ITM 102 FINAL EXAM QUESTIONS
WITH 100% VERIFIED ANSWERS
Computer Crime - Answer-Any violation of criminal law that involves knowledge of
computer technology for its perpetration, investigation, or prosecution.
-Computer as a target of crime: breaching confidentiality of protected computerized
data, accessing a computer system without authority
-Computer as an instrument of crime: theft of trade secrets, using e-mail for threats or
harassment
Internet vulnerabilities - Answer--Network open to anyone: Network communication is
interpreted in an attempt to obtain key data, i.e. person-in-the-middle
-Size of Internet means abuses can have a wide impact
-use of fixed Internet addresses with cable/DSL modems creates fixed targets for
hackers
-Unencrypted VOIP
-E-mail, P2P, IM: interception, attachments with malicious software, transmitting trade
secrets
Wireless security challenges - Answer--Radio frequency bands easy to scan
-SSIDs (service set identifiers): identify access points, broadcast multiple times, can be
identified by sniffer programs
-War driving: eavesdroppers drive by buildings and try to detect SSID and gain access
to network or resources
Malicious Software - Answer-Commonly known as malware, is any software that brings
harm to a computer system. ex. computer viruses, worms, trojan horses, SQL Injection,
Spyware
Computer Viruses - Answer--Rogue software programs: attempts to bypass appropriate
authorization and/or perform unauthorized functions, attach to other programs in order
to be executed, usually without user knowledge or permission
-Deliver a "payload": copy themselves from one computer to another sometimes
through email attachments, may steal data or files, permit eavesdropping access,
destroy data.
Worms - Answer--Programs that copy themselves from one computer to another over
networks
-Virus vs Worms? Viruses require an active host program or an already-infected and
active operating system
,Trojan Horses - Answer--A software program that appears to be benign but then does
something unexpected
-Often "transports" a virus into a computer system
SQL Injection - Answer-Hackers submit data to Web forms that send rogue SQL query
to database to perform malicious acts
Spyware - Answer--Key loggers, reset browser home page, redirect search requests,
slow computer performance by taking up memory
Hackers - Answer-Individuals who attempt to gain unauthorized access to a computer
system
Cracker - Answer-A hacker with criminal intent
Computer Crime - Answer--Identify theft: A crime in which the imposter obtains key
pieces of personal information
-Password guessing
-Phishing: setting up fake Web sites or sending email messages that look legitimate and
using them to ask for confidential data
-Pharming: redirecting users to a bogus web site
-Back door: unauthorized access to anyone who knows it exists
-Cyberterrorism and Cyberwarfare: exploitation of systems by terrorists
Spoofing - Answer-masquerading as an authorized user with a recognizable IP address
or redirecting a Web link to an unintended address
Sniffing - Answer--an eavesdropping program that monitors information travelling over a
network
-enables hackers to steal proprietary information such as e-mail, company files, and so
on
Denial of Service (DoS) Attacks - Answer-DoS
-hackers flood a server with false communications in order to crash the system
Distributed DoS
-uses numerous computers to launch a DoS
Often use Botnets
-deliver 90% of world spam, 80% of world malware
Internal Threats: Employees - Answer-- *Security threats* often originate *inside* an
organization
- *Inside knowledge*
- *Sloppy security procedures*
(User lack of knowledge)
- *Social engineering:*
, Tricking employees into revealing their passwords by pretending to be legitimate
members of the company in need of information
What is security? - Answer-Policies, procedures, and technical measures used to
prevent unauthorized access, alteration, theft, or physical damage to information
systems
-Security measures are a special case of organizational controls: methods, policies, and
organizational procedures that ensure safety or organizations assets; accuracy and
reliability of its accounting records; and operational adherence to management
standards
Information Systems Controls - Answer-General controls
-govern design, security, and use of computer programs and security of data files in
general throughout organization
-software controls, hardware controls, computer operations, data security controls,
system development controls, administrative controls
Application controls
-controls unique to each computerized application
-input control , processing controls, output controls
Tools and Technologies for Safety guarding Information Systems - Answer-Software
Patches: small pieces of software to repair flaws, exploits often created faster than
patches and be released and implemented
Identity management software: automates keeping track of all users and privileges,
authenticates users, protecting identities, controlling access
Tools and Technologies for Safeguarding IS - Answer-Authentication: password
systems, tokens, smart cards, biometric authentication, two-factor authentication
Tools and Technologies for Safeguarding CONT'D - Answer-Firewall: Combination of
hardware and software that prevents unauthorized users from accessing private
networks
-technologies includes Packet Filtering
Tools and Technologies CONT'D - Answer-Intrusion detection system
- monitors hot spots on corporate networks to detect and deter intruders
Antivirus and antispyware software
-checks computer for presses of malware and can often eliminate it, requires continual
updating
Cryptography - Answer-Cryptography: the field of study related to encoded information
Encryption: the process of converting plaintext into cipher text
Decryption: the process of converting cipher-text into plaintext
Cryptography CONT'D - Answer-Cipher: an algorithm used to encrypt and decrypt text
Key: the set of parameters that guide a cipher
WITH 100% VERIFIED ANSWERS
Computer Crime - Answer-Any violation of criminal law that involves knowledge of
computer technology for its perpetration, investigation, or prosecution.
