information to anyone who is not authorized to access it.
a. Validity c. Integrity
b. Confidentiality d. Availability

 

 

ANS:  B                    PTS:   1                    REF:   82                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. ____ refers to the accuracy of information resources within an organization.
a. Validity c. Integrity
b. Confidentiality d. Availability

 

 

ANS:  C                    PTS:   1                    REF:   82                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. ____ means that computers and networks are operating and authorized users can access the information they need.
a. Validity c. Integrity
b. Confidentiality d. Availability

 

 

ANS:  D                    PTS:   1                    REF:   82                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. Level 1 security involves ____.
a. back-end systems c. physical security
b. corporate networks d. front-end servers

 

 

ANS:  D                    PTS:   1                    REF:   83                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. Level 2 security involves ____.
a. back-end systems c. physical security
b. corporate networks d. front-end servers

 

 

ANS:  A                    PTS:   1                    REF:   83                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. Level 3 security involves ____.
a. back-end systems c. physical security
b. corporate networks d. front-end servers

 

 

ANS:  B                    PTS:   1                    REF:   83                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. Which of the following is considered an intentional threat?
a. Floods c. Social engineering
b. User’s accidental deletion of data d. Power outages

 

 

ANS:  C                    PTS:   1                    REF:   84                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. A ____ travels from computer to computer in a network, but it does not usually erase data.
a. Trojan program c. virus
b. worm d. backdoor

 

 

ANS:  B                    PTS:   1                    REF:   85                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. A logic bomb is a type of ____.
a. Trojan program c. virus
b. worm d. backdoor

 

 

ANS:  A                    PTS:   1                    REF:   85                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. A ____ is a programming routine built into a system by its designer or programmer.
a. logic bomb c. virus
b. worm d. backdoor

 

 

ANS:  D                    PTS:   1                    REF:   85                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. A ____ attack floods a network or server with service requests to prevent legitimate users’ access to the system.
a. logic bomb c. backdoor
b. denial-of-service d. worm

 

 

ANS:  B                    PTS:   1                    REF:   86                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. A ____ attack typically targets Internet servers.
a. logic bomb c. backdoor
b. denial-of-service d. worm

 

 

ANS:  B                    PTS:   1                    REF:   86                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. ____ take advantage of the human element of security systems.
a. Denial-of-service attacks c. Blended threats
b. Trojan programs d. Social engineering attacks

 

 

ANS:  D                    PTS:   1                    REF:   86                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. ____ security measures use a physiological element to enhance security measures.
a. Physical c. Biofeedback
b. Social d. Biometric

 

 

ANS:  D                    PTS:   1                    REF:   87                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. Which of the following is a biometric security measure?
a. electronic trackers c. firewalls
b. passwords d. signature analysis

 

 

ANS:  D                    PTS:   1                    REF:   87                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. Which of the following is a nonbiometric security measure?
a. electronic trackers c. firewalls
b. passwords d. signature analysis

 

 

ANS:  C                    PTS:   1                    REF:   88                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. A(n) ____ is software that acts as an intermediary between two systems.
a. packet-filtering firewall c. proxy server
b. application-filtering firewall d. intrusion detection system

 

 

ANS:  C                    PTS:   1                    REF:   89                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. ____ are usually placed in front of a firewall and can identify attack signatures and trace patterns.
a. Intrusion detection systems c. Physical security measures
b. Proxy servers d. Biometric security measures

 

 

ANS:  A                    PTS:   1                    REF:   90                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. Which of the following is a physical security measure?
a. Electronic trackers c. Firewalls
b. Passwords d. Signature analysis

 

 

ANS:  A                    PTS:   1                    REF:   91                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. Which of the following is a type of access control?
a. Steel encasements c. Firewalls
b. Passwords d. Identification badges

 

 

ANS:  B                    PTS:   1                    REF:   92                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. A(n) ____ is often used so remote users have a secure connection to the organization’s network.
a. biometric security system c. virtual private network
b. intrusion detection system d. terminal resource network

 

 

ANS:  C                    PTS:   1                    REF:   93                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. Typically, an organization leases the media used for a VPN on a(n) ____ basis.
a. yearly c. as-needed
b. 10-year d. monthly

 

 

ANS:  C                    PTS:   1                    REF:   93                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. Data encryption transforms data into a scrambled form called ____.
a. plaintext c. codetext
b. cleartext d. ciphertext

 

 

ANS:  D                    PTS:   1                    REF:   93                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. ____ is a commonly used encryption protocol that manages transmission security on the Internet.
a. Transport Layer Security c. Transmission Control Protocol
b. Secure Sockets Layer d. User Datagram Protocol

