INFO 360 FINAL EXAM QUESTIONS & ANSWERS
Which of the following factors is not increasing the threats to information
security? - Answers - d) limited storage capacity on portable devices
The computing skills necessary to be a hacker are decreasing for which of the
following reasons? - Answers - b) Computer attack programs, called scripts, are
available for download from the
Internet.
The cost of a stolen laptop includes all of the following except: - Answers - c) Backup
costs
Dumpster diving is: - Answers - c) typically committed for the purpose of identity theft.
Cybercriminals can obtain the information they need in order to assume
another person's identity by: - Answers - All of the above are strategies to obtain
information to assume another person's
identity.
A _____ is intellectual work that is known only to a company and is not based
on public information. - Answers - c) trade secret
A pharmaceutical company's research and development plan for a new class of
drugs would be best described as which of the following? - Answers - c) A trade secret
A _____ is a document that grants the holder exclusive rights on an invention
for 20 years. - Answers - b) patent
An organization's e-mail policy has the least impact on which of the following
software attacks? - Answers - d) zero-day
_____ are segments of computer code that attach to existing computer
programs and perform malicious acts. - Answers - a) Viruses
_____ are software programs that hide in other computer programs and reveal
their designed behavior only when they are activated. - Answers - c) Trojan horses
_____ are segments of computer code embedded within an organization's
existing computer programs that activate and perform a destructive action at a
certain time or date. - Answers - e) Logic bombs
A _____ attack uses deception to fraudulently acquire sensitive personal
information by masquerading as an official e-mail. - Answers - d) Phishing
In a _____ attack, a coordinated stream of requests is launched against a target
,system from many compromised computers at the same time. - Answers - e)
distributed denial-of-service
The term _____ refers to clandestine software that is installed on your PC
through duplicitous channels but is not particularly malicious. - Answers - a) Alien
software
Which of the following is (are) designed to use your computer as a launch pad
for sending unsolicited e-mail to other computers? - Answers - b) Spamware
When companies attempt to counter _____ by requiring users to accurately
select characters in turn from a series of boxes, attackers respond by using _____. -
Answers - a) keyloggers, screen scrapers
_____ is the process in which an organization assesses the value of each asset
being protected, estimates the probability that it will be compromised, and
compares the probable costs of an attack with the costs of protecting the asset. -
Answers - b) Risk analysis
Which of the following statements is false? - Answers - c) It is easy to assess the value
of a hypothetical attack.
In _____, the organization takes concrete actions against risks. - Answers - c) risk
mitigation
Which of the following is not a strategy for mitigating the risk of threats
against information? - Answers - e) Installing an updated operating system.
In _____, the organization purchases insurance as a means to compensate for
any loss. - Answers - e) risk transference
Which of the following statements concerning the difficulties in protecting
information resources is not correct? - Answers - c) Rapid technological changes
ensure that controls are effective for years.
_____ controls are concerned with user identification, and they restrict
unauthorized individuals from using information resources - Answers - a) Access
Rank the following in terms of dollar value of the crime, from highest to
lowest. - Answers - c) cybercrime - white collar crime - robbery
A _____ is any danger to which an information resource may be exposed. - Answers -
d) threat
An information system's _____ is the possibility that the system will be
harmed by a threat. - Answers - a) vulnerability
,The most overlooked people in information security are: - Answers - d) janitors and
guards
Employees in which functional areas of the organization pose particularly
grave threats to information security? - Answers - b) human resources, management
information systems
Unintentional threats to information systems include all of the following
except: - Answers - a) malicious software
_____ involves building an inappropriate trust relationship with employees for
the purpose of gaining sensitive information or unauthorized access privileges. -
Answers - d) Social engineering
Access controls involve _____ before _____. - Answers - b) authentication,
authorization
Biometrics are an example of: - Answers - something the user is
Voice and signature recognition are examples of: - Answers - e) something the user
does.
Passwords and passphrases are examples of: - Answers - d) something the user
knows.
Which of the following is not a characteristic of strong passwords? - Answers - e) They
tend to be short so they are easy to remember.
Which of the following is not a strong password? - Answers - d) Rainer
Bob is using public key encryption to send a message to Ted. Bob encrypts the
message with Ted's _____ key, and Ted decrypts the message using his _____ key -
Answers - b) public, private
Which of the following statements concerning firewalls is false? - Answers - d)
Firewalls filter messages the same way as anti-malware systems do.
