Test bank for Using MIS 9th edition 10 PDF

Preview

Summary

as title...

Description

Using MIS, 9e, Global Edition (Kroenke) Chapter 10 Information Systems Security 1) A ________ is a person or an organization that seeks to obtain or alter data or other IS assets illegally, without the owner's permission and often without the owner's knowledge. A) target B) vulnerability C) threat D) key escrow Answer: C AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 2) Which of the following is considered a threat caused by human error? A) an employee inadvertently installing an old database on top of the current one B) an employee intentionally destroying data and system components C) a virus and worm writer infecting computer systems D) a hacker breaking into a system to steal for financial gain Answer: A AACSB: Information Technology Difficulty: 2: Moderate Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 3) Which of the following is considered a computer crime? A) accidental deletion of important records B) poorly written programs resulting in information loss C) loss of data as a result of flooding D) hacking of information systems Answer: D AACSB: Information Technology Difficulty: 2: Moderate Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept

1 Copyright © 2017 Pearson Education, Ltd.

4) Molly received a call from a person claiming to be her bank representative. The representative asked her to verify her bank account details and credit card number. A few days after the call Molly noticed unusual activity on her account; a large sum had been withdrawn. Molly was a victim of ________. A) hacking B) usurping C) sniffing D) pretexting Answer: D AACSB: Reflective Thinking Difficulty: 2: Moderate Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Application 5) In the context of security threats, pretexting, sniffing, spoofing, and phishing are all examples of ________. A) unauthorized data disclosure B) incorrect data modification C) faulty services D) loss of infrastructure Answer: A AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 6) Kenneth is working on a confidential government project. Daniel, a coworker, and he are the only two members who are authorized to access the project's information system. Kenneth, while away on a business trip, receives an email from Daniel asking for his login credentials as Daniel was unable to access the system. Kenneth finds the request unusual, and calls Daniel to confirm if the email was sent by him. Kenneth deletes the email when he learns that Daniel had not sent it. This scenario is an example of attempted ________. A) hacking B) phishing C) sniffing D) wardriving Answer: B AACSB: Reflective Thinking Difficulty: 3: Challenging Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Application

2 Copyright © 2017 Pearson Education, Ltd.

7) Email spoofing is a synonym for ________. A) hacking B) phishing C) usurping D) sniffing Answer: B AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 8) ________ is a technique for intercepting computer communications through a physical connection to a network or without a physical connection in the case of wireless networks. A) Spoofing B) Phishing C) Sniffing D) Pretexting Answer: C AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 9) ________ take computers with wireless connections through an area and search for unprotected wireless networks, and then monitor and intercept wireless traffic on unsecured wireless networks. A) Keyloggers B) Pretexters C) Wardrivers D) Phishers Answer: C AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept

3 Copyright © 2017 Pearson Education, Ltd.

10) Which of the following is a sniffing technique? A) IP spoofing B) caches C) denial of service D) adware Answer: D AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 11) Kate was among the top ten applicants for an honorary scholarship at her university. The scholarship would be decided by a written exam and an interview. Kate had outperformed the others in the interview, but she was not sure of her written exam's results. She illegally accessed the system where the final results were stored and changed her grades before the results were sent out to the scholarship committee. Kate's act can be termed as ________. A) pretexting B) phishing C) hacking D) spoofing Answer: C AACSB: Reflective Thinking Difficulty: 3: Challenging Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Application 12) Which of the following is most likely to be a result of hacking? A) certain Web sites being censored for hurting sentiments B) small amounts of spam in a user's inbox C) an unauthorized transaction from a user's credit card D) pop-up ads appearing frequently Answer: C AACSB: Information Technology Difficulty: 2: Moderate Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept

4 Copyright © 2017 Pearson Education, Ltd.

13) ________ occurs through human error when employees do not follow proper procedures or when procedures have not been well designed. A) Unauthorized data disclosure B) Incorrect data modification C) Denial of service D) Loss of infrastructure Answer: B AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 14) ________ occurs when computer criminals invade a computer system and replace legitimate programs with their own, unauthorized ones that shut down legitimate applications. A) Encryption B) Spoofing C) Phishing D) Usurpation Answer: D AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 15) Which of the following usually happens in a malicious denial-of-service attack? A) A hacker monitors and intercepts wireless traffic at will. B) A hacker floods a Web server with millions of bogus service requests. C) An intruder uses another site's IP address to masquerade as that other site. D) A phisher pretends to be a legitimate company and requests confidential data. Answer: B AACSB: Information Technology Difficulty: 2: Moderate Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept

5 Copyright © 2017 Pearson Education, Ltd.

16) ________ present(s) the largest risk for an organization's infrastructure loss. A) Employees' dissatisfaction B) Natural disasters C) Hackers D) Competitors Answer: B AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 17) A computer crime is committed if an employee inadvertently installs an old database on top of the current one. Answer: FALSE AACSB: Information Technology Difficulty: 2: Moderate Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 18) Unauthorized data disclosure is possible due to human error. Answer: TRUE AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 19) Spoofing occurs when a person receives a confidential text message by mistake. Answer: FALSE AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 20) Phishing is a technique for intercepting computer communications. Answer: FALSE AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept

6 Copyright © 2017 Pearson Education, Ltd.

21) Email spoofing is a synonym for phishing. Answer: TRUE AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 22) Sniffing occurs when an intruder uses another site's IP address to masquerade as that other site. Answer: FALSE AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 23) Faulty service excludes problems that result due to incorrect data modification. Answer: FALSE AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 24) A denial-of-service attack is launched when a hacker floods a Web server with millions of bogus service requests. Answer: TRUE AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 25) Natural disasters present the largest risk for infrastructure loss. Answer: TRUE AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept

7 Copyright © 2017 Pearson Education, Ltd.

26) Define threat, vulnerability, safeguard, and target. Answer: A threat is a person or organization that seeks to obtain or alter data or other IS assets illegally, without the owner's permission and often without the owner's knowledge. A vulnerability is an opportunity for threats to gain access to individual or organizational assets. For example, when an individual buys something online, he or she provides his or her credit card data; when that data is transmitted over the Internet, it is vulnerable to threats. A safeguard is some measure that individuals or organizations take to block the threat from obtaining the asset. The target is the asset that is desired by the threat. AACSB: Information Technology Difficulty: 2: Moderate Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 27) What are the three general sources of security threats? Answer: A security threat is a challenge to the integrity of information systems that arises from one of three sources: human errors and mistakes, computer crime, and natural events and disasters. Human errors and mistakes include accidental problems caused by both employees and nonemployees. Computer crime includes employees and former employees who intentionally destroy data or other system components. It also includes hackers who break into a system and virus and worm writers who infect computer systems. Natural events and disasters include fires, floods, hurricanes, earthquakes, tsunamis, avalanches, and other acts of nature. Problems in this category include not only the initial loss of capability and service, but also losses stemming from actions to recover from the initial problem. AACSB: Information Technology Difficulty: 2: Moderate Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept

8 Copyright © 2017 Pearson Education, Ltd.

28) Define pretexting, phishing, spoofing, and sniffing. Answer: Pretexting occurs when someone deceives by pretending to be someone else. A common scam involves a telephone caller who pretends to be from a credit card company and claims to be checking the validity of credit card numbers. Phishing is a similar technique for obtaining unauthorized data that uses pretexting via email. The phisher pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, Social Security numbers, account passwords, and so forth. Spoofing is another term for someone pretending to be someone else. IP spoofing occurs when an intruder uses another site's IP address to masquerade as that other site. Sniffing is a technique for intercepting computer communications. With wired networks, sniffing requires a physical connection to the network. With wireless networks, no such connection is required. AACSB: Information Technology Difficulty: 2: Moderate Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 29) What is meant by denial of service? Answer: Human error in following procedures, or a lack of procedures, can result in denial of service. For example, humans can inadvertently shut down a Web server or corporate gateway router by starting a computationally intensive application. Computer criminals can launch an intentional denial-of-service attack in which a malicious hacker floods a Web server, for example, with millions of bogus service requests that so occupy the server that it cannot service legitimate requests. Finally, natural disasters may cause systems to fail, resulting in denial of service. AACSB: Information Technology Difficulty: 2: Moderate Course LO: Describe different methods of managing IS security LO: 10.1: What is the goal of information systems security? Classification: Concept 30) Which of the following statements is true about losses due to computer security threats? A) Surveys on computer crimes provide accurate results since they use standard parameters to measure and tally computer crime costs. B) Surveys suggest that some organizations do not report all their computer crime losses, and some will not report such losses at all. C) Losses due to natural disasters can be measured accurately. D) Losses due to human error are insignificant. Answer: B AACSB: Information Technology Difficulty: 2: Moderate Course LO: Describe different methods of managing IS security LO: 10.2: How big is the computer security problem? Classification: Concept

