BIS202 - Chapter 04 Questions.pdf
Document Details
Uploaded by ComplimentaryLobster
University of Bahrain
Tags
Full Transcript
Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 116) Which of the following refers to a period of time when a system is unavailable? A) downtime B) down MIS C) data down D) downtown 117) Which of the follow...
Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 116) Which of the following refers to a period of time when a system is unavailable? A) downtime B) down MIS C) data down D) downtown 117) Which of the following is not an example of unplanned downtime? A) power outage B) tornado C) system upgrade D) flood 118) Which of the following is a cost of downtime in addition to lost revenue? A) legal expenses B) loss in financial performance C) damage to reputation D) All of the answers are correct. 119) A company should be able to calculate the cost of downtime by which of the following? Version 1 40 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) per hour, per day, and per week B) per employee, per computer, and per company C) per stock, per stockholder, and per investment capital D) All of the answers are correct. 120) Which quadrant in the cost of downtime includes equipment rental, overtime costs, and travel expenses? A) fiscal responsibility B) damaged reputation C) other expenses D) regeneration 121) Jensen is a senior developer for HackersRUs, a company that helps secure management information systems. Jensen’s new task is to break into the computer system of one of HackersRUs’s top clients to identify system vulnerabilities and plug the holes. What type of hacker is Jensen? A) cracker B) white-hat hacker C) script bunny D) black-hat hacker 122) Which of the following defines information security? Version 1 41 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) a broad term encompassing the protection of information B) protects information from accidental misuse C) protects information from intentional misuse D) All of the answers are correct. 123) What are experts in technology who use their knowledge to break into computers and networks for profit or just as a challenge known as? A) elevation of privilege B) viruses C) hackers D) worms 124) What is a hacker who breaks into other people’s computer systems and may just look around or steal and destroy information? A) script-kiddies B) black-hat hacker C) white-hat hacker D) cracker 125) Which of the following is the correct list of the six different types of hackers listed in your text? Version 1 42 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) black-hat, crackers, cyberterrorists, hacktivists, script-kiddies, and white-hat B) black-top, cookie, script-kiddies, environment, web 3.0, and white-top C) black-hat, script-kiddies, script bats, spider crawlers, ad spiders, and white-hat D) All of the answers are correct. 126) What is software written with malicious intent to cause annoyance or damage? A) elevation of privilege B) spoofing C) sniffer D) virus 127) What are malicious attempts to access or damage a computer system? A) cyberattacks B) spoofing C) information attacks D) information ethics 128) What involves prevention, detection, and response to cyberattacks that can have wide- ranging effects on the individual, organization, community, and at the national level? Version 1 43 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) cyberattacks B) cybersecurity C) sniffer D) information attacks 129) What builds the national capacity to defend against cyberattacks and works with the federal government to provide cyber security tools, incident response services, and assessment capabilities to safeguard.gov networks? A) cyberattacks B) data security C) Cybersecurity and Infrastructure Security Agency D) information attacks 130) What includes a variety of threats such as viruses, worms, and Trojan horses? A) malicious code B) hoaxes C) spoofing D) sniffers 131) What is the forging of the return address on an email so that the email message appears to come from someone other than the actual sender? Version 1 44 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) malicious code B) hoax C) spoofing D) sniffer 132) What is a special class of adware that collects data about the user and transmits it over the Internet without the user’s knowledge or permission? A) sniffer B) spyware C) spoofware D) splog 133) What is a new ransomware program that encrypts your personal files and demands payment for the files’ decryption keys? A) sniffer B) spyware C) spoofware D) simplelocker 134) What is a form of malicious software that infects your computer and asks for money? Version 1 45 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) sniffer B) spyware C) spoofware D) ransomware 135) What is ransomware? A) a form of malicious software that infects your computer and asks for money B) a new ransomware program that encrypts your personal files and demands payment for the files’ decryption keys C) software that allows Internet advertisers to display advertisements without the consent of the computer user D) a special class of adware that collects data about the user and transmits it over the Internet without the user’s knowledge or permission 136) What is simplelocker? A) a form of malicious software that infects your computer and asks for money B) a new ransomware program that encrypts your personal files and demands payment for the files’ decryption keys C) software that allows Internet advertisers to display advertisements without the consent of the computer user D) a special class of adware that collects data about the user and transmits it over the Internet without the user’s knowledge or permission Version 1 46 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 137) What is adware? A) a form of malicious software that infects your computer and asks for money B) a new ransomware program that encrypts your personal files and demands payment for the files’ decryption keys C) software that allows Internet advertisers to display advertisements without the consent of the computer user D) a special class of adware that collects data about the user and transmits it over the Internet without the user’s knowledge or permission 138) What is spyware? A) a form of malicious software that infects your computer and asks