In a process called _____, a company allows nothing to run unless it is
approved, whereas in a process called _____, the company allows everything to
run unless it is not approved - Answers - whitelisting, blacklisting
Organizations use hot sites, warm sites, and cold sites to insure business
continuity. Which of the following statements is false? - Answers - c) A hot site needs
to be located close to the organization's offices
, Refer to Opening Case -- Small Businesses in Danger; Which of the following
is not a consequence of poor information security practices? - Answers - e) Loss of
equipment
Refer to IT's About Business 7.1 - "Anonymous" Attacks the Vatican: Which
of the following statements about Anonymous' attack on the Vatican is true? - Answers
- c) The final effort was a DDoS attack.
Refer to IT's About Business 7.3 - How to Fight a Botnet: A botnet is a
collection of Intenet connected computers whose security defenses have been
breached and control ceded to a malicious party. Which of the following types of
software attacks did Rustock use to create its botnet. - Answers - c) Phishing attack
Refer to Closing Case 1 - Compliance: Which of the following is not an
important component of a GRC framework? - Answers - Restricing employee use of
Web sites.
Refer to Closing Case 2 - Computer Espionage: Which of the following is not
a technique used in electronic espionage? - Answers - a) VPN
Your company's headquarters was just hit head on by a hurricane, and the
building has lost power. The company sends you to their hot site to minimize
downtime from the disaster. Which of the following statements is true? - Answers - The
site should be an almost exact replica of the IT configuration at
headquarters
The forecast for your company's headquarters predicts the area hit head on by
a hurricane,. The company sends you to their warm site to minimize downtime
should such a disaster hit. Which of the following statements is true? - Answers - d)
The site will not have any of the company's applications.
The forecast for your company's headquarters predicts the area hit head on by
a hurricane,. The company sends you to their cold site to minimize downtime
should such a disaster hit. Which of the following statements is false? - Answers - The
site will have all of the company's applications
You receive an e-mail from your bank informing you that they are updating
their records and need your password. Which of the following statements is true? -
Answers - b) The message could be a phishing attack.
You start a new job, and the first thing your new company wants you to do is
create a user ID and a password. Which of the following would be a strong
password? - Answers - e) The name of the company spelled backward
You start a new job, and the first thing your new company wants you to do is
create a user ID and a password. To remember your password, you write it on a
Which of the following factors is not increasing the threats to information
security? - Answers - d) limited storage capacity on portable devices
The computing skills necessary to be a hacker are decreasing for which of the
following reasons? - Answers - b) Computer attack programs, called scripts, are
available for download from the
Internet.
The cost of a stolen laptop includes all of the following except: - Answers - c) Backup
costs
Dumpster diving is: - Answers - c) typically committed for the purpose of identity theft.
Cybercriminals can obtain the information they need in order to assume
another person's identity by: - Answers - All of the above are strategies to obtain
information to assume another person's
identity.
A _____ is intellectual work that is known only to a company and is not based
on public information. - Answers - c) trade secret
A pharmaceutical company's research and development plan for a new class of
drugs would be best described as which of the following? - Answers - c) A trade secret
A _____ is a document that grants the holder exclusive rights on an invention
for 20 years. - Answers - b) patent
An organization's e-mail policy has the least impact on which of the following
software attacks? - Answers - d) zero-day
_____ are segments of computer code that attach to existing computer
programs and perform malicious acts. - Answers - a) Viruses
_____ are software programs that hide in other computer programs and reveal
their designed behavior only when they are activated. - Answers - c) Trojan horses
_____ are segments of computer code embedded within an organization's
existing computer programs that activate and perform a destructive action at a
certain time or date. - Answers - e) Logic bombs
A _____ attack uses deception to fraudulently acquire sensitive personal
information by masquerading as an official e-mail. - Answers - d) Phishing
In a _____ attack, a coordinated stream of requests is launched against a target
,system from many compromised computers at the same time. - Answers - e)
distributed denial-of-service
The term _____ refers to clandestine software that is installed on your PC
through duplicitous channels but is not particularly malicious. - Answers - a) Alien
software
Which of the following is (are) designed to use your computer as a launch pad
for sending unsolicited e-mail to other computers? - Answers - b) Spamware
When companies attempt to counter _____ by requiring users to accurately
select characters in turn from a series of boxes, attackers respond by using _____. -
Answers - a) keyloggers, screen scrapers
_____ is the process in which an organization assesses the value of each asset
being protected, estimates the probability that it will be compromised, and
compares the probable costs of an attack with the costs of protecting the asset. -
Answers - b) Risk analysis
Which of the following statements is false? - Answers - c) It is easy to assess the value
of a hypothetical attack.
