Final Exam

Question 1

Sometimes the word cracker is used to denote those who break into someone else’s computer.

Answer 1

True

Question 2

When a user attempts to log on to the machine, the security system reads the user ID and checks that the password matches the password for that user in the password file.

Answer 2

False

Question 3

The operating system encrypts the password for a given user by encoding the information, using a process that is difficult to apply but easy to undo

Answer 3

False

Question 4

Knowledge of the hashing algorithm gives you and the system administrator certain knowledge of the original password.

Answer 4

False

Question 5

In an asymmetric encryption algorithm, also called a public key encryption algorithm, the key for