for money B) a new ransomware program that encrypts your personal files and demands payment for the files’ decryption keys C) software that allows Internet advertisers to display advertisements without the consent of the computer user D) a special class of adware that collects data about the user and transmits it over the Internet without the user’s knowledge or permission 139) What is the primary difference between a worm and a virus? A) A worm must attach to something to spread, whereas a virus does not need to attach to anything to spread and can tunnel itself into the computer. B) A virus is copied and spread by a person, whereas a worm takes a string of tag words and deletes websites. C) A virus must attach to something to spread, whereas a worm does not need to attach to anything to spread and can tunnel itself into the computer. D) All of the answers are correct. Version 1 47 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 140) What is a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system? A) elevation of privilege B) packet tampering C) spoofing D) spyware 141) DDoS stands for one of the common forms of viruses that attack multiple computers to flood a website until it slows or crashes. What does DDoS stand for? A) data distribution of systems attack B) data denial-of-software attack C) distributed data online systems attack D) distributed denial-of-service attack 142) Which of the following are all common forms of viruses? A) packet tampering, worms, cakes, and Trojan viruses B) polymorphic, sniffer, splogs, and denial-of-service viruses C) backdoor program, worm, and Trojan-horse viruses D) All of the answers are correct. Version 1 48 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 143) What is the software called that allows Internet advertisers to display advertisements without the consent of the computer user? A) sploging B) adware C) spygloss D) CPU buzzer 144) Who are hackers with criminal intent? A) crackers B) black-hat hackers C) hoaxes D) cyberterrorists 145) Who are those who seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction? A) white-hat hackers B) black-hat hackers C) cyberterrorists D) script bunnies 146) Which of the following types of viruses spread themselves not just from file to file but also from computer to computer? Version 1 49 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) polymorphic virus B) worm C) Trojan-horse virus D) backdoor program 147) What is the one of the most common forms of computer vulnerabilities that can cause massive computer damage? A) virus B) white-hat hackers C) dumpster diving D) All of the answers are correct. 148) Which of the following change form as they propagate? A) backdoor programs B) strikers C) polymorphic viruses and worms D) splogs 149) Which of the following is a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network? Version 1 50 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) backdoor program B) drive-by hacking C) polymorphic virus or worm D) hacker 150) What is a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization? A) information security B) physical security C) drive-by hacking D) adware 151) Who is an expert in technology who uses their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge? A) information spy B) hacker C) spyware D) adware 152) What is a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network? Version 1 51 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) spyware B) hacker C) drive-by hacking D) adware 153) What is a special class of adware that collects data about the user and transmits it over the Internet without the user’s knowledge or permission? A) spyware B) hacker C) drive-by hacking D) adware 154) What is software that while purporting to serve some useful function and often fulfilling that function also allows Internet advertisers to display advertisements without the consent of the computer user? A) spyware B) hacker C) drive-by hacking D) adware 155) What is spyware? Version 1 52 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) a special class of adware that collects data about the user and transmits it over the Internet without the user’s knowledge or permission B) experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge C) a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network D) software that while purporting to serve some useful function and often fulfilling that function also allows Internet advertisers to display advertisements without the consent of the computer user 156) What is adware? A) a special class of adware that collects data about the user and transmits it over the Internet without the user’s knowledge or permission B) experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge C) a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network D) software that while purporting to serve some useful function and often fulfilling that function also allows Internet advertisers to display advertisements without the consent of the computer user 157) What is drive-by hacking? Version 1 53 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) a special class of adware that collects data about the user and transmits it over the Internet without the user’s knowledge or permission B) experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge C) a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network D) software that while purporting to serve some useful function and often fulfilling that function also allows Internet advertisers to display advertisements without the consent of the computer user 158) What is a hacker? A) a special class of adware that collects data about the user and transmits it over the Internet without the user’s knowledge or permission B) experts in technology who use their knowledge to break into computers and computer networks, either for profit or just motivated by the challenge C) a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network D) software that while purporting to serve some useful function and often fulfilling that function also allows Internet advertisers to display advertisements without the consent of the computer user 159) Which of the following terms refers to groups of many people whose job is to infiltrate message boards and comments sections to advance national