MIS FINAL EXAM|Latest Update Graded A+
threat
A ________ is a person or an organization that seeks to obtain or alter data or other IS assets illegally,
without the owner's permission and often without the owner's knowledge.
an employee inadvertently installing an old database on top of the current one
Which of the following is considered a threat caused by human error?
hacking of information systems
Which of the following is considered a computer crime?
pretexting
A person claiming to be from central IT called Chris and asked him to participate in a password reset
audit. The person had Chris change his password to the word "123456", and then again to a secret
passphrase only Chris knew. Later that day Chris noticed odd system behavior, and then the system
crashed. Chris was a victim of ________.
unauthorized data disclosure
In the context of security threats, pretexting, sniffing, spoofing, and phishing are all examples of
________.
phishing
Stan loves collecting stamps. He receives an email that appears to come from a well-known stamp
auction site asking him to reset his username and password. He clicks on the link and it takes him to a
site that looks similar to the auction site, but the Web address is "scrambled" and unreadable. He
emails the customer service desk at the auction site and discovers they never sent the email. This
scenario is an example of attempted ________.
phishing
Email spoofing is a synonym for ________.
Sniffing
________ is a technique for intercepting computer communications through a physical connection to
a network or without a physical connection in the case of wireless networks.
adware
Which of the following is a sniffing technique?
hacking
Sally has been working really hard lately and asks her manager for a raise. Her manager tells her that
she is already the highest paid employee on the floor. Sally doesn't believe her manager, and illegally
accesses the employee database to look at salary data. Sally's act can be termed as ________.
an unauthorized transaction from a user's credit card
Which of the following is most likely to be a result of hacking?
, Incorrect data modification
________ occurs through human error when employees do not follow proper procedures or when
procedures have not been well designed.
Usurpation
________ occurs when computer criminals invade a computer system and replace legitimate
programs with their own, unauthorized ones that shut down legitimate applications.
A hacker floods a Web server with many millions of bogus service requests.
Which of the following usually happens in a malicious denial-of-service attack?
Natural disasters
________ present(s) the largest risk for an organization's infrastructure loss.
Advanced persistent threat
________ is a sophisticated, possibly long-running computer hack that is perpetrated by large, well-
funded organizations such as governments.
Surveys suggest that some organizations do not report all their computer crime losses, and some will
not report such losses at all.
Which of the following statements is TRUE about losses due to computer security threats?
removing high-value assets from computers
Which of the following is a personal security safeguard?
brute force
Nonword passwords are vulnerable to a ________ attack in which the password cracker tries every
possible combination of characters.
cookies
Removing and disabling ________ that may contain sensitive security data presents an excellent
example of the trade-off between improved security and cost.
Organizations should implement safeguards that balance the trade-off between risk and cost.
In information security, which of the following is TRUE about managing risk?
the HIPAA of 1996
Which of the following was passed to give individuals the right to access their own health data
created by doctors and other healthcare providers?
firewalls
Which of the following is classified as a technical safeguard?
smart card
threat
A ________ is a person or an organization that seeks to obtain or alter data or other IS assets illegally,
without the owner's permission and often without the owner's knowledge.
an employee inadvertently installing an old database on top of the current one
Which of the following is considered a threat caused by human error?
hacking of information systems
Which of the following is considered a computer crime?
pretexting
A person claiming to be from central IT called Chris and asked him to participate in a password reset
audit. The person had Chris change his password to the word "123456", and then again to a secret
passphrase only Chris knew. Later that day Chris noticed odd system behavior, and then the system
crashed. Chris was a victim of ________.
unauthorized data disclosure
In the context of security threats, pretexting, sniffing, spoofing, and phishing are all examples of
________.
phishing
Stan loves collecting stamps. He receives an email that appears to come from a well-known stamp
auction site asking him to reset his username and password. He clicks on the link and it takes him to a
site that looks similar to the auction site, but the Web address is "scrambled" and unreadable. He
emails the customer service desk at the auction site and discovers they never sent the email. This
scenario is an example of attempted ________.
phishing
Email spoofing is a synonym for ________.
Sniffing
________ is a technique for intercepting computer communications through a physical connection to
a network or without a physical connection in the case of wireless networks.
adware
Which of the following is a sniffing technique?
hacking
Sally has been working really hard lately and asks her manager for a raise. Her manager tells her that
she is already the highest paid employee on the floor. Sally doesn't believe her manager, and illegally
accesses the employee database to look at salary data. Sally's act can be termed as ________.
an unauthorized transaction from a user's credit card
Which of the following is most likely to be a result of hacking?
, Incorrect data modification
________ occurs through human error when employees do not follow proper procedures or when
procedures have not been well designed.
Usurpation
________ occurs when computer criminals invade a computer system and replace legitimate
programs with their own, unauthorized ones that shut down legitimate applications.
A hacker floods a Web server with many millions of bogus service requests.
Which of the following usually happens in a malicious denial-of-service attack?
Natural disasters
________ present(s) the largest risk for an organization's infrastructure loss.
Advanced persistent threat
________ is a sophisticated, possibly long-running computer hack that is perpetrated by large, well-
funded organizations such as governments.
Surveys suggest that some organizations do not report all their computer crime losses, and some will
not report such losses at all.
Which of the following statements is TRUE about losses due to computer security threats?
removing high-value assets from computers
Which of the following is a personal security safeguard?
brute force
Nonword passwords are vulnerable to a ________ attack in which the password cracker tries every
possible combination of characters.
cookies
Removing and disabling ________ that may contain sensitive security data presents an excellent
example of the trade-off between improved security and cost.
Organizations should implement safeguards that balance the trade-off between risk and cost.
In information security, which of the following is TRUE about managing risk?
the HIPAA of 1996
Which of the following was passed to give individuals the right to access their own health data
created by doctors and other healthcare providers?
firewalls
Which of the following is classified as a technical safeguard?
smart card