9 Copyright © 2017 Pearson Education, Ltd.

31) The losses due to human error are minimal, and hence, organizations tend to ignore these losses. Answer: FALSE AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.2: How big is the computer security problem? Classification: Concept 32) Describe the magnitude of security problems in the present day. Answer: The full extent of the financial and data losses due to computer security threats is unknown. Certainly, the losses due to human error are enormous, but few organizations compute those losses and even fewer publish them. Losses due to natural disasters are also enormous and impossible to compute. The earthquake in Japan, for example, shut down Japanese manufacturing, and losses rippled through the supply chain from the Far East to Europe and the United States. One can only imagine the enormous expense for Japanese companies as they restored their information systems. AACSB: Information Technology Difficulty: 2: Moderate Course LO: Describe different methods of managing IS security LO: 10.2: How big is the computer security problem? Classification: Concept 33) Which of the following is a personal security safeguard? A) sending valuable data only via email or IM B) using single password for all the sites C) removing high-value assets from computers D) storing browsing history, temporary files, and cookies Answer: C AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.3: How should you respond to security threats? Classification: Concept 34) Nonword passwords are vulnerable to a ________ attack in which the password cracker tries every possible combination of characters. A) denial-of-service B) sniffing C) brute force D) phishing Answer: C AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.3: How should you respond to security threats? Classification: Concept 10 Copyright © 2017 Pearson Education, Ltd.

35) ________ are small files that enables a browser to access Web sites without having to sign in every time. A) Cookies B) Botnets C) Payloads D) Public keys Answer: A AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.3: How should you respond to security threats? Classification: Concept 36) Removing and disabling ________ that may contain sensitive security data presents an excellent example of the trade-off between improved security and cost. A) bookmarks B) pop-ups C) cookies D) toolbars Answer: C AACSB: Information Technology Difficulty: 2: Moderate Course LO: Describe different methods of managing IS security LO: 10.3: How should you respond to security threats? Classification: Concept 37) One of the personal security safeguards is to use https at trusted, reputable vendors. Answer: TRUE AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.3: How should you respond to security threats? Classification: Concept 38) Most emails and IMs are protected by encryption. Answer: FALSE AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.3: How should you respond to security threats? Classification: Concept

11 Copyright © 2017 Pearson Education, Ltd.

39) Cookies enable an individual to access Web sites without having to sign in every time. Answer: TRUE AACSB: Information Technology Difficulty: 1: Easy Course LO: Describe different methods of managing IS security LO: 10.3: How should you respond to security threats? Classification: Concept 40) List various personal security safeguards. Answer: The various personal security safeguards that one can implement for computer security: • One should take security seriously. • One should create strong passwords. • One should use multiple passwords. • One should not send valuable data via email or IM. • One should use https at trusted, reputable vendors. • One should remove high-value assets from computers. • One should clear browsing history, temporary files, and cookies. • One should update antivirus software. • One should demonstrate security concern to one's fellow workers. • One should follow organizational security directives and guidelines. • One should consider security for all business initiatives. AACSB: Information Technology Difficulty: 2: Moderate Course LO: Describe different methods of managing IS security LO: 10.3: How should you respond to security threats? Classification: Concept 41) Which of the following is a critical security function that should be addressed by the senior management of an organization? A) sharing the pri...