aims or seed discord and disharmony? Version 1 54 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) black-hat hackers B) cyberterrorists C) troll farms D) script bunnies 160) What is it called if a group of people organize and plan to follow a politician’s Twitter account and bombard it with misinformation or extreme opinions? A) troll farms B) botnets C) black-hat hackers D) script bunnies 161) What is the primary goal of a troll farm? A) infiltrate message boards to create discord B) take control of computer access for ransom C) look through people’s trash to obtain personal information D) deface websites as a form of protest 162) What is information security? Version 1 55 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization B) a special class of adware that collects data about the user and transmits it over the Internet without the user’s knowledge or permission C) a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network D) software that while purporting to serve some useful function and often fulfilling that function also allows Internet advertisers to display advertisements without the consent of the computer user 163) What is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs? A) bug bounty program B) malware C) scareware D) ransomware 164) What is software that is intended to damage or disable computers and computer systems? A) bug bounty program B) malware C) scareware D) ransomware Version 1 56 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 165) What is a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software? A) bug bounty program B) malware C) scareware D) ransomware 166) What is a form of malicious software that infects your computer and asks for money? A) bug bounty program B) malware C) scareware D) ransomware 167) What is a bug bounty program? A) a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs B) software that is intended to damage or disable computers and computer systems C) a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software D) a form of malicious software that infects your computer and asks for money 168) What is malware? Version 1 57 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs B) software that is intended to damage or disable computers and computer systems C) a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software D) a form of malicious software that infects your computer and asks for money 169) What is scareware? A) a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs B) software that is intended to damage or disable computers and computer systems C) a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software D) a form of malicious software that infects your computer and asks for money 170) What is ransomware? A) a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs B) software that is intended to damage or disable computers and computer systems C) a type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software D) a form of malicious software that infects your computer and asks for money Version 1 58 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 171) What are the first two lines of defense a company should take when addressing security risks? A) technology first, customers second B) technology first, people second C) innovation first, technology second D) people first, technology second 172) Which of the following represents the biggest problem of information security breaches? A) people misusing organizational information B) technology failures C) customers misusing organizational systems D) company departments missing sales goals 173) Angela works for an identity protection company that maintains large amounts of sensitive customer information such as usernames, passwords, personal information, and Social Security numbers. Angela and a coworker decide to use the sensitive information to open credit cards in a few of her customer’s names. This is a classic example of which of the following security breaches? A) social engineer B) insider C) spammer D) dumpster diver Version 1 59 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 174) What is it called when you use your social skills to trick people into revealing access credentials or other valuable information? A) social engineering B) social media C) social viruses D) social processes 175) What is it called when a hacker looks through your trash to find personal information? A) striker bunny B) dumpster diving C) trash retrieval D) approved consent 176) What is a form of social engineering in which one individual lies to obtain confidential data about another individual? A) dumpster texting B) dumpster diving C) trash retrieval D) pretexting 177) What are malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines? Version 1 60 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) dumpster texting B) dumpster diving C) trash retrieval D) destructive agents 178) What is pretexting? A) a form of social engineering in which one individual lies to obtain confidential data about another individual B) when a hacker looks through your trash to find personal information C) legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident D) malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines 179) What is dumpster diving? A) a form of social engineering in which one individual lies to obtain confidential data about another individual B) a hacker looking through your trash to find personal information C) legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident D) malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines 180) What are insiders? Version 1 61 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) a form of social engineering in which one individual lies to obtain confidential data about another individual B) a hacker looking through your trash to find personal information C) legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident D) malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines 181) What are destructive agents? A) a form of social engineering in which one individual lies to obtain confidential data about another individual B) hackers looking through your trash to find personal information C) legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident D) malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines 182) Working at a ski resort in the mountains has its own unique security issues. Kenny is the chief information officer for Sundance Ski Resort, and he is faced with both physical and information security threats every month. Since the resort implemented a new software system, they have been having larger number of threats and breaches of company information. He suspects that an internal employee may be causing this. He needs to clarify and establish what type of plan to help reduce further problems? A) information security plan B) ethical information policy C) antivirus plan D) None of the answer choices are correct. Version 1 62 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 183) eBay is an example of an online company that has been faced with numerous security issues. For example, imagine you purchase a digital camera on eBay. Three months later, you might receive an email asking you to log in to the system to update your credit card or PayPal information. This email is not actually from eBay, and as soon as you log in, your information will be stolen. What type of information security breach would you consider this to be? A) an insider B) dumpster diving C) social engineering D) phishing 184) Which of the following is an example of a way to maintain information security that a company should include in their information security policies? A) requiring computer users to log off before leaving for lunch B) never sharing user or password information with anyone C) changing passwords every 30 to 60 days D) All of the answers are correct. 185) Janet is a financial aid counselor at a local community college, and she shares an office with three coworkers. Janet feels safe in her office environment and frequently leaves her username and password on a sticky note next to her computer. Without realizing it, Janet is creating the potential for which type of information security breach to occur? Version 1 63 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) insiders to hack into the college system B) dumpster diving to find usernames and passwords C) viruses and worms to spread through the college system D) All of the answers are correct. 186) Applications allowed to be placed on the corporate network, such as IM software, and corporate computer equipment used for personal reasons on personal networks are two areas that should be addressed by managers in which of the following company policies? A) information ethics policy B) information security policy C) Information technology plan D) All of the answers are correct. 187) Which of the following represents the three areas where technology can aid in the defense against information security attacks? A) authentication and authorization, prevention and resistance, prevention and response B) authentication and authorization, prevention and response, detection and response C) analyzing and authenticating, prevention and repositioning, detection and response D) authentication and authorization, prevention and resistance, detection and response 188) What is the forging of someone’s identity for the purpose of fraud? Version 1 64 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) identity crisis B) identity theft C) ediscovery D) All of the answers are correct. 189) What is the use of a false identity to artificially stimulate demand for a product, brand, or service? A) personally identifiable information (PII) B) astroturfing C) sensitive PII D) sock puppet marketing 190) What includes any data that could potentially identify a specific individual? A) personally identifiable information (PII) B) nonsensitive PII C) astroturfing D) sock puppet marketing 191) What is information transmitted without encryption and includes information collected from public records, phone books, corporate directories, or websites? Version 1 65 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) astroturfing B) nonsensitive PII C) sensitive PII D) sock puppet marketing 192) What is information transmitted with encryption and, when disclosed, results in a breach of an individual’s privacy and can potentially cause the individual harm? A) astroturfing B) nonsensitive PII C) sensitive PII D) sock puppet marketing 193) What is sensitive PII? A) any data that could potentially identify a specific individual B) information transmitted without encryption and includes information collected from public records, phone books, corporate directories, websites, etc. C) information transmitted with encryption and, when disclosed, results in a breach of an individual’s privacy and can potentially cause the individual harm D) the use of a false identity to artificially stimulate demand for a product, brand, or service 194) What is nonsensitive PII? Version 1 66 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) any data that could potentially identify a specific individual B) information transmitted without encryption and includes information collected from public records, phone books, corporate directories, websites, etc. C) information transmitted with encryption and, when disclosed, results in a breach of an individual’s privacy and can potentially cause the individual harm D) the use of a false identity to artificially stimulate demand for a product, brand, or service 195) What is personally identifiable information (PII)? A) any data that could potentially identify a specific individual B) information transmitted without encryption and includes information collected from public records, phone books, corporate directories, websites, etc. C) information transmitted with encryption and, when disclosed, results in a breach of an individual’s privacy and can potentially cause the individual harm D) the use of a false identity to artificially stimulate demand for a product, brand, or service 196) What is sock puppet marketing? A) any data that could potentially identify a specific individual B) the practice of artificially stimulating online conversation and positive reviews about a product, service, or brand C) information transmitted with encryption and, when disclosed, results in a breach of an individual’s privacy and can potentially cause the individual harm D) the use of a false identity to artificially stimulate demand for a product, brand, or service Version 1 67 