You are on page 1of 38

Exam

Name___________________________________

1

36.
Protecting information and information systems from unauthorized access, use, disclosure, disruption, modifcation,
perusal, inspection, recording, or destruction best defnes
A)
anti-virus protection.
B)
security audit.
C)
incident management.
D)
information security.
Answer:
D
Dif: 1
Type: MC
Page Ref: 488
AACSB:
Objective:

37.
The ________ translates or converts domain names to their IP addresses.
A)
VPN
B)
IPS
C)
DOS
D)
DNS
Answer:
D
Dif: 2
Type: MC
Page Ref: 491
AACSB:
Objective:

38.
________ refers to the e-markets for stolen information.
A)
Internet underground economy
B)
Cybercriminal
C)
Virtual private network
D)
Denial of service
Answer:
A
Dif: 2
Type: MC
Page Ref: 492
AACSB:
Objective:

39.
________ systems are highly useful for both law enforcement and for law breaking, for example, by providing a means to
obtain passwords or encryption keys and thus bypassing other security measures.
A)
Access control
B)
Biometric
C)
Keystroke logging
D)
Intrusion detection
Answer:
C
Dif: 2
Type: MC
Page Ref: 493
AACSB:
Objective:

40.
________ is a crimeware technique used to steal the identity of target companies to get the identities of their customers.
A)
Pretexting
B)
Spamming
C)
Social engineering
D)
Phishing
Answer:
D
Dif: 2
Type: MC
Page Ref: 494
AACSB: Use of information technology
Objective:

41.
A plan that keeps the business running after a disaster occurs best defnes
A)
security audit specifcations.
B)
vulnerability assessment plan.
C)
project initiation plan.
D)
business continuity plan.
Answer:
D
Dif: 2
Type: MC
Page Ref: 494
AACSB:
Objective:

42.
The estimated cost, loss, or damage that can result if a threat exploits a vulnerability best describes
A)
present value of risk.
B)
total cost of ownership.
C)
exposure.
D)
risk feasibility assessment.
Answer:
C
Dif: 2
Type: MC
Page Ref: 494
AACSB:
Objective:

43.
A generic term for malicious software is
A)
NOS.
B)
malware.
C)
ad-aware.
D)
spynet.
Answer:
B
Dif: 1
Type: MC
Page Ref: 494
AACSB:
Objective:

44.
The probability that a vulnerability will be known and used best describes
A)
security fault.
B)
risk.
C)
feasibility.
D)
splog point.
Answer:
B
Dif: 2
Type: MC
Page Ref: 494
AACSB:
Objective:

45.
A type of nontechnical attack that uses some ruse to trick users into revealing information or performing an action that
compromises a computer or network best describes
A)
identity theft.
B)
viral email.
C)
social engineering.
D)
splog.
Answer:
C
Dif: 2
Type: MC
Page Ref: 494
AACSB:
Objective:

46.
Computers infected with malware that are under the control of a spammer, hacker, or other criminal best describes
A)
fraud servers.
B)
electronic defenders.
C)
cyber warriors.
D)
zombies.
Answer:
D
Dif: 2
Type: MC
Page Ref: 495
AACSB:
Objective:

47.
Unintentional threats include each of the following except
A)
identity theft.
B)
environmental hazards.
C)
computer system malfunctions.
D)
human errors.
Answer:
A
Dif: 2
Type: MC
Page Ref: 495
AACSB:
Objective:

48.
Someone who gains unauthorized access to a computer system best describes a
A)
cyberseeker.
B)
hacker.
C)
network technician.
D)
cyberwarrior.
Answer:
B
Dif: 2
Type: MC
Page Ref: 496
AACSB:
Objective:

49.
A malicious hacker who may represent a serious problem for a corporation best describes a
A)
cracker.
B)
web surfer.
C)
Internet commando.
D)
cyberspy.
Answer:
A
Dif: 2
Type: MC
Page Ref: 496
AACSB:
Objective:

50.
According to Sullivan (2011), vulnerabilities in IT and EC systems include each of the following except
A)
lack of environmental support.
B)
unencrypted communications.
C)
poor application security.
D)
weak boundary security.
Answer:
A
Dif: 2
Type: MC
Page Ref: 497
AACSB:
Objective:

51.
According to Sullivan (2011), the vulnerabilities in Business IT and EC systems include each of the following
organizational weaknesses except
A)
lax security with mobile devices.
B)
inappropriate use of business computers and network services.
C)
closed systems not reacting quickly enough to security breaches.
D)
end-user training and security awareness.
Answer:
C
Dif: 3
Type: MC
Page Ref: 497
AACSB:
Objective:

52.
The process of determining what the authenticated entity is allowed to access and what operations it is allowed to
perform is known as
A)
nonrepudiation.
B)
authorization.
C)
integrity.
D)
availability.
Answer:
B
Dif: 2
Type: MC
Page Ref: 498
AACSB: Use of information technology
Objective:

53.
The process of verifying the real identity of an individual, computer, computer program, or EC website best defnes
A)
authorization.
B)
authentication.
C)
vulnerability assessment.
D)
security audit.
Answer:
B
Dif: 2
Type: MC
Page Ref: 498
AACSB:
Objective:

54.
The assurance that an online customer or trading partner cannot falsely deny their purchase or transaction is referred to as
A)
integrity.
B)
nonrepudiation.
C)
availability.
D)
authentication.
Answer:
B
Dif: 2
Type: MC
Page Ref: 498
AACSB: Use of information technology
Objective:

55.
The protection of information systems against unauthorized access to or modifcation of information that is stored,
processed, or being sent over a network is referred to as
A)
data integrity.
B)
human frewall.
C)
information integrity.
D)
information assurance.
Answer:
D
Dif: 2
Type: MC
Page Ref: 499
AACSB: Use of information technology
Objective:

56.
A strategy that views EC security as the process of preventing and detecting unauthorized use of the organization's brand,
identity, website, e-mail, information, or other asset and attempts to defraud the organization, its customers, and
employees best describes
A)
EC security strategy.
B)
disaster recovery plan.
C)
information systems security plan.
D)
feasibility assessment.
Answer:
A
Dif: 2
Type: MC
Page Ref: 499
AACSB:
Objective:

57.
A program that appears to have a useful function but that contains a hidden function that presents a security risk best
defnes
A)
Trojan horse.
B)
virus.
C)
worm.
D)
botnet.
Answer:
A
Type: MC
Page Ref: 501
AACSB:
Objective:

58.
A software program that runs independently, consuming the resources of its host in order to maintain itself, that is
capable of propagating a complete working version of itself onto another machine best describes
A)
tidal wave.
B)
worm.
C)
Trojan horse.
D)
splog.
Answer:
B
Dif: 2
Type: MC
Page Ref: 501
AACSB:
Objective:

59.
An attack on a website in which an attacker uses specialized software to send a food of data packets to the target
computer with the aim of overloading its resources best describes
A)
botnet infestation.
B)
denial-of-service attack.
C)
cyberhijacking.
D)
cyberraid.
Answer:
B
Dif: 2
Type: MC
Page Ref: 503
AACSB:
Objective:

60.
Creating a rogue copy of a popular website that shows contents similar to the original to a Web crawler. Once there, an
unsuspecting user is redirected to malicious websites. This description is indicative of
A)
page hijacking.
B)
cyberworming.
C)
spamming.
D)
electronic splogging.
Answer:
A
Dif: 2
Type: MC
Page Ref: 503
AACSB:
Objective:

61.
A botnet is a
A)
piece of software code that inserts itself into a host or operating system to launch DoS attacks.
B)
coordinated network of computers that can scan and compromise other computers and launch DoS attacks.
C)
piece of code in a worm that spreads rapidly and exploits some known vulnerability.
D)
collection of a few hundred hijacked Internet computers that have been set up to forward trafc, including spam and
viruses, to other computers on the Internet.
Answer:
B
Dif: 2
Type: MC
Page Ref: 503
AACSB: Use of information technology
Objective:

62.
Software that gathers user information over an Internet connection without the user's knowledge best defnes
A)
Trojan horse.
B)
spyware.
C)
search engine spam.
D)
zombie.
Answer:
B
Dif: 2
Type: MC
Page Ref: 499
AACSB:
Objective:

63.
A page that uses techniques that deliberately subvert a search engine's algorithms to artifcially infate the page's ranking
best describes
A)
Trojan page.
B)
search engine imposter.
C)
spam site.
D)
zombie.
Answer:
C
Dif: 2
Type: MC
Page Ref: 511
AACSB:
Objective:

64.
The success and security of EC can be measured by
A)
authentication, authorization, and nonrepudiation.
B)
encryption, functionality, and privacy.
C)
confdentiality, integrity, and availability.
D)
quality, reliability, and speed.
Answer:
C
Dif: 3
Type: MC
Page Ref: 513
AACSB: Use of information technology
Objective:

65.
Which of the following refers to the assurance of data privacy and accuracy?
A)
availability
B)
confdentiality
C)
security
D)
integrity
Answer:
B
Dif: 2
Type: MC
Page Ref: 513
AACSB:
Objective:

66.
Which of the following refers to the assurance that access to data, the website, or other EC data service is timely, available,
reliable, and restricted to authorized users?
A)
availability
B)
integrity
C)
spontaneity
D)
confdentiality
Answer:
A
Dif: 2
Type: MC
Page Ref: 513
AACSB:
Objective:

67.
Which of the following refers to the process of identifying, quantifying, and prioritizing the vulnerabilities in a system?
A)
certifcation audit
B)
initial security report
C)
feasibility assessment
D)
vulnerability assessment
Answer:
D
Dif: 3
Type: MC
Page Ref: 513
AACSB:
Objective:

68.
A method of evaluating the security of a computer system or a network by simulating an attack from a malicious source
best describes
A)
penetration test.
B)
vulnerability assessment.
C)
security breach.
D)
cyber audit.
Answer:
A
Dif: 2
Type: MC
Page Ref: 513
AACSB:
Objective:

69.
Each of the following is a characteristic of access control except
A)
access control lists (ACLs) defne users' rights, such as what they are allowed to read, view, write, print, copy, delete,
execute, modify, or move.
B)
after a user has been identifed, the user must be authenticated.
C)
all resources need to be considered together to identify the rights of users or categories of users.
D)
access control determines which persons, programs, or machines can legitimately use a network resource and which
resources he, she, or it can use.
Answer:
C
Dif: 2
Type: MC
Page Ref: 517
AACSB: Use of information technology
Objective:

70.
Fingerprint scanners, facial recognition systems, and voice recognition are examples of ________ that recognize a person
by some physical trait.
A)
human frewalls
B)
biometric systems
C)
intrusion detection systems
D)
access control lists
Answer:
B
Dif: 2
Type: MC
Page Ref: 518
AACSB: Use of information technology
Objective:

71.
The mathematical formula used to encrypt the plaintext into the ciphertext, and vice versa best defnes
A)
public key infrastructure.
B)
locking algorithm.
C)
encryption algorithm.
D)
key space.
Answer:
C
Dif: 2
Type: MC
Page Ref: 519
AACSB:
Objective:

72.
The large number of possible key values created by the algorithm to use when transforming the message best describes
A)
encryption lock.
B)
determinate.
C)
encryption code.
D)
key space.
Answer:
D
Dif: 2
Type: MC
Page Ref: 519
AACSB:
Objective:

73.
Security functions or characteristics of digital signatures include all of the following except
A)
digital signatures are portable.
B)
digital signatures ensure that the original content of an electronic message or document is unchanged.
C)
a digital signature is the electronic equivalent of a personal signature, which can be forged.
D)
digital signatures are based on public keys for authenticating the identity of the sender of a message or document.
Answer:
C
Dif: 3
Type: MC
Page Ref: 521
AACSB: Use of information technology
Objective:

74.
A summary of a message converted into a string of digits after the hash has been applied best describes
A)
message digest.
B)
reference rate.
C)
digital certifcate.
D)
key code.
Answer:
A
Dif: 3
Type: MC
Page Ref: 521
AACSB:
Objective:

75.
A mathematical computation that is applied to a message, using a private key to encrypt the message, best defnes
A)
standard deviation.
B)
hash.
C)
locking code.
D)
Sharpe ratio.
Answer:
B
Dif: 3
Type: MC
Page Ref: 521
AACSB:
Objective:

76.
Advantages of virtual private networks include each of the following except
A)
remote users can use broadband connections rather than make long distance calls to access an organization's private
network.
B)
they are less expensive than private leased lines because they use the public Internet to carry information.
C)
they ensure the confdentiality and integrity of the data transmitted over the Internet without requiring encryption.
D)
they can reduce communication costs dramatically because VPN equipment is cheaper than other remote solutions.
Answer:
C
Dif: 3
Type: MC
Page Ref: 525
AACSB: Use of information technology
Objective:

77.
A method used to ensure confdentiality and integrity of data transmitted over the Internet by encrypting data packets,
sending them in packets across the Internet, and decrypting them at the destination address best defnes
A)
Trojan horse.
B)
protocol tunneling.
C)
message envelope.
D)
data wrapping.
Answer:
B
Dif: 3
Type: MC
Page Ref: 525
AACSB:
Objective:

78.
An EC security strategy and program begins with
A)
the commitment and involvement of executive management.
B)
secure design of EC applications.
C)
layers of hardware and software defenses.
D)
information security policies and training.
Answer:
A
Dif: 1
Type: MC
Page Ref: 536
AACSB: Use of information technology
Objective:

79.
An exercise that determines the impact of losing the support of an EC resource to an organization and establishes the
escalation of that loss over time, identifes the minimum resources needed to recover, and prioritizes the recovery of
processes and supporting systems best describes
A)
business impact analysis.
B)
computer security incident management.
C)
vulnerability assessment.
D)
business continuity plan.
Answer:
A
Dif: 2
Type: MC
Page Ref: 537
AACSB:
Objective:

80.
The key reasons why EC criminals cannot be stopped include each of the following except
A)
there is a lack of cooperation from credit card issuers and foreign ISPs.
B)
strong EC security makes online shopping inconvenient and demanding on customers.
C)
sophisticated hackers use browsers to crack into Web sites.
D)
online shoppers do not take necessary precautions to avoid becoming a victim.
Answer:
C
Dif: 2
Type: MC
Page Ref: 537
AACSB: Use of information technology
Objective:

81.
Briefy describe nonrepudiation and its importance for EC and electronic transactions.
Answer:
Nonrepudiation is assurance that an online customer or trading partner cannot falsely deny their purchase, transaction,
etc. For EC and other electronic transactions, including cash machines or ATMs, all parties in a transaction must be
confdent that the transaction is secure; the parties are who they say they are (authentication), and that the transaction is
verifed being completed or fnal. Authentication and nonrepudiation are potential defenses against phishing and identity
theft.
Dif: 2
Type: ES
Page Ref: 498
AACSB:
Objective:

82.
Briefy describe the CIA security triad.
Answer:
The CIA security triad refers to the confdentiality, integrity, and availability (or accessibility) of information and business
Web sites. Confdentiality is the assurance of data privacy. The data or transmitted message is encrypted so that it is
readable only by the person for whom it is intended. The confdentiality function prevents unauthorized disclosure of
information. Integrity is the assurance that data is accurate or that a message has not been altered. It means that stored
data has not been modifed without authorization; a message that was sent is the same message that was received.
Availability is the assurance that access to data, the Web site, or other EC data service is timely, available, reliable, and
restricted to authorized users.
Dif: 2
Type: ES
Page Ref: 513
AACSB:
Objective:

83.
Defne biometric system. Identify four common biometrics.
Answer:
Biometric systems are authentication systems that identify a person by measurement of biological characteristics.
Examples include thumbprint or fngerprints, retinal scans, voice scans, and signatures.
Dif: 2
Type: ES
Page Ref: 518
AACSB:
Objective:

84.
Defne encryption. Identify fve major benefts of encryption.
Answer:
Encryption is the process of scrambling a message in such a way that it is difcult, expensive, or time-consuming for an
unauthorized person to unscramble it. Major benefts of encryption include allowing users to carry data on their portable
devices, protecting backup media while ofsite, allowing for highly secure virtual private networks, enforcing policies
regarding who handles what corporate data, ensuring compliance with privacy laws and regulations, and protecting the
organization's reputation and secrets.
Dif: 2
Type: ES
Page Ref: 519
AACSB:
Objective:

85.
Why does the success of an EC security strategy and program depend on the commitment and involvement of executive
management?
Answer:
The authority of senior managers is needed to establish and maintain EC security programs. A genuine and well-
communicated executive commitment about EC security and privacy measures is needed to convince users that insecure
practices, risky or unethical methods, and mistakes due to ignorance will not be tolerated. Most forms of security (e.g.,
airport and sports arena security) are unpopular because they are inconvenient, restrictive, time consuming, and
expensive. Security practices tend not to be a priority unless they are mandatory and there are negative consequences for
noncompliance.
Dif: 2
Type: ES
Page Ref: 536
AACSB:
Objective:

1.
TRUE

2.
FALSE

3.
TRUE

4.
FALSE

5.
FALSE

6.
FALSE

7.
FALSE

8.
TRUE

9.
FALSE

10.
TRUE

11.
TRUE

12.
TRUE

13.
FALSE

14.
TRUE

15.
FALSE

16.
FALSE

17.
FALSE

18.
FALSE

19.
FALSE

20.
TRUE

21.
TRUE

22.
FALSE

23.
TRUE

24.
TRUE

25.
TRUE

26.
TRUE

27.
FALSE

28.
TRUE

29.
FALSE

30.
FALSE

31.
FALSE

32.
TRUE

33.
TRUE

34.
FALSE

35.
TRUE

36.
D

37.
D

38.
A

39.
C

40.
D

41.
D

42.
C

43.
B

44.
B

45.
C

46.
D

47.
A

48.
B

49.
A

50.
A

51.
C

52.
B

53.
B

54.
B

55.
D

56.
A

57.
A

58.
B

59.
B

60.
A

61.
B

62.
B

63.
C

64.
C

65.
B

66.
A

67.
D

68.
A

69.
C

70.
B

71.
C

72.
D

73.
C

74.
A

75.
B

76.
C

77.
B

78.
A

79.
A

80.
C

81.
Nonrepudiation is assurance that an online customer or trading partner cannot falsely deny their purchase, transaction,
etc. For EC and other electronic transactions, including cash machines or ATMs, all parties in a transaction must be
confdent that the transaction is secure; the parties are who they say they are (authentication), and that the transaction is
verifed being completed or fnal. Authentication and nonrepudiation are potential defenses against phishing and identity
theft.

82.
The CIA security triad refers to the confdentiality, integrity, and availability (or accessibility) of information and business
Web sites. Confdentiality is the assurance of data privacy. The data or transmitted message is encrypted so that it is
readable only by the person for whom it is intended. The confdentiality function prevents unauthorized disclosure of
information. Integrity is the assurance that data is accurate or that a message has not been altered. It means that stored
data has not been modifed without authorization; a message that was sent is the same message that was received.
Availability is the assurance that access to data, the Web site, or other EC data service is timely, available, reliable, and
restricted to authorized users.

83.
Biometric systems are authentication systems that identify a person by measurement of biological characteristics.
Examples include thumbprint or fngerprints, retinal scans, voice scans, and signatures.

84.
Encryption is the process of scrambling a message in such a way that it is difcult, expensive, or time-consuming for an
unauthorized person to unscramble it. Major benefts of encryption include allowing users to carry data on their portable
devices, protecting backup media while ofsite, allowing for highly secure virtual private networks, enforcing policies
regarding who handles what corporate data, ensuring compliance with privacy laws and regulations, and protecting the
organization's reputation and secrets.

85.
The authority of senior managers is needed to establish and maintain EC security programs. A genuine and well-
communicated executive commitment about EC security and privacy measures is needed to convince users that insecure
practices, risky or unethical methods, and mistakes due to ignorance will not be tolerated. Most forms of security (e.g.,
airport and sports arena security) are unpopular because they are inconvenient, restrictive, time consuming, and
expensive. Security practices tend not to be a priority unless they are mandatory and there are negative consequences for
noncompliance.

You might also like