In _____, the organization takes concrete actions against risks. - Answers - c) risk
mitigation
Which of the following is not a strategy for mitigating the risk of threats
against information? - Answers - e) Installing an updated operating system.
In _____, the organization purchases insurance as a means to compensate for
any loss. - Answers - e) risk transference
Which of the following statements concerning the difficulties in protecting
information resources is not correct? - Answers - c) Rapid technological changes
ensure that controls are effective for years.
_____ controls are concerned with user identification, and they restrict
unauthorized individuals from using information resources - Answers - a) Access
Rank the following in terms of dollar value of the crime, from highest to
lowest. - Answers - c) cybercrime - white collar crime - robbery
A _____ is any danger to which an information resource may be exposed. - Answers -
d) threat
An information system's _____ is the possibility that the system will be
harmed by a threat. - Answers - a) vulnerability
,The most overlooked people in information security are: - Answers - d) janitors and
guards
Employees in which functional areas of the organization pose particularly
grave threats to information security? - Answers - b) human resources, management
information systems
Unintentional threats to information systems include all of the following
except: - Answers - a) malicious software
_____ involves building an inappropriate trust relationship with employees for
the purpose of gaining sensitive information or unauthorized access privileges. -
Answers - d) Social engineering
Access controls involve _____ before _____. - Answers - b) authentication,
authorization
Biometrics are an example of: - Answers - something the user is
Voice and signature recognition are examples of: - Answers - e) something the user
does.
Passwords and passphrases are examples of: - Answers - d) something the user
knows.
Which of the following is not a characteristic of strong passwords? - Answers - e) They
tend to be short so they are easy to remember.
Which of the following is not a strong password? - Answers - d) Rainer
Bob is using public key encryption to send a message to Ted. Bob encrypts the
message with Ted's _____ key, and Ted decrypts the message using his _____ key -
Answers - b) public, private
Which of the following statements concerning firewalls is false? - Answers - d)
Firewalls filter messages the same way as anti-malware systems do.
In a process called _____, a company allows nothing to run unless it is
approved, whereas in a process called _____, the company allows everything to
run unless it is not approved - Answers - whitelisting, blacklisting
Organizations use hot sites, warm sites, and cold sites to insure business
continuity. Which of the following statements is false? - Answers - c) A hot site needs
to be located close to the organization's offices
, Refer to Opening Case -- Small Businesses in Danger; Which of the following
is not a consequence of poor information security practices? - Answers - e) Loss of
equipment
Refer to IT's About Business 7.1 - "Anonymous" Attacks the Vatican: Which
of the following statements about Anonymous' attack on the Vatican is true? - Answers
- c) The final effort was a DDoS attack.
Refer to IT's About Business 7.3 - How to Fight a Botnet: A botnet is a
collection of Intenet connected computers whose security defenses have been
breached and control ceded to a malicious party. Which of the following types of
software attacks did Rustock use to create its botnet. - Answers - c) Phishing attack
Refer to Closing Case 1 - Compliance: Which of the following is not an
important component of a GRC framework? - Answers - Restricing employee use of
Web sites.
Refer to Closing Case 2 - Computer Espionage: Which of the following is not
a technique used in electronic espionage? - Answers - a) VPN
Your company's headquarters was just hit head on by a hurricane, and the
building has lost power. The company sends you to their hot site to minimize
downtime from the disaster. Which of the following statements is true? - Answers - The
site should be an almost exact replica of the IT configuration at
headquarters
The forecast for your company's headquarters predicts the area hit head on by
a hurricane,. The company sends you to their warm site to minimize downtime
should such a disaster hit. Which of the following statements is true? - Answers - d)
The site will not have any of the company's applications.
The forecast for your company's headquarters predicts the area hit head on by
a hurricane,. The company sends you to their cold site to minimize downtime
should such a disaster hit. Which of the following statements is false? - Answers - The
site will have all of the company's applications
You receive an e-mail from your bank informing you that they are updating
their records and need your password. Which of the following statements is true? -
Answers - b) The message could be a phishing attack.
You start a new job, and the first thing your new company wants you to do is
create a user ID and a password. Which of the following would be a strong
password? - Answers - e) The name of the company spelled backward
You start a new job, and the first thing your new company wants you to do is
create a user ID and a password. To remember your password, you write it on a