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 197) What is astroturfing? A) any data that could potentially identify a specific individual B) the practice of artificially stimulating online conversation and positive reviews about a product, service, or brand C) information transmitted with encryption and, when disclosed, results in a breach of an individual’s privacy and can potentially cause the individual harm D) the use of a false identity to artificially stimulate demand for a product, brand, or service 198) Imagine you accidentally mistype the URL for your bank and you are redirected to a fake website that collects your information. What type of identity theft were you just a victim of with this attack? A) pharming B) worm holes C) phishing D) insider hacking 199) What area of information security focuses on preventing identity theft, phishing, and pharming scams? A) prevention and resistance B) detection and authorizing C) detection and response D) authentication and authorization Version 1 68 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 200) What is the process that provides a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space? A) pharming B) authentication C) authorization D) programming 201) What is a method for confirming users’ identities? A) phishing B) authentication C) authorization D) programming 202) The most secure procedures combine which of the following authentication and authorization techniques? A) something the user knows, such as a user ID and password B) something the user has, such as a smart card or token C) something that is part of the user, such as a fingerprint or voice signature D) All of the answers are correct. Version 1 69 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 203) A smart card is a device the size of a credit card that contains embedded technology that stores information and small amounts of software and can act as a(n) A) identification instrument. B) form of digital cash. C) data storage device. D) All of the answers are correct. 204) The best and most effective way to manage authentication is through A) smart technology card. B) tokens. C) biometrics. D) passwords. 205) Which of the following is not considered a form of biometrics? A) iris scan B) password C) fingerprint D) handwriting 206) Which of the following is the main drawback of biometrics? Version 1 70 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) it is considered illegal B) it is viewed as an invasion of privacy C) it can be costly and intrusive D) it requires constant monitoring and upgrading 207) How do prevention and resistance technologies stop intruders from accessing and reading sensitive information? A) content filtering, encryption, and firewalls B) calculating, locking, and firewalls C) content prohibiting and cookies D) All of the answers are correct. 208) Which of the following occurs when organizations use software that filters content, such as email, to prevent the accidental or malicious transmission of unauthorized information? A) antivirus software B) content filtering C) encryption D) firewalls 209) What prevention technique scrambles information into an alternative form that requires a key or password to decrypt? Version 1 71 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) encryption B) content filtering C) firewalls D) antivirus software 210) What can encryption technology perform? A) switching the order of characters B) replacing characters with other characters C) inserting or removing characters D) All of the answers are correct. 211) What type of encryption technology uses multiple keys, one for public and one for private? A) private key encryption B) policy key encryption C) public key encryption D) protective key code 212) What is a data file that identifies individuals or organizations online and is comparable to a digital signature? Version 1 72 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) digital code B) digital sign C) digital certificate D) digital card 213) Charles Mott works for a company called VeriSign that acts a trusted third party to verify information. One of Charles’ largest clients is CheckMd, which holds and authenticates customer reviews of doctors and dentists online. Having a third party validating the reviews is critical to CheckMd’s success. What type of authentication technique is VeriSign providing for CheckMD? A) firewall B) certificate authority C) online certificate D) digital content certificate 214) What is hardware or software that guards a private network by analyzing incoming and outgoing information for the correct markings? A) firewall B) certificate authority C) online certificate D) digital certificate 215) Which of the following protection techniques scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware? Version 1 73 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) firewall B) digital certificate C) virus software D) antivirus software 216) What must you do with antivirus software to make it protect effectively? A) never upgrade or change vendors B) download a portable button for it to activate C) frequently update it to protect against viruses D) All of the answers are correct. 217) Which of the following systems is designed with full-time monitoring tools that search for patterns in network traffic to identify intruders and to protect against suspicious network traffic that attempts to access files and data? A) interconnected data software (IDS) B) intrusion detection software (IDS) C) security information system (SIS) D) Internet detection scanner (IDS) 218) What is the most secure type of authentication? Version 1 74 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) something the user knows such as a user ID and password B) something the user has such as a smart card or token C) something that is part of the user such as a fingerprint or voice signature D) All of the answers are correct. 219) What is a device that is around the same size as a credit card and contains embedded technologies that can store information and small amounts of software to perform some limited processing? A) token B) password C) smart card D) biometrics 220) What is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting? A) smart card B) token C) biometrics D) content filtering 221) Which of the following is considered a type of biometrics? Version 1 75 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) voice B) face C) iris D) All of the answers are correct. 