 

 

ANS:  B                    PTS:   1                    REF:   94                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. ____ ensures data security and integrity over public networks, such as the Internet.
a. Transport Layer Security c. Transmission Control Protocol
b. Secure Sockets Layer d. User Datagram Protocol

 

 

ANS:  A                    PTS:   1                    REF:   94                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. ____ encryption uses a public key known to everyone and a private key known only to the recipient.
a. Symmetric c. SSL
b. Asymmetric d. TLS

 

 

ANS:  B                    PTS:   1                    REF:   94                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. In ____ encryption, the same key is used to encrypt and decrypt the message.
a. symmetric c. SSL
b. asymmetric d. TLS

 

 

ANS:  A                    PTS:   1                    REF:   94                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. Many organizations now follow the ____ model to form teams that can handle network intrusions and attacks quickly and effectively.
a. CERT c. CIRC
b. Sarbanes-Oxley d. McCumber cube

 

 

ANS:  A                    PTS:   1                    REF:   95                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. The main function of the ____ model is to provide information on security incidents, including information systems’ vulnerabilities, viruses, and malicious programs.
a. CERT c. CIRC
b. Sarbanes-Oxley d. McCumber cube

 

 

ANS:  C                    PTS:   1                    REF:   95-96             NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. ____ outlines procedures for keeping an organization operational in the event of a natural disaster or network attack.
a. Systems engineering c. Risk management
b. Business continuity planning d. Security analysis

 

 

ANS:  B                    PTS:   1                    REF:   97                  NAT:  BUSPROG: Technology

TOP:   A-head: Guidelines for a Comprehensive Security System

KEY:  Bloom’s: Knowledge

 

  1. A ____ plan lists the tasks that must be performed to restore damaged data and equipment.
a. risk assessment c. disaster recovery
b. systems engineering d. security compliance

 

 

ANS:  C                    PTS:   1                    REF:   97                  NAT:  BUSPROG: Technology

TOP:   A-head: Guidelines for a Comprehensive Security System

KEY:  Bloom’s: Knowledge

 

COMPLETION

 

  1. ____________________ are inexperienced, usually young hackers who use programs that others have developed to attack computer and network systems.

 

ANS:  Script kiddies

 

PTS:   1                    REF:   81                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. ____________________ means that a system must prevent disclosing information to anyone who is not authorized to access it.

 

ANS:  Confidentiality

 

PTS:   1                    REF:   82                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. ____________________ means that computers and networks are operating and authorized users can access the information they need.

 

ANS:  Availability

 

PTS:   1                    REF:   82                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. ____________________ ensure availability in the event of a system failure by using a combination of hardware and software.

 

ANS:  Fault-tolerant systems

 

PTS:   1                    REF:   83                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. A(n) ____________________ consists of self-propagating program code that is triggered by a specified time or event.

 

ANS:  virus

 

PTS:   1                    REF:   84                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. ____________________ are independent programs that can spread themselves without having to be attached to a host program.

 

ANS:  Worms

 

PTS:   1                    REF:   85                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. A(n) ____________________ contains code intended to disrupt a computer, network, or Web site, and it is usually hidden inside a popular program.

 

ANS:  Trojan program

 

PTS:   1                    REF:   85                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. A(n) ____________________ is a security threat that combines the characteristics of computer viruses, worms, and other malicious codes with vulnerabilities found on public and private networks.

 

ANS:  blended threat

 

PTS:   1                    REF:   86                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. ____________________ is an attack that takes advantage of the human element of security systems.

 

ANS:  Social engineering

 

PTS:   1                    REF:   86                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. The ____________________ biometric security method translates words into digital patterns, which are recorded and examined for tone and pitch.

 

ANS:  voice recognition

 

PTS:   1                    REF:   87                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. A(n) ____________________ is a combination of hardware and software that acts as a filter or barrier between a private network and external computers or networks.

 

ANS:  firewall

 

PTS:   1                    REF:   89                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. A(n) ____________________ is software that acts as an intermediary between two systems.

 

ANS:  proxy server

 

PTS:   1                    REF:   89                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. ____________________ is a software feature that erases the screen and signs the user off automatically after a specified length of inactivity.

 

ANS:  Terminal resource security

 

PTS:   1                    REF:   92                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. In ____________________ encryption, the same key is used to encrypt and decrypt the message.

 

ANS:  symmetric

 

PTS:   1                    REF:   94                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. ____________________ outlines procedures for keeping an organization operational in the event of a natural disaster or network attack.

