Question 1

An example of phishing is

Accepted Answer

A)   setting up a bogus Wi-Fi hot spot.
B)   setting up a fake medical Web site that asks users for confidential information.
C)   pretending to be a utility company's employee in order to garner information from that company about their security system.
D)   sending bulk e-mail that asks for financial aid under a False pretext.

Question 2

Pharming involves

Accepted Answer

A)   redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.
B)   pretending to be a legitimate business's representative in order to garner information about a security system.
C)   setting up fake Web sites to ask users for confidential information.
D)   using e-mails for threats or harassment.

Question 3

Which of the following is not a trait used for identification in biometric systems?

Accepted Answer

A)   retinal image
B)   voice
C)   hair color
D)   face

Question 4

Viruses can be spread through e-mail.

Accepted Answer

A) True 
 B)False

Question 5

Define a fault-tolerant computer system and a high-availability computer system. How do they differ? When would each be used?

Accepted Answer

Both systems use backup hardware resourc...

Question 6

You have just been hired as a security consultant by MegaMalls Inc., a national chain of retail malls, to make sure that the security of their information systems is up to par. Outline the steps you will take to achieve this.

Accepted Answer

1. Establish what data and processes are...

Question 7

How can a firm's security policies contribute and relate to the six main business objectives? Give examples.

Accepted Answer

(1) Operational excellence: Security pol...

Question 8

Malicious software programs referred to as ________ include a variety of threats such as computer viruses, worms, and Trojan horses.

Accepted Answer

The answer of Malicious software programs referred to as ________...

Question 9

________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone else.

Accepted Answer

The answer of ________ is a crime in which an...

Question 10

Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called

Accepted Answer

A)   sniffing.
B)   social engineering.
C)   phishing.
D)   pharming.

Question 11

Which of the following is not one of the main firewall screening techniques?

Accepted Answer

A)   application proxy filtering
B)   static packet filtering
C)   NAT
D)   secure socket filtering

Question 12

A(n) ________ examines the firm's overall security environment as well as the controls governing individual information systems.

Accepted Answer

The answer of A(n) ________ examines the firm's overall security...

Question 13

________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alternation, theft, or physical damage to information systems.

Accepted Answer

A)   "Security"
B)   "Controls"
C)   "Benchmarking"
D)   "Algorithms"

Question 14

NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.

Accepted Answer

A) True 
 B)False

Question 15

The Internet poses specific security problems because

Accepted Answer

A)   it was designed to be easily accessible.
B)   Internet data is not run over secure lines.
C)   Internet standards are universal.
D)   it changes so rapidly.

Question 16

Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n)

Accepted Answer

A)   security policy.
B)   AUP.
C)   risk assessment.
D)   business impact analysis.

Question 17

A digital certificate system

Accepted Answer

A)   uses third-party CAs to validate a user's identity.
B)   uses digital signatures to validate a user's identity.
C)   uses tokens to validate a user's identity.
D)   is used primarily by individuals for personal correspondence.

Question 18

Computers using cable modems to connect to the Internet are more open to penetration than those connecting via dial-up.

Accepted Answer

A) True 
 B)False

Question 19

You have been hired as a security consultant for a law firm. Which of the following constitutes the greatest source of security threats to the firm?

Accepted Answer

A)   wireless network
B)   employees
C)   authentication procedures
D)   lack of data encryption

Question 20

Inputting data into a poorly programmed Web form in order to disrupt a company's systems and networks is called

Accepted Answer

A)   a Trojan horse.
B)   an SQL injection attack.
C)   key logging.
D)   a DDoS attack.

Exam 8: Securing Information Systems

NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.

Correct AnswerverifiedShow Answer

________ refers to policies, procedures, and technical measures used to prevent unauthorized access, alternation, theft, or physical damage to information systems.

Correct AnswerverifiedShow Answer

Viruses can be spread through e-mail.

Correct AnswerverifiedShow Answer

Inputting data into a poorly programmed Web form in order to disrupt a company's systems and networks is called

Correct AnswerverifiedShow Answer

Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called

Correct AnswerverifiedShow Answer

Computers using cable modems to connect to the Internet are more open to penetration than those connecting via dial-up.

Correct AnswerverifiedShow Answer

A(n) ________ examines the firm's overall security environment as well as the controls governing individual information systems.

Correct AnswerverifiedShow Answer

Define a fault-tolerant computer system and a high-availability computer system. How do they differ? When would each be used?

Correct AnswerverifiedBoth systems use backup hardware resourc...View AnswerShow Answer

A digital certificate system

Correct AnswerverifiedShow Answer

Which of the following is not one of the main firewall screening techniques?

Correct AnswerverifiedShow Answer

Malicious software programs referred to as ________ include a variety of threats such as computer viruses, worms, and Trojan horses.

Correct AnswerverifiedShow Answer

Which of the following is not a trait used for identification in biometric systems?

Correct AnswerverifiedShow Answer

Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n)

Correct AnswerverifiedShow Answer

________ is a crime in which an imposter obtains key pieces of personal information to impersonate someone else.

Correct AnswerverifiedShow Answer

The Internet poses specific security problems because

Correct AnswerverifiedShow Answer

Pharming involves

Correct AnswerverifiedShow Answer

You have been hired as a security consultant for a law firm. Which of the following constitutes the greatest source of security threats to the firm?

Correct AnswerverifiedShow Answer

You have just been hired as a security consultant by MegaMalls Inc., a national chain of retail malls, to make sure that the security of their information systems is up to par. Outline the steps you will take to achieve this.

Correct Answerverified1. Establish what data and processes are...View AnswerShow Answer

How can a firm's security policies contribute and relate to the six main business objectives? Give examples.

Correct Answerverified(1) Operational excellence: Security pol...View AnswerShow Answer

An example of phishing is

Correct AnswerverifiedShow Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified
Both systems use backup hardware resourc...
View Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified
1. Establish what data and processes are...
View Answer

Correct Answer
verified
(1) Operational excellence: Security pol...
View Answer

Correct Answer
verified