Review Questions Chapter 12: Information Security Management

chainbirdinhandSecurity

Feb 23, 2014 (3 years and 8 months ago)

314 views

1


Re
view Q
uestions


Chapter 12: Information Security Management




1) Which of the following is an example of a security threat resulting from malicious human activity?

A) an employee who misunderstands operating procedures

B) an employee who accidentally
deletes customer records

C) an employee who inadvertently installs an old database on top of the current one

D) an employee who intentionally destroys data or other system components


2) A person calls the Draper residence and pretends to represent a cred
it card company. He asks Mrs. Draper to
confirm her credit card number. This is an example of ________.

A) hacking

B) phishing

C) pretexting

D) sniffing


3) Which of the following is a synonym for phishing?

A) drive
-
by sniffing

B) e
-
mail spoofing

C) IP spo
ofing

D) system hacking


4) ________ simply take computers with wireless connections through an area and search for unprotected wireless
networks.

A) Drive
-
by sniffers

B) Spoofers

C) Hackers

D) Phishers


5) An employee carelessly releases proprietary data
to the media. This is a case of ________ resulting from
________.

A) loss of infrastructure; human error

B) unauthorized data disclosure; human error

C) loss of infrastructure; malicious activity

D) unauthorized data disclosure; malicious activity


6) A
________ pretends to be a legitimate company and sends emails requesting confidential data.

A) hacker

B) phisher

C) drive
-
by sniffer

D) sniffer


7) Mark recently received an email from what appeared to be a legitimate company, asking him to update and ver
ify
his credit card details. Unknowingly, he obliged and later realized that the information had been misused. Mark is a
victim of ________.

A) hacking

B) phishing

C) pretexting

D) sniffing


8) ________ is a technique for intercepting computer communicati
ons.

A) Spoofing

B) Hacking

C) Pretexting

D) Sniffing


2


9) ________ occur when bogus services flood a Web server.

A) Spoofing attacks

B) Hacking attacks

C) Phishing attacks

D) DOS attacks


10) Some unauthorized programs are able to ________ legitimate syst
ems and substitute their own processing.

A) usurp

B) spoof

C) hack

D) flood


11) ________ occurs when a person gains unauthorized access to a computer system.

A) Usurpation

B) Spoofing

C) Hacking

D) Phishing


12) A problem in a customer billing system that

occurs due to errors made during software installation is a case of
________ resulting from ________.

A) faulty service; human error

B) distributed denial of service; malicious activity

C) faulty service; malicious activity

D) distributed denial of servic
e; human error


13) ________ is an example of a data safeguard against security threats.

A) Application design

B) Backup and recovery

C) Accountability

D) Procedure design


14) Which of the following is a human safeguard against security threats?

A) backup

B) firewalls

C) physical security

D) procedure design


15) Which of the following is a technical safeguard against security threats?

A) passwords

B) backup and recovery

C) compliance

D) identification and authorization


16) A user name ________ a user.

A
) authenticates

B) identifies

C) conceals

D) encrypts


17) A password ________ a user.

A) authenticates

B) identifies

C) conceals

D) encrypts




3


18) Users of smart cards are required to enter a ________ to be authenticated.

A) PIN

B) password

C) biometri
c detail

D) key


19) A(n) ________ card has a microchip on it that is loaded with identifying data.

A) USB

B) biometric

C) smart

D) encryption


20) ________ use(s) personal physical characteristics such as fingerprints, facial features, and retinal sca
ns to verify
users.

A) Passwords

B) Smart cards

C) Biometric authentication

D) Personal identification numbers


21)
________
is the process of transforming clear text into coded, unintelligible text for secure storage or
communication.

A) Usurpation

B) Aut
hentication

C) Standardization

D) Encryption


22) Which of the following steps of the Secure Socket Layer is NOT true?

A) The computer obtains the public key of the website to which it will connect.

B) The computer generates a key for symmetric encryption
.

C) The computer encodes that key using the Web site's public key.

D) The Web site decodes the symmetric key using its public key.


23) A(n) ________ sits outside the organizational network and is the first device that Internet traffic encounters.

A) inte
rnal firewall

B) perimeter firewall

C) packet
-
filtering firewall

D) malware firewall


24) ________ firewalls can prohibit outsiders from starting a session with any user behind the firewall.

A) Perimeter

B) Internal

C) Packet
-
filtering

D) Malware


25) The

program code that causes unwanted activity is called the ________.

A) key escrow

B) metadata

C) widget

D) payload


26) The broadest definition of ________ includes viruses, worms, Trojan horses, spyware, and adware.

A) malware

B) metadata


C) software

D)
widgets



4


27) Which of the following are malware masquerading as useful programs?

A) macro viruses

B) trojan horses

C) worms

D) payloads


28) What is the similarity between adware and spyware?

A) Both masquerade as useful programs.

B) Both are specifically

programmed to spread.

C) Both are installed without user's permission.

D) Both are used to steal data.


29) ________ are the patterns that exist in malware code and should be downloaded and updated frequently.

A) Data safeguards

B) Patches

C) Antivirus s
cans

D) Malware definitions


30) Organizations should protect sensitive data by storing it in ________ form.

A) digital

B) standardized

C) encrypted

D) authenticated


31) Because encryption keys can get lost or destroyed, a copy of the key should be stored

with a trusted third party.
This safety procedure is sometimes called ________.

A) key escrow

B) white hat

C) key encryption

D) biometric authentication


32) Which of the following is an example of a data safeguard?

A) application design

B) dissemination

of information

C) physical security

D) malware protection


33) Which of the following statements is true regarding position sensitivity?

A) It is a type of data safeguard.

B) It enables security personnel to prioritize their activities in accordance with
the possible risk and loss.

C) It is documented only for high
-
sensitivity positions.

D) It applies to new employees only.


34) Enforcement of security procedures and policies consists of three interdependent factors: ________.

A) centralized reporting, pre
paration, and practice

B) account administration, systems procedures, and security monitoring

C) separation of duties, least privilege, and position sensitivity

D) responsibility, accountability, and compliance


35) In terms of password management, when an

account is created, users should ________.

A) create two passwords and switch back and forth between those two

B) immediately change the password they are given to a password of their own

C) maintain the same password they are given for all future authent
ication purposes

D) ensure that they do not change their passwords frequently, thereby reducing the risk of password loss


5


36) Typically, a help
-
desk information system has answers to questions that only a true user would know, such as
the user's birthpla
ce, mother's maiden name, or last four digits of an important account number. This information
________.

A) allows help
-
desk representatives to create new passwords for users

B) reduces the strength of the security system

C) protects the anonymity of a use
r

D) helps authenticate a user


37) Activity log analysis is an important ________ function.

A) account administration

B) security monitoring

C) backup

D) data administration


38) ________ are remote processing centers run by commercial disaster
-
recovery s
ervices.

A) Cold sites

B) Web browsers

C) Hot sites

D) Backup centres


39) Every organization should have a(n) ________ as part of the security program, which should include how
employees are to react to security problems, whom they should contact, the re
ports they should make, and steps they
can take to reduce further loss.

A) key escrow

B) smart card

C) human safeguard plan

D) incident
-
response plan


40) Which of the following is true regarding an incident
-
response plan?

A) The plan should provide decent
ralized reporting of all security incidents.

B) The plan should require minimal training on the part of employees.

C) The plan should identify critical personnel and their off
-
hours contact information.

D) The plan should be simple enough to ensure a fast
response with limited practice.