BUS 401 Final Exam || Questions and Answers.
You have been hired as a security consultant for a legal firm. Which of the following
constitutes the greatest threat, in terms of security, to the firm? correct answers Employees
Based on your reading of the CardSystem's security breach and the text, what category
of malware was used on CardSystem's network? correct answers Trojan horse
A digital certificate system: correct answers uses third-party CAs to validate a user's identity.
In this method of encryption, a single encryption key is sent to the receiver so both
sender and receiver share the same key. correct answers Symmetric key encryption
Currently, the protocols used for secure information transfer over the Internet are: correct
answers SSL, TLS, and S-HTTP.
Most antivirus software is effective against: correct answers only those viruses already known
when the software is written.
________ use scanning software to look for known problems such as bad passwords,
the removal of important files, security attacks in progress, and system administration
errors. correct answers Intrusion detection systems
In this technique, network communications are analyzed to see whether packets are part
of an ongoing dialogue between a sender and a receiver: correct answers Stateful inspection
The text's discussion of the security enhancements of Monsanto Co and Clarion Health
Partners illustrates which of the following drawbacks to using passwords for
authentication? correct answers Poor password systems are a costly and insecure procedure.
,A firewall allows the organization to: correct answers enforce a security policy on traffic
between its network and the Internet.
Biometric authentication: correct answers can use a person's face as a unique, measurable trait.
A token is a: correct answers gadget that displays passcodes
Rigorous password systems: correct answers may hinder employee productivity.
An MIS audit must be conducted by someone who: correct answers Has a thorough
understanding of the entire system to be audited
Smaller firms can outsource security functions to: correct answers MSSPs.
Methods to make computer systems recover more quickly after mishaps is called: correct
answers Recovery oriented computing.
High-availability computing: correct answers Helps firms recover quickly from a crash.
Online transaction processing requires: correct answers fault-tolerant computer systems.
Downtime refers to: correct answers periods of time in which a computer system is not
operational.
A CSO is a: correct answers chief security officer.
An analysis of the firm's most critical systems and the impact a system's outage would
,have on the business is included in a(n): correct answers business impact analysis.
Statements ranking information risks are included in a(n): correct answers Security policy.
Analysis of an information system that rates the likelihood of a security incident
occurring and its cost is included in a(n): correct answers Risk assessment
Electronic evidence on computer storage media that is not visible to the average user is
called: correct answers Ambient data.
What is the key issue in information systems security and control? correct answers Intelligent
management policies
The most common type of electronic evidence is: correct answers E-mail.
The Gramm-Leach-Bliley Act: correct answers Requires financial institutions to ensure the
security of customer data.
The Sarbanes-Oxley Act: correct answers Imposes responsibility on financial information.
ISO 17799: correct answers Specifies best practices in information systems security and control.
The HIPAA act of 1996 correct answers Outlines medical security and privacy rules.
Policies, procedures, and tools for managing the retention, destruction, and storage of
electronic records is called: correct answers ERM
, How do software vendors correct flaws in their software after it has been distributed? correct
answers Issue patches.
Tricking employees to reveal their passwords by pretending to be a legitimate member of
a correct answers Social engineering.
Spamming is an example of: correct answers Computer abuse.
Evil twins are correct answers Bogus wireless networks that look legitimate to users.
Pharming involves: correct answers Redirecting users to a fraudulent Web site even when the
user has typed in the
correct address in the Web browser
Phishing involves: correct answers Setting up fake Web sites to ask users for confidential
information.
Phishing is a form of : correct answers Spoofing.
Which of the following is NOT an example of a computer used as a target of crime? correct
answers Illegally accessing stored electronic communication.
In your reading of the text's discussion of the experiences of Jersey Joe, Akamai, and
Protx Ltd, what is the greatest protection against bot attacks? correct answers Having individuals
use adequate anti-virus protection
The approach taken by Akamai Technologies when it discovered its servers were under
attack illustrates that: correct answers Enforcing security is a complex endeavor that involves
multiple approaches.