222) What is a set of measurable characteristics of a human voice that uniquely identifies an individual? A) voiceprint B) face C) iris D) All of the answers are correct. 223) What is single-factor authentication? A) the traditional security process, which requires a username and password B) requires the user to provide two means of authentication: what the user knows (password) and what the user has (security token) C) requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification) D) the identification of a user based on physical characteristic such as a fingerprint, iris, face, voice or handwriting 224) What is multifactor authentication? Version 1 76 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) the traditional security process, which requires a username and password B) requires the user to provide two means of authentication: what the user knows (password) and what the user has (security token) C) requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification) D) the identification of a user based on physical characteristic such as a fingerprint, iris, face, voice or handwriting 225) What is two-factor authentication? A) the traditional security process, which requires a username and password B) requires the user to provide two means of authentication: what the user knows (password) and what the user has (security token) C) requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification) D) the identification of a user based on physical characteristic such as a fingerprint, iris, face, voice or handwriting 226) What gathers an organization’s computer network traffic patterns to identify unusual or suspicious operations? A) network behavior analysis B) cyber-vigilantes C) cyberterrorism D) cyber-espionage Version 1 77 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 227) What includes individuals who seek notoriety or want to make a social or political point such as WikiLeaks? A) network behavior analysis B) cyber-vigilantes C) cyberterrorism D) cyber-espionage 228) What includes governments that are after some form of information about other governments? A) network behavior analysis B) cyber-vigilantes C) cyberterrorism D) cyber-espionage 229) What is the use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals? A) network behavior analysis B) cyber-vigilantes C) cyberterrorism D) cyber-espionage 230) What is the traditional security process that requires a username and password? Version 1 78 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) single-factor authentication B) two-factor authentication C) multifactor authentication D) counter measures 231) What requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification)? A) single-factor authentication B) two-factor authentication C) multifactor authentication D) counter measures 232) What requires the user to provide two means of authentication: what the user knows (password) and what the user has (security token)? A) single-factor authentication B) two-factor authentication C) multifactor authentication D) counter measures 233) What are actions, processes, devices, or systems that can prevent, or mitigate the effects of, threats to a computer, server, or network? Version 1 79 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) single-factor authentication B) two-factor authentication C) multifactor authentication D) counter measures 234) What are biometrics? A) the traditional security process, which requires a username and password B) requires the user to provide two means of authentication: what the user knows (password) and what the user has (security token) C) requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification) D) the identification of a user based on physical characteristic such as a fingerprint, iris, face, voice or handwriting 235) Which of the following authentication methods is 100 percent accurate? A) smart card B) fingerprint authentication C) user ID D) No authentication method is 100 percent accurate. 236) Where do organizations typically place firewalls? Version 1 80 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) between a personal computer and the server B) between a personal computer and a printer C) between the server and the content filtering software D) between the server and the Internet 237) What is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity? A) information secrecy B) phishing C) phishing expedition D) spear phishing 238) What is a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses? A) pharming B) phishing C) phishing expedition D) spear phishing 239) What is a masquerading attack that combines spam with spoofing? Version 1 81 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) pharming B) phishing C) phishing expedition D) spear phishing 240) What is a phone scam that attempts to defraud people by asking them to call a bogus telephone number to “confirm” their account information? A) pharming B) phishing C) phishing expedition D) vishing 241) What reroutes requests for legitimate websites to false websites? A) pharming B) phishing C) phishing expedition D) spear phishing 242) What is information secrecy? Version 1 82 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity B) a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses C) a masquerading attack that combines spam with spoofing D) a phishing expedition in which the emails are carefully designed to target a particular person or organization 243) What is phishing? A) reroutes requests for legitimate websites to false websites B) a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses C) a masquerading attack that combines spam with spoofing D) a phishing expedition in which the emails are carefully designed to target a particular person or organization 244) What is a phishing expedition? A) reroutes requests for legitimate websites to false websites B) a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses C) a masquerading attack that combines spam with spoofing D) a phishing expedition in which the emails are carefully designed to target a particular person or organization Version 1 83 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 245) What is spear phishing? A) reroutes requests for legitimate websites to false websites B) a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses C) a masquerading attack that combines spam with spoofing D) a phishing expedition in which the emails are carefully designed to target a particular person or organization 246) What is vishing? A) reroutes requests for legitimate websites to false websites B) a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses C) a masquerading attack that combines spam with spoofing D) a phone scam that attempts to defraud people by asking them to call a bogus telephone number to “confirm” their account information 247) What is pharming? A) reroutes requests for legitimate websites to false websites B) a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses C) a masquerading attack that combines spam with spoofing D) a phone scam that attempts to defraud people by asking them to call a bogus telephone number to “confirm” their account information Version 1 84 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 248) What reroutes requests for legitimate websites to false websites? A) zombie B) zombie farm C) pharming attack D) pharming 249) What is a program that secretly takes over another computer for the purpose of launching attacks on other computers? A) zombie B) zombie farm C) pharming attack D) time bomb 250) What is a group of computers on which a hacker has planted zombie programs? A) zombie B) zombie farm C) pharming attack D) time bomb 251) What uses a zombie farm, often by an organized crime association, to launch a massive phishing attack? Version 1 85 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) zombie B) zombie farm C) pharming attack D) time bomb 252) What are computer viruses that wait for a specific date before executing their instructions? A) zombies B) zombie farms C) pharming attacks D) time bombs 253) What is a data file that identifies individuals or organizations online and is comparable to a digital signature? A) digital certificate B) encryption C) decryption D) cryptography 254) What scrambles information into an alternative form that requires a key or password to decrypt? Version 1 86 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء A) digital certificate B) encryption C) decryption D) cryptography 255) What decodes information? A) digital certificate B) encryption C) decryption D) cryptography 256) What is the science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them? A) digital certificate B) encryption C) decryption D) cryptography 257) Ethics and security are two fundamental building blocks for all organizations. true X ⊚ ⊚ false Version 1 87 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 310) Troll farms are groups of many people whose job is to infiltrate message boards and comments sections to advance national aims or seed discord and disharmony. ⊚ true ⊚ false X 311) Botnets are groups of people whose job infiltrate message boards to advance national aims or seed discord and disharmony. X ⊚ true ⊚ false 312) Downtime refers to a period of time when a system is unavailable, and unplanned downtime can strike at any time for various reasons. ⊚ true ⊚ false 313) Drive-by hacking is a computer attack where an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network. Version 1 102 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء ⊚ true ⊚ false 314) White-hat hackers break into other people’s computer systems and may just look around or may steal and destroy information. ⊚ true ⊚ false 315) Black-hat hackers work at the request of the system owners to find system vulnerabilities and plug the holes. ⊚ true ⊚ false 316) Ransomware is a form of malicious software that infects your computer and asks for money. ⊚ true ⊚ false Version 1 103 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 317) Simplelocker is a new ransomware program that encrypts your personal files and demands payment for the files’ decryption keys. ⊚ true ⊚ false 318) A worm is a form of malicious software that infects your computer and asks for money. ⊚ true ⊚ false 319) A worm spreads itself not only from file to file but also from computer to computer. ⊚ true ⊚ false 320) Script-kiddies have criminal intent when hacking. ⊚ true ⊚ false Version 1 104 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 321) Cyberterrorists seek to cause harm to people or to destroy critical systems or information and use the Internet as a weapon of mass destruction. ⊚ true ⊚ false 322) White-hat hackers have philosophical and political reasons for breaking into systems and will often deface the website as a protest. ⊚ true ⊚ false 323) Script-kiddies or script-bunnies find hacking code on the Internet and click-and-point their way into systems to cause damage or spread viruses. ⊚ true ⊚ false 324) The primary difference between a virus and a worm is that a virus must attach to something, such as an executable file, to spread. Worms do not need to attach to anything to spread and can tunnel themselves into computers. ⊚ true ⊚ false Version 1 105 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 325) Backdoor programs change their form as they propagate. ⊚ true ⊚ false 326) Backdoor programs open a way into the network for future attacks. ⊚ true ⊚ false 327) A denial-of-service attack (DoS) floods a website with so many requests for service that it slows down or crashes the site. ⊚ true ⊚ false 328) Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident are called insiders. ⊚ true ⊚ false Version 1 106 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 329) Insiders are illegitimate users who purposely or accidentally misuse their access to the environment to do business. ⊚ true ⊚ false 330) Information security policies detail how an organization will implement the information security plan. ⊚ true ⊚ false 331) Dumpster diving is another security breach for companies and is where people not associated with the company jump into the company’s outside garbage bins and try to gather and steal any valuable company products they can resell on eBay. ⊚ true ⊚ false 332) Organizations address security risks through two lines of defense: The first is people and the second is technology. Version 1 107 