 

ANS:  Business continuity planning

 

PTS:   1                    REF:   97                  NAT:  BUSPROG: Technology

TOP:   A-head: Guidelines for a Comprehensive Security System

KEY:  Bloom’s: Knowledge

 

SHORT ANSWER

 

  1. What is the McCumber cube?

 

ANS:

The Committee on National Security Systems (CNSS) proposed a model, called the “McCumber cube.” John McCumber created this framework for evaluating information security. Represented as a three-dimensional cube, it defines nine characteristics of information security.

 

PTS:   1                    REF:   82                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. What are mirror disks?

 

ANS:

It is a fault-tolerant method that uses two disks containing the same data so that if one fails, the other is available, allowing operations to continue. Mirror disks are usually a less expensive, level-1 RAID system and can be a suitable solution for small organizations.

 

PTS:   1                    REF:   83                  NAT:  BUSPROG: Technology

TOP:   A-head: Computer and Network Security: Basic Safeguards

KEY:  Bloom’s: Knowledge

 

  1. List at least four types of intentional computer and network threats.

 

ANS:

Intentional computer and network threats include:

 

Viruses

Worms

Trojan programs

Logic bombs

Backdoors

Blended threats (e.g., a worm launched by Trojan)

Rootkits

Denial-of-service attacks

Social engineering

 

PTS:   1                    REF:   84                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. What does a worm do during its attack?

 

ANS:

A worm might corrupt data, but it usually replicates itself into a full-blown version that eats up computing resources, eventually bringing a computer or network to a halt.

 

PTS:   1                    REF:   85                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. Describe how a blended threat works.

 

ANS:

Blended threats search for vulnerabilities in computer networks and then take advantage of these vulnerabilities by embedding malicious codes in the server’s HTML files or by sending unauthorized e-mails from compromised servers with a worm attachment.

 

PTS:   1                    REF:   86                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. What is shoulder surfing? Provide an example.

 

ANS:

Shoulder surfing—in other words, looking over someone’s shoulder—is the easiest form of collecting information. Social engineers use this technique to observe an employee entering a password or a person entering a PIN at the cash register, for example.

 

PTS:   1                    REF:   87                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. Describe the vein analysis measure of biometric security.

 

ANS:

This method analyzes the pattern of veins in the wrist and back of the hand without making any direct contact with the veins.

 

PTS:   1                    REF:   87                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. Explain the use of callback modems as a nonbiometric security measure.

 

ANS:

Callback modems verify whether a user’s access is valid by logging the user off and then calling the user back at a predetermined number. They are useful in organizations with many employees who work off-site and who need to connect to the network from remote locations.

 

PTS:   1                    REF:   88                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. What are the actions that a firewall might take after examining a packet?

 

ANS:

A firewall can take one of the following actions:

 

Reject the incoming packet.

Send a warning to the network administrator.

Send a message to the packet’s sender that the attempt failed.

Allow the packet to enter (or leave) the private network.

 

PTS:   1                    REF:   89                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. How is the sender notified of packet delivery using a packet-filtering firewall?

 

ANS:

A packet-filtering firewall informs senders if packets are rejected but does nothing if packets are dropped; senders have to wait until their requests time out to learn that the packets they sent were not received.

 

PTS:   1                    REF:   89                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. What is an intrusion detection system (IDS)?

 

ANS:

An intrusion detection system (IDS) can protect against both external and internal access. It is usually placed in front of a firewall and can identify attack signatures, trace patterns, generate alarms for the network administrator, and cause routers to terminate connections with suspicious sources.

 

PTS:   1                    REF:   90                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. Describe the function of identification (ID) badges.

 

ANS:

ID badges are checked against a list of authorized personnel, which must be updated regularly to reflect changes in personnel.

 

PTS:   1                    REF:   91                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. What is the function of a virtual private network (VPN)?

 

ANS:

A VPN provides a secure “tunnel” through the Internet for transmitting messages and data via a private network. It is often used so remote users have a secure connection to the organization’s network.

 

PTS:   1                    REF:   93                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. What is symmetric encryption?

 

ANS:

In symmetric encryption, also called secret key encryption, the same key is used to encrypt and decrypt the message. The sender and receiver must agree on the key and keep it secret.

 

PTS:   1                    REF:   94-95             NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. What is the purpose of business continuity planning?

 

ANS:

Business continuity planning outlines procedures for keeping an organization operational in the event of a natural disaster or network attack.