You have been hired as a security consultant for a legal firm. Which of the following
constitutes the greatest threat, in terms of security, to the firm? correct answers Employees
Based on your reading of the CardSystem's security breach and the text, what category
of malware was used on CardSystem's network? correct answers Trojan horse
A digital certificate system: correct answers uses third-party CAs to validate a user's identity.
In this method of encryption, a single encryption key is sent to the receiver so both
sender and receiver share the same key. correct answers Symmetric key encryption
Currently, the protocols used for secure information transfer over the Internet are: correct
answers SSL, TLS, and S-HTTP.
Most antivirus software is effective against: correct answers only those viruses already known
when the software is written.
________ use scanning software to look for known problems such as bad passwords,
the removal of important files, security attacks in progress, and system administration
errors. correct answers Intrusion detection systems
In this technique, network communications are analyzed to see whether packets are part
of an ongoing dialogue between a sender and a receiver: correct answers Stateful inspection
The text's discussion of the security enhancements of Monsanto Co and Clarion Health
Partners illustrates which of the following drawbacks to using passwords for
authentication? correct answers Poor password systems are a costly and insecure procedure.
,A firewall allows the organization to: correct answers enforce a security policy on traffic
between its network and the Internet.
Biometric authentication: correct answers can use a person's face as a unique, measurable trait.
A token is a: correct answers gadget that displays passcodes
Rigorous password systems: correct answers may hinder employee productivity.
An MIS audit must be conducted by someone who: correct answers Has a thorough
understanding of the entire system to be audited
Smaller firms can outsource security functions to: correct answers MSSPs.
Methods to make computer systems recover more quickly after mishaps is called: correct
answers Recovery oriented computing.
High-availability computing: correct answers Helps firms recover quickly from a crash.
Online transaction processing requires: correct answers fault-tolerant computer systems.
Downtime refers to: correct answers periods of time in which a computer system is not
operational.
A CSO is a: correct answers chief security officer.
An analysis of the firm's most critical systems and the impact a system's outage would
,have on the business is included in a(n): correct answers business impact analysis.
Statements ranking information risks are included in a(n): correct answers Security policy.
Analysis of an information system that rates the likelihood of a security incident
occurring and its cost is included in a(n): correct answers Risk assessment
Electronic evidence on computer storage media that is not visible to the average user is
called: correct answers Ambient data.
What is the key issue in information systems security and control? correct answers Intelligent
management policies
The most common type of electronic evidence is: correct answers E-mail.
The Gramm-Leach-Bliley Act: correct answers Requires financial institutions to ensure the
security of customer data.
The Sarbanes-Oxley Act: correct answers Imposes responsibility on financial information.
ISO 17799: correct answers Specifies best practices in information systems security and control.
The HIPAA act of 1996 correct answers Outlines medical security and privacy rules.
Policies, procedures, and tools for managing the retention, destruction, and storage of
electronic records is called: correct answers ERM
, How do software vendors correct flaws in their software after it has been distributed? correct
answers Issue patches.
Tricking employees to reveal their passwords by pretending to be a legitimate member of
a correct answers Social engineering.
Spamming is an example of: correct answers Computer abuse.
Evil twins are correct answers Bogus wireless networks that look legitimate to users.
Pharming involves: correct answers Redirecting users to a fraudulent Web site even when the
user has typed in the
correct address in the Web browser
Phishing involves: correct answers Setting up fake Web sites to ask users for confidential
information.
Phishing is a form of : correct answers Spoofing.
Which of the following is NOT an example of a computer used as a target of crime? correct
answers Illegally accessing stored electronic communication.
In your reading of the text's discussion of the experiences of Jersey Joe, Akamai, and
Protx Ltd, what is the greatest protection against bot attacks? correct answers Having individuals
use adequate anti-virus protection
The approach taken by Akamai Technologies when it discovered its servers were under
attack illustrates that: correct answers Enforcing security is a complex endeavor that involves
multiple approaches.
