MIS10E_testbank_CH08.doc

Chapter 8

Securing Information Systems True-False Questions

1.

The potent potential ial for unau unautho thoriz rized ed acce access ss is is usual usually ly lim limite ited d to the the entr entry y point pointss of a networ network. k. Answer: False

".

Reference: p. 3&

Difficulty: Easy

Reference: p. 3&

Difficulty: (e%ium

Reference: p. 3")

Difficulty: (e%ium

Reference: p. 3"

Sniff Sniffers ers enabl enablee hacke hackers rs to to steal steal propri proprieta etary ry info informa rmatio tion n from from anyw anywher heree on a netwo network) rk) including email messages) company files) and confidential reports. Answer: True

0.

Difficulty: Easy

ne form form of spoofi spoofing ng invo involv lves es forg forging ing the return return addres addresss on an ema email il so so that that the the ema email il message appears to come from someone other than the sender. Answer: True

/.

Reference: p. 3&

Tro,a Tro,an n horse horse softwa software re is is desig designed ned to reco record rd key keystr stroke okess and mouse mouse clic clicks ks perf perform ormed ed at at the the computer. Answer: False

-.

Difficulty: $ar%

( worm is a computer virus that replicates and spreads itself) not only from file to file) but also from computer to computer via email and other *nternet traffic. Answer: True

+.

Reference: p. 3#

'irus ruses can canno nott be be sp spread read thro throug ugh h em emai ail. l. Answer: False

'.

Difficulty: Easy

The !"# specification calls for users to create uni$ue %&bit encrypted passwords. Answer: False

%.

Reference: p. 3!

Computers using a DSL line are generally more vulnerable to outside intruders than older dialup lines. Answer: True

3.

Difficulty: Easy

Difficulty: (e%ium

Reference: p. 3"

*n a DDoS DDoS atta attack) ck) numero numerous us com comput puters ers are used used to inunda inundate te and and over overwhe whelm lm a networ network k from from numerous launch points. Answer: True

Difficulty: (e%ium

"3

Reference: p. 3""

1&.

 Analysis ot attacks can be prevented by using antivirus and antispyware software. Answer: False

Difficulty: (e%ium

Reference: p. 3"3

 Analysis in terms terms of examine 11. 11.

The most most econo economi mical cally ly dama damagin ging g kinds kinds of comp compute uterr crime crime are are email email viru viruses ses.. Answer: False

12.

Reference: p. 333

Difficulty: Easy

Reference: p. 333

Difficulty: Easy

Reference: p. 33!

Difficulty: (e%ium

Reference: p. 33+

(ntiviru (ntiviruss softwar softwaree can detect detect and and elimina eliminate te viruse virusess that that are are trying trying to to enter enter your your system. system. Answer: True

10.

Difficulty: Easy

7(T 7(T conceals conceals the the *# addresses addresses of the organiza organization tion8s 8s internal internal host host computer computerss to deter deter sniffe snifferr  programs. Answer: True

1/.

Reference: p. 33

iometric iometric authentic authenticatio ation n is the use of physi physical cal charac characteris teristics tics such as retina retinall images images to to  provide identification. identification. Answer: True

1-.

Difficulty: (e%ium

( disaster disaster recover recovery y plan plan detail detailss what what you you are going going to do if disast disaster er strikes strikes and threat threatens ens to to or actually does knock out your *T system. Answer: True

1+.

Reference: pp. 3"&*33)

5ault 5aulttol tolera erant nt comput computers ers conta contain in redund redundant ant hard hardwar ware) e) softwa software) re) and and power power supply supply components. Answer: True

16.

Difficulty: (e%ium

(n accept acceptable able use policy policy defines defines the acceptabl acceptablee level level of access access to informati information on assets assets for different users. Answer: False

1%.

Reference: p. 3"'

Computer Computer forensics forensics e3perts e3perts try try to to recover recover ambient ambient data) data) which are not visible visible to the the average average computer user. Answer: True

14.

Difficulty: $ar%

Difficulty: Easy

Reference: p. 33+

SSL is a prot protoco ocoll used used to to secur securee infor informa matio tion n transf transfer er over over the the *nter *nternet net.. Answer: True

Difficulty: Easy

",

Reference: p. 33&

2&.

#ublic key encryption uses mathematically related keys. Answer: True

Difficulty: (e%ium

Reference: p. 3,

(ultiple-oice Questions 21.

 Analysis The fact that phishing is growing at an e3plosive rate indicates that9 a. *nternet security applications are less able to prevent cyber crime.  b. consumer trust of the *nternet is too great. c. the increasing use of the *nternet for online finance is a factor in drawing attention from larger numbers of criminals. d. consumers need to be educated about phishing and phishing techni$ues. Answer: c

Difficulty: (e%ium

Reference: p. 3,

 Analysis in terms of examine 22.

 Evaluation !hat is the most farreaching effect of identity theft: a.  b. c. d.

Corporations implementing more rigorous authentication procedures ;ore governmental control of security standards Lowering of revenues and profits due to public mistrust of ecommerce safety *S#s implementing more active countercrime techni$ues

Answer: c

Difficulty: (e%ium

Reference: pp. 33*3,

 Evaluation in terms of value, assess 24.

#olicies) procedures) and technical measures used to prevent unauthorized access) alteration) theft) or physical damage to information systems refers to9 a.  b. c. d.

security. controls. benchmarks. algorithms.

Answer: a

Difficulty: Easy

"'

Reference: p. 3!

2%.

(ll of the methods) policies) and organizational procedures that ensure the safety of the organization8s assets) the accuracy and reliability of its accounting records) and operational adherence to management standards refers to9 a.  b. c. d.

legacy systems. SS*D standards. vulnerabilities. controls.

Answer: %

26.

Reference: p. 3!

Large amounts of data stored in electronic form are