 

PTS:   1                    REF:   97                  NAT:  BUSPROG: Technology

TOP:   A-head: Guidelines for a Comprehensive Security System

KEY:  Bloom’s: Knowledge

 

ESSAY

 

  1. How are computer viruses transmitted? Where do the most dangerous one come from and what viruses pose the most risk to network security?

 

ANS:

Viruses can be transmitted through a network or through e-mail attachments. Some of the most dangerous ones come through bulletin boards or message boards because they can infect any system using the board. Experts believe that viruses infecting large servers, such as those used by air traffic control systems, pose the most risk to national security.

 

PTS:   1                    REF:   84                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. Describe some of the steps that users should take to guard against data theft and data loss.

 

ANS:

The following guidelines can be taken to guard against data theft and data loss:

 

Do a risk analysis to determine the effects of confidential data being lost or stolen.

 

Ban portable media devices and remove or block USB ports, floppy drives, and CD/DVD-ROM drives, particularly in organizations that require tight security. This measure might not be practical in some companies, however.

 

Make sure employees have access only to data they need for performing their jobs, and set up rigorous access controls.

 

Store data in databases instead of in spreadsheet files for better access control.

 

Have clear, detailed policies about what employees can do with confidential data, including whether data can be removed from the organization.

 

Encrypt data downloaded from the corporate network.

 

PTS:   1                    REF:   86                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Threats: An Overview                          KEY:  Bloom’s: Knowledge

 

  1. Discuss guidelines for improving a firewall’s capabilities.

 

ANS:

Guidelines for improving a firewall’s capabilities include the following:

 

Identify what data must be secured, and conduct a risk analysis to assess the costs and benefits of a firewall.

 

Compare a firewall’s features with the organization’s security needs. For example, if your organization uses e-mail and FTP frequently, make sure the application-filtering firewall you are considering can handle these network applications.

 

Compare features of packet-filtering firewalls, application-filtering firewalls, and proxy servers to determine which of these types addresses your network’s security needs the best.

 

Examine the costs of firewalls, and remember that the most expensive firewall is not necessarily the best. Some inexpensive firewalls might be capable of handling everything your organization needs.

 

Compare the firewall’s security with its ease of use. Some firewalls emphasize accuracy and security rather than ease of use and functionality. Determine what is most important to your organization when considering the trade-offs.

 

Check the vendor’s reputation, technical support, and update policies before making a final decision. As the demand for firewalls has increased, so has the number of vendors, and not all vendors are equal. Keep in mind that you might have to pay more for a product from a vendor with a good reputation that offers comprehensive technical support.

 

PTS:   1                    REF:   90                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. State any five physical security measures.

 

ANS:

Physical security measures can include the following:

 

Cable shielding—Braided layers around the conductor cable protect it from electromagnetic interference (EMI), which could corrupt data or data transmissions.

Corner bolts—An inexpensive way to secure a computer to a desktop or counter, those often have locks as an additional protection against theft.

Electronic trackers—These devices are secured to a computer at the power outlet. If the power cord is disconnected, a transmitter sends a message to an alarm that goes off or to a camera that records what happens.

Identification (ID) badges—These are checked against a list of authorized personnel, which must be updated regularly to reflect changes in personnel.

Proximity-release door openers—These are an effective way to control access to the computer room. A small radio transmitter is placed in authorized employees’ ID badges, and when they come within a predetermined distance of the computer room’s door, a radio signal sends a key number to the receiver, which unlocks the door.

Room shielding—A nonconductive material is sprayed in the computer room, which reduces the number of signals transmitted or confines the signals to the computer room.

Steel encasements—These fit over the entire computer and can be locked.

 

PTS:   1                    REF:   91                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

  1. Describe asymmetric encryption.

 

ANS:

Asymmetric encryption uses two keys: a public key known to everyone and a private or secret key known only to the recipient. A message encrypted with a public key can be decrypted only with the same algorithm used by the public key and requires the recipient’s private key, too. Anyone intercepting the message can not decrypt it, because he or she does not have the private key.

 

This encryption usually works better for public networks, such as the Internet. Each company conducting transactions or sending messages gets a private key and a public key; a company keeps its private key and publishes its public key for others to use.

 

PTS:   1                    REF:   94                  NAT:  BUSPROG: Technology

TOP:   A-head: Security Measures and Enforcement: An Overview

KEY:  Bloom’s: Knowledge

 

 

Reviews

There are no reviews yet.

Be the first to review “MIS 4th Edition Hossein Bidgoli – Test Bank”

Your email address will not be published. Required fields are marked *