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء ⊚ true ⊚ false 333) Pretexting is a form of social engineering in which one individual lies to obtain confidential data about another individual. ⊚ true ⊚ false 334) Ransomware is a form of social engineering in which one individual lies to obtain confidential data about another individual. ⊚ true ⊚ false 335) Through social engineering, hackers use their social skills to trick people into revealing access credentials or other valuable information. ⊚ true ⊚ false Version 1 108 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 336) Through pretexting, hackers use their social skills to trick people into revealing access credentials or other valuable information. ⊚ true ⊚ false 337) The three primary information security areas are (1) authentication and authorization, (2) policies and rewards, and (3) detection and response. ⊚ true ⊚ false 338) Tokens are small electronic devices that change user passwords automatically. ⊚ true ⊚ false 339) The technique to gain personal information for the purpose of identity theft, often through fraudulent emails that look as though they came from legitimate businesses, is called phishing. ⊚ true ⊚ false Version 1 109 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 340) A process of providing a user with permission including access levels and abilities such as file access, hours of access, and amount of allocated storage space is called authentication. ⊚ true ⊚ false 341) One of the most ineffective ways to set up authentication techniques is by setting up user IDs and passwords. ⊚ true ⊚ false 342) Biometrics is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting. ⊚ true ⊚ false 343) A firewall scrambles information into an alternative form that requires a key or password to decrypt. ⊚ true ⊚ false Version 1 110 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 344) Identity theft is the forging of someone’s identity for the purpose of fraud. ⊚ true ⊚ false 345) Identity theft is the category of computer security that addresses the protection of data from unauthorized disclosure and confirmation of data source authenticity. ⊚ true ⊚ false 346) A phishing expedition is a masquerading attack that combines spam with spoofing. The perpetrator sends millions of spam emails that appear to be from a respectable company. The emails contain a link to a website that is designed to look exactly like the company’s website. The victim is encouraged to enter his or her username, password, and sometimes credit card information. ⊚ true ⊚ false Version 1 111 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 347) Spear phishing is a phishing expedition in which the emails are carefully designed to target a particular person or organization. ⊚ true ⊚ false 348) Spear phishing is a phone scam that attempts to defraud people by asking them to call a bogus telephone number to “confirm” their account information. ⊚ true ⊚ false 349) Phishing reroutes requests for legitimate websites to false websites. ⊚ true ⊚ false 350) A zombie is a program that secretly takes over another computer for the purpose of launching attacks on other computers. Zombie attacks are almost impossible to trace back to the attacker. ⊚ true ⊚ false Version 1 112 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 351) A zombie farm is a group of computers on which a hacker has planted zombie programs. ⊚ true ⊚ false 352) A pharming attack uses of a zombie farm, often by an organized crime association, to launch a massive phishing attack. ⊚ true ⊚ false 353) Worms are computer viruses that wait for a specific date before executing their instructions. ⊚ true ⊚ false 354) Time bombs are computer viruses that wait for a specific date before executing their instructions. ⊚ true ⊚ false Version 1 113 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 355) Decrypting information is to decode it and is the opposite of encrypting. ⊚ true ⊚ false 356) Cryptography is the science that studies encryption, which is the hiding of messages so that only the sender and receiver can read them. ⊚ true ⊚ false 357) A certificate authority is a trusted third party, such as VeriSign, that validates user identities by means of digital certificates. ⊚ true ⊚ false 358) A certificate authority is a data file that identifies individuals or organizations online and is comparable to a digital signature. ⊚ true ⊚ false Version 1 114 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 359) A voiceprint is a data file that identifies individuals or organizations online and is comparable to a digital signature. ⊚ true ⊚ false 360) A voiceprint is a set of measurable characteristics of a human voice that uniquely identifies an individual. These characteristics, which are based on the physical configuration of a speaker’s mouth and throat, can be expressed as a mathematical formula. Unfortunately, biometric authentication such as voiceprints can be costly and intrusive. ⊚ true ⊚ false 361) Single-factor authentication is the traditional security process, which requires a username and password. ⊚ true ⊚ false Version 1 115 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 362) Two-factor authentication requires the user to provide two means of authentication: what the user knows (password) and what the user has (security token). ⊚ true ⊚ false 363) Multifactor authentication requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification). ⊚ true ⊚ false 364) Multifactor authentication is the traditional security process, which requires a username and password. ⊚ true ⊚ false 365) Single-factor authentication requires more than two means of authentication such as what the user knows (password), what the user has (security token), and what the user is (biometric verification). ⊚ true ⊚ false Version 1 116 Sara Notes 36825484 يحرم على اي شخص بيع او تداول النوتات بعد الشراء 366) Single-factor authentication requires the user to provide two means of authentication: what the user knows (password) and what the user has (security token). ⊚ true ⊚ false 367) The goal of multifactor authentication is to make it difficult for an unauthorized person to gain access to a system because if one security level is broken, the attacker will still have to break through additional levels. ⊚ true ⊚ false Version 1 117