C724 UNIT 7 - TEST REVIEW QUESTIONS & ANSWERS
[True/False] Information is a valuable asset and not everyone in the world can be
trusted with it. Therefore, we need to protect our valuable information from those with
poor intentions. The protection of our information assets is a discipline known as data
security. - Answers - False - The protection of our information assets is known as
Information Security.
Organizations are constantly encountering cyber-attacks from intruders. For instance, in
late 2013, the security system of Target Stores, Inc., was compromised by which of the
following type of attacker? - Answers - Black Hat - a computer hacker who acts with a
criminal intent.
Criminals use which method to send legitimate-looking emails to innocent victims, which
direct them to a Website where they are asked to input personal information such as
user logon and password? - Answers - Phishing
Organizations must follow procedures to store or transfer their financial information as
outlined in which of the following legislation? - Answers - Financial Services
Modernization Act (aka Gramm-Leach-Bliley Act) of 1999 - requires organizations and
individuals to adhere to rules and procedures for storing and transferring financial
information.
(Select all that apply). Organizations need to implement controls that will help them
mitigate risks due to technological factors. Which of the following are controls to
counteract risks due to the use of computers for business operations? - Answers -
Disallowing employees to share access with other employees or customers.
Adopting email policies and equipment to limit spam and malware on computer
systems.
Security policies are output from an organization's risk assessment process, which
cover an organization's need for various levels of security. Auditing is an example of a
security policies control. Which of the following is FALSE regarding auditing? - Answers
- Auditing can only be used by the accounting department.
Which of the following concept dictates that personnel should be given access on a
need-to-know basis? - Answers - Principle of Least Privilege
[True/False] The process of turning information into an unreadable format to prevent
unauthorized access is known as decryption. - Answers - False - it is called encryption.
Organizations need to include redundancy in their business disaster recovery plan by
creating duplicate facilities. Which of the following sites offer offsite office space that
allow recovery within minutes to hours? - Answers - Hot Sites
, Software companies such as Microsoft frequently develop system updates. What should
individuals do with these system updates? - Answers - Configure your computer system
to receive these updates automatically.
(Select all that apply). What are some of the actions that savvy users do to protect their
privacy? - Answers - Delete cookies from the computer periodically.
Enable popup blockers.
If your identity has been stolen, what should you do? - Answers - Consult legal counsel
and retain documentation of all stolen information.
Consult legal counsel and retain documentation of all stolen information. - Answers -
Accountability - the application of responsibility, or an obligation to accept responsibility.
You accepted the responsibility of a student, and you thereby are accountable for your
actions as a student.
Which of the following action is considered ethical, social, and legally acceptable? -
Answers - A small business owner installs Microsoft Office suite on all the computers in
his office.
Which of the following category of ethical models for ethical behavior approach
assesses the consequences and/or outcomes of an action to determine the greatest
good or least harm for the greatest number, regardless of the justice or fairness of or to
the individual? - Answers - Utilitarian Approach - evaluates the consequences and/or
outcome of an action to generate the maximum benefits for those involved.
Which of the following is an international establishment of laws that help to protect
fundamental human right to privacy? - Answers - Organization for Economic Co-
operation and Development (OECD) - an international agency consisting of 34
developed countries. Founded in 1961 to stimulate economic progress and world trade,
it has since created an anti-spam task force, wrote papers on best practices for ISPs,
and worked on the information economy and the future of the Internet economy.
[True/False] Digital goods are adequately protected as intellectual property under the
historical copyright laws. - Answers - False - Digital goods can be easily and quickly
copied and shared over the Internet.
Which of the following is NOT a benefit for individuals to take information security
training? - Answers - To understand the concept of safe harbor - this is a framework
developed by the U.S. Department and European Commission.
Which of the following must be enforced to protect the organization's corporate data
resources and to control access to the information assets? - Answers - Authentication
and Authorization
[True/False] Information is a valuable asset and not everyone in the world can be
trusted with it. Therefore, we need to protect our valuable information from those with
poor intentions. The protection of our information assets is a discipline known as data
security. - Answers - False - The protection of our information assets is known as
Information Security.
Organizations are constantly encountering cyber-attacks from intruders. For instance, in
late 2013, the security system of Target Stores, Inc., was compromised by which of the
following type of attacker? - Answers - Black Hat - a computer hacker who acts with a
criminal intent.
Criminals use which method to send legitimate-looking emails to innocent victims, which
direct them to a Website where they are asked to input personal information such as
user logon and password? - Answers - Phishing
Organizations must follow procedures to store or transfer their financial information as
outlined in which of the following legislation? - Answers - Financial Services
Modernization Act (aka Gramm-Leach-Bliley Act) of 1999 - requires organizations and
individuals to adhere to rules and procedures for storing and transferring financial
information.
(Select all that apply). Organizations need to implement controls that will help them
mitigate risks due to technological factors. Which of the following are controls to
counteract risks due to the use of computers for business operations? - Answers -
Disallowing employees to share access with other employees or customers.
Adopting email policies and equipment to limit spam and malware on computer
systems.
Security policies are output from an organization's risk assessment process, which
cover an organization's need for various levels of security. Auditing is an example of a
security policies control. Which of the following is FALSE regarding auditing? - Answers
- Auditing can only be used by the accounting department.
Which of the following concept dictates that personnel should be given access on a
need-to-know basis? - Answers - Principle of Least Privilege
[True/False] The process of turning information into an unreadable format to prevent
unauthorized access is known as decryption. - Answers - False - it is called encryption.
Organizations need to include redundancy in their business disaster recovery plan by
creating duplicate facilities. Which of the following sites offer offsite office space that
allow recovery within minutes to hours? - Answers - Hot Sites
, Software companies such as Microsoft frequently develop system updates. What should
individuals do with these system updates? - Answers - Configure your computer system
to receive these updates automatically.
(Select all that apply). What are some of the actions that savvy users do to protect their
privacy? - Answers - Delete cookies from the computer periodically.
Enable popup blockers.
If your identity has been stolen, what should you do? - Answers - Consult legal counsel
and retain documentation of all stolen information.
Consult legal counsel and retain documentation of all stolen information. - Answers -
Accountability - the application of responsibility, or an obligation to accept responsibility.
You accepted the responsibility of a student, and you thereby are accountable for your
actions as a student.
Which of the following action is considered ethical, social, and legally acceptable? -
Answers - A small business owner installs Microsoft Office suite on all the computers in
his office.
Which of the following category of ethical models for ethical behavior approach
assesses the consequences and/or outcomes of an action to determine the greatest
good or least harm for the greatest number, regardless of the justice or fairness of or to
the individual? - Answers - Utilitarian Approach - evaluates the consequences and/or
outcome of an action to generate the maximum benefits for those involved.
Which of the following is an international establishment of laws that help to protect
fundamental human right to privacy? - Answers - Organization for Economic Co-
operation and Development (OECD) - an international agency consisting of 34
developed countries. Founded in 1961 to stimulate economic progress and world trade,
it has since created an anti-spam task force, wrote papers on best practices for ISPs,
and worked on the information economy and the future of the Internet economy.
[True/False] Digital goods are adequately protected as intellectual property under the
historical copyright laws. - Answers - False - Digital goods can be easily and quickly
copied and shared over the Internet.
Which of the following is NOT a benefit for individuals to take information security
training? - Answers - To understand the concept of safe harbor - this is a framework
developed by the U.S. Department and European Commission.
Which of the following must be enforced to protect the organization's corporate data
resources and to control access to the information assets? - Answers - Authentication
and Authorization