-Computer as a target of crime: breaching confidentiality of protected computerized
data, accessing a computer system without authority
-Computer as an instrument of crime: theft of trade secrets, using e-mail for threats or
harassment
Internet vulnerabilities - Answer--Network open to anyone: Network communication is
interpreted in an attempt to obtain key data, i.e. person-in-the-middle
-Size of Internet means abuses can have a wide impact
-use of fixed Internet addresses with cable/DSL modems creates fixed targets for
hackers
-Unencrypted VOIP
-E-mail, P2P, IM: interception, attachments with malicious software, transmitting trade
secrets
Wireless security challenges - Answer--Radio frequency bands easy to scan
-SSIDs (service set identifiers): identify access points, broadcast multiple times, can be
identified by sniffer programs
-War driving: eavesdroppers drive by buildings and try to detect SSID and gain access
to network or resources
Malicious Software - Answer-Commonly known as malware, is any software that brings
harm to a computer system. ex. computer viruses, worms, trojan horses, SQL Injection,
Spyware
Computer Viruses - Answer--Rogue software programs: attempts to bypass appropriate
authorization and/or perform unauthorized functions, attach to other programs in order
to be executed, usually without user knowledge or permission
-Deliver a "payload": copy themselves from one computer to another sometimes
through email attachments, may steal data or files, permit eavesdropping access,
destroy data.
Worms - Answer--Programs that copy themselves from one computer to another over
networks
-Virus vs Worms? Viruses require an active host program or an already-infected and
active operating system
,Trojan Horses - Answer--A software program that appears to be benign but then does
something unexpected
-Often "transports" a virus into a computer system
SQL Injection - Answer-Hackers submit data to Web forms that send rogue SQL query
to database to perform malicious acts
Spyware - Answer--Key loggers, reset browser home page, redirect search requests,
slow computer performance by taking up memory
Hackers - Answer-Individuals who attempt to gain unauthorized access to a computer
system
Cracker - Answer-A hacker with criminal intent
Computer Crime - Answer--Identify theft: A crime in which the imposter obtains key
pieces of personal information
-Password guessing
-Phishing: setting up fake Web sites or sending email messages that look legitimate and
using them to ask for confidential data
-Pharming: redirecting users to a bogus web site
-Back door: unauthorized access to anyone who knows it exists
-Cyberterrorism and Cyberwarfare: exploitation of systems by terrorists
Spoofing - Answer-masquerading as an authorized user with a recognizable IP address
or redirecting a Web link to an unintended address
Sniffing - Answer--an eavesdropping program that monitors information travelling over a
network
-enables hackers to steal proprietary information such as e-mail, company files, and so
on
Denial of Service (DoS) Attacks - Answer-DoS
-hackers flood a server with false communications in order to crash the system
Distributed DoS
-uses numerous computers to launch a DoS
Often use Botnets
-deliver 90% of world spam, 80% of world malware
Internal Threats: Employees - Answer-- *Security threats* often originate *inside* an
organization
- *Inside knowledge*
- *Sloppy security procedures*
(User lack of knowledge)
- *Social engineering:*
, Tricking employees into revealing their passwords by pretending to be legitimate
members of the company in need of information
What is security? - Answer-Policies, procedures, and technical measures used to
prevent unauthorized access, alteration, theft, or physical damage to information
systems
-Security measures are a special case of organizational controls: methods, policies, and
organizational procedures that ensure safety or organizations assets; accuracy and
reliability of its accounting records; and operational adherence to management
standards
Information Systems Controls - Answer-General controls
-govern design, security, and use of computer programs and security of data files in
general throughout organization
-software controls, hardware controls, computer operations, data security controls,
system development controls, administrative controls
Application controls
-controls unique to each computerized application
-input control , processing controls, output controls
Tools and Technologies for Safety guarding Information Systems - Answer-Software
Patches: small pieces of software to repair flaws, exploits often created faster than
patches and be released and implemented
Identity management software: automates keeping track of all users and privileges,
authenticates users, protecting identities, controlling access
Tools and Technologies for Safeguarding IS - Answer-Authentication: password
systems, tokens, smart cards, biometric authentication, two-factor authentication
Tools and Technologies for Safeguarding CONT'D - Answer-Firewall: Combination of
hardware and software that prevents unauthorized users from accessing private
networks
-technologies includes Packet Filtering
Tools and Technologies CONT'D - Answer-Intrusion detection system
- monitors hot spots on corporate networks to detect and deter intruders
Antivirus and antispyware software
-checks computer for presses of malware and can often eliminate it, requires continual
updating
Cryptography - Answer-Cryptography: the field of study related to encoded information
Encryption: the process of converting plaintext into cipher text
Decryption: the process of converting cipher-text into plaintext
Cryptography CONT'D - Answer-Cipher: an algorithm used to encrypt and decrypt text
Key: the set of parameters that guide a cipher
