Chapter 8 Flashcards
(16 cards)
When thinking about security, controls ________.
A. refer to policies and procedures that ensure the safety of an organization’s assets.
B. control all secure access to an organization’s network
C. reside only on client machines
D. refer to referential integrity constraints placed on a database
E. refer to the policies in place to prevent unauthorized access to an organization’s network
A. refer to policies and procedures that ensure the safety of an organization’s assets.
Independent computer programs that copy themselves from one computer to others over a network are called ________.
A. Storm
B. worms
C. Trojan horses
D. macro viruses
E. viruses
B. worms
A type of malware that takes advantage of poorly coded web applications is called ________.
A. Storm
B. Ransomware
C. Conficker
D. spyware
E. SQL injection attacks
E. SQL injection attacks
Hackers flooding a network server with many thousands of false communication requests is called ________.
A. a denial-of-service attack
B. a drive-by download
C. an SQL injection attack
D. pharming
E. spoofing
A. a denial-of-service attack
The law that requires financial institutions to ensure confidentiality of customer data is called the ________.
A. CAN-SPAM Act
B. Children’s Online Privacy Protection Act (COPPA)
C. Health Insurance Portability and Accountability Act (HIPAA)
D. Gramm-Leach-Bliley Act
E. Sarbanes-Oxley Act
D. Gramm-Leach-Bliley Act
The career field that deals with collection and examination of computer data for legal evidence is called ________.
A. data mining
B. computer forensics
C. information assurance
D. computer security
E. data warehousing
B. computer forensics
Data which are not visible to the average user are called ________.
A. meta-data
B. information
C. status data
D. ambient data
E. transient data
D. ambient data
The law that applies to publicly traded companies and is designed to protect investors is called the ________.
A. Children’s Online Privacy Protection Act (COPPA)
B. Sarbanes-Oxley Act
C. Gramm-Leach-Bliley Act
D. CAN-SPAM Act
E. Health Insurance Portability and Accountability Act (HIPAA)
B. Sarbanes-Oxley Act
All the following are general controls EXCEPT ________ controls.
A. implementation
B. hardware
C. data security
D. software
E. input
E. input
A risk ________ determines the level of risk to an organization if an activity or process is not properly controlled.
A. alignment
B. profile
C. audit
D. policy
E. assessment
E. assessment
A firm’s ________ should include an awareness of computer forensics.
A. growth plan
B. information technology plan
C. strategic plan
D. contingency planning process
E. staffing plan
D. contingency planning process
Business managers, working with information systems specialists, should estimate all the following components of a risk assessment EXCEPT ________.
A. points of vulnerability
B. the identity of the organization that created the malware
C. the value of information assets
D. the likely frequency of a problem
E. the potential for damage
B. the identity of the organization that created the malware
All the following are methods of authentication EXCEPT ________.
A. two-factor authentication
B. biometric authentication
C. a token
D. TCP/IP
E. a smartcard
D. TCP/IP
A combination of hardware and software that prevents unauthorized users from accessing a network is called a ________.
A. router
B. hotspot
C. server
D. switch
E. firewall
E. firewall
________ feature(s) monitor the network at its most vulnerable points.
A. A sensor network
B. Network address translation
C. Antivirus software
D. Unified threat management systems
E. Intrusion detection systems
E. Intrusion detection systems
A form of encryption that uses two keys is called ________.
A. digital certificates
B. the Caesar cipher
C. application proxy filtering
D. public key encryption
E. symmetric key encryption
D. public key encryption