WGU C724 Information Systems Management Unit 7 Test

False Correct answer- [True/False] Information is a valuable asset and not everyone in the world can be trusted with it. Therefore, we need to protect our valuable information from those with poor intentions. The protection of our information assets is a discipline known as data security. a.) True b.) False Black Hat Correct answer- Organizations are constantly encountering cyber-attacks from intruders. For instance, in late 2013, the security system of Target Stores, Inc., was compromised by which of the following type of attacker? a.) Grey Hat b.) Black Hat c.) White Hat Phishing Correct answer- Criminals use which method to send legitimate-looking emails to innocent victims, which direct them to a Website where they are asked to input personal information such as user logon and password? a.) Identity theft b.) Pharming c.) Social engineering d.) Phishing Financial Services Modernization Act (aka Gramm-Leach-Bliley Act) of 1999 Correct answer- Organizations must follow procedures to store or transfer their financial information as outlined in which of the following legislation? a.) Public Company Accounting Reform and Investor Act (aka Sarbanes-Oxley Act) of 2002 b.) Health Insurance Portability and Accountability Act (HIPAA) of 1996 c.) Financial Services Modernization Act (aka Gramm-Leach-Bliley Act) of 1999 Auditing can only be used by the accounting department Correct answer- Security policies are output from an organization's risk assessment process, which cover an organization's need for various levels of security. Auditing is an example of a security policies control. Which of the following is FALSE regarding auditing? a.) Auditing is used by many divisions and departments within an organization b.) Auditing can only be used by the accounting department c.) An IS auditor may penetrate security policies to determine their adequacy or need for training False Correct answer- [True/False] The process of turning information into an unreadable format to prevent unauthorized access is known as decryption. a.) True b.) False Hot sites Correct answer- Organizations need to include redundancy in their business disaster recovery plan by creating duplicate facilities. Which of the following sites offer offsite office space that allow recovery within minutes to hours? a.) Warm sites b.) Shared hot sites c.) Cold sites d.) Hot sites A and B Correct answer- (Select all that apply). What are some of the actions that savvy users do to protect their privacy? a.) Delete cookies from the computer periodically b.) Enable popup blockers c.) Do not use anonymous browsing Consult legal counsel and retain documentation of all stolen information Correct answer- If your identity has been stolen, what should you do? a.) Protect access to your information assets b.) Understand the methods that criminals used to steal the personal information c.) Understand which assets are irreplaceable and how they are vulnerable d.) Consult legal counsel and retain documentation of all stolen information A small business owner installs Microsoft Office suite on all the computers in his office Correct answer- Which of the following action is considered ethical, social, and legally acceptable? a.) An employee searches the corporate data resources for sensitive information about his neighbor or friends b.) A small business owner installs Microsoft Office suite on all the computers in his office c.) A high school student copies, uses, and distributes Taylor Swift music videos to his classmates Utilitarian approach Correct answer- Which of the following category of ethical models for ethical behavior approach assesses the consequences and/or outcomes of an action to determine the greatest good or least harm for the greatest number, regardless of the justice or fairness of or to the individual? a.) Utilitarian approach b.) Rights approach c.) Virtue d.) Fairness approach False Correct answer- [True/False] Digital goods are adequately protected as intellectual property under the historical copyright laws. a.) True b.) False To understand the concept of safe harbor Correct answer- Which of the following is NOT a benefit for individuals to take information security training? a.) Guard against loss from low-tech methods b.) Guard against loss from high-tech methods c.) To understand the value of their information assets d.) To understand the concept of safe harbor Authentication and authorization Correct answer- Which of the following must be enforced to protect the organization's corporate data resources and to control access to the information assets? a.) Authentication and authorization b.) Authentication and prevention c.) Authorization and prevention False Correct answer- [True/False] Every time we use a computer, we are exposed to the risk of getting a computer virus, even when we scan a photo onto a jump drive using a scanner or a printer. a.) True b.) False Public Company Accounting Reform and Investor Act (aka Sarbanes-Oxley Act) of 2002 Correct answer- Organizations must follow procedures to ensure the accuracy, integrity, and security of their financial information as outlined in which of the following legislation? a.) Public Company Accounting Reform and Investor Act (aka Sarbanes-Oxley Act) of 2002 b.) Health Insurance Portability and Accountability Act (HIPAA) of 1996 c.) Financial Services Modernization Act (aka Gramm-Leach-Bliley Act) of 1999 The AUP specifies acceptable and tolerable uses of an organization's computer systems, equipment, and information assets Correct answer- Security policies are output from an organization's risk assessment process, which cover an organization's need for various levels of security. Acceptable use policy (AUP) is an example of a security policies control. Which of the following is TRUE regarding AUP? a.) The AUP specifies acceptable and tolerable uses of an organization's computer systems, equipment, and information assets b.) The AUP determines if the user follows the policies and procedures stipulated by the organization c.) The AUP defines the authorization and authentication of users Unique identity Correct answer- Biometrics is the study and measuring of individual body characteristics, and is often used in computer security. Biometrics falls under which of the following methods? a.) Possession b.) Unique identity c.) Knowledge Data at rest Correct answer- At any point in time, all data must be categorized as being in one of the three states. Data that are not being accessed by the CPU are considered to be in which of the following three states? a.) Data in use b.) Data at rest c.) Data in motion Recover and protect business operations Correct answer- A disaster recovery plan (DRP) is a document of procedures to do what? a.) Reimburse company for infrastructure damages b.) Keep employees safe during natural disasters c.) Recover and protect business operations Install the latest anti-malware and antivirus programs Correct answer- What is the best way for individuals to safeguard their computers against malware? a.) Install only the latest antivirus programs b.) Install the latest anti-malware and antivirus programs c.) Install only the latest anti-malware programs d.) Install any version of anti-malware and antivirus programs Create automatic backups on cloud storage Correct answer- Which of the following actions will help us protect our computer against failure? a.) Do not store data on the cloud b.) Create automatic backups on cloud storage c.) Only store data on a hard drive d.) Store all data on a jump drive B and C Correct answer- (Select all that apply). If we intentionally harden our individual security, we can make it more difficult for criminals to steal our information assets. Which of the following recommendations will harden our individual security? a.) Make account access or changes easier b.) Manage the retention and disposal of potentially sensitive information c.) Randomize behavior Liability Correct answer- As the owner of a small business, which of the following would allow your clients to sue you in court for any mismanagement? a.) Responsibility b.) Accountability c.) Liability d.) Ethical principles Virtue Correct answer- Which of the following ethical models values human behaviors that allow us to act in aspirational ways? a.) Utilitarian b.) Rights c.) Virtue d.) Fairness e.) Common Good Digital Millennium Copyright Act (DMCA) Correct answer- Which of the following is NOT a legislation created to protect the integrity and confidentiality of information? a.) Sarbanes-Oxley Act (SOX) b.) Digital Millennium Copyright Act (DMCA) c.) Health Insurance Portability and Accountability Act (HIPAA) d.) Gramm-Leach Bliley Act (GLBA) False Correct answer- [True/False] Implementing devices in our computer systems to help in identity and approved equipment verification is a defensive method of technological measures. a.) True b.) False Employees must be authenticated Correct answer- How do organizations confirm the identity of their employees before they are allowed access to the corporate data resources? a.) Employees must be authenticated b.) Employees must be authorized c.) Employees must read the information policies Identify potential markets for the organization Correct answer- Organizations must implement procedures to defend themselves against risks from vulnerabilities and threats to their daily operations. Which of the following is NOT a procedure that would be helpful in protecting organizations against risks and vulnerabilities? a.) Identify potential markets for the organization b.) Identify critical business operations c.) Measure risks that threaten the organization d.) Implement planning, measures, and controls to mitigate the risks Airports or coffee shops, where criminals redirect users to a website that looks official and legitimate Correct answer- Evil twins and pharming are two different examples of phishing. What's the best example of pharming and where it can occur? a.) Airports or coffee shops, where criminals offer free, trustworthy-looking Wi-Fi connections b.) Airports or coffee shops, where criminals hack into wireless network cards to retrieve passwords used c.) Airports or coffee shops, where criminals redirect users to a website that looks official and legitimate Organizational factors Correct answer- Which of the following factors deals with the potential loss of business from the dismissal or death of an important key manager? a.) Technological factors b.) Environmental risk factors c.) Organizational factors Acceptable use Correct answer- In order to keep company computers secure, users must agree to WHAT type of policy stipulated by the organization in order to access a company network or the Internet? a.) Identity management b.) Information audit c.) Acceptable use Separation of Duties Correct answer- One way to reduce the possibility of fraud and abuse of data resources is to apply which concept of information security, which ensures that personnel's responsibilities and duties are separated from their access? a.) Separation of Duties b.) Information Security c.) Principle of Least Privilege Data in motion Correct answer- At any point in time, all data must be categorized as being in one of the three states. Data that are in main memory or RAM are categorized as being in which of the following three states? a.) Data in motion b.) Data in use c.) Data at rest Warm sites Correct answer- Organizations need to include redundancy in their business disaster recovery plan by creating duplicate facilities. Which of the following sites offer offsite office space that allow recovery within hours to days? a.) Shared hot sites b.) Warm sites c.) Cold sites d.) Hot sites Malware Correct answer- Installing the latest antivirus applications onto your computer is one way to protect your computer from WHAT type of software which can be used to steal information or spy on users? a.) Malware b.) Application c.) Adware Destroying sensitive information Correct answer- We need to intentionally harden our individual security to make it harder for criminals to steal our information assets by removing all paper trails to our important information. Doing WHAT by using a cross-cut shredder will help eliminate this possibility? a.) Making accounts more secure b.) Destroying sensitive information c.) Using secure forms of payment Accessibility Correct answer- Which of the following category of generalized ethical issues refers to creation of barriers to access? a.) Privacy b.) Accuracy c.) Accessibility d.) Property World Intellectual Property Organization (WIPO) Copyright Treaty Correct answer- Which of the following is an international law or agreement created to combat increasing piracy software and digital goods? a.) Gramm-Leach Bliley Act (GLBA) b.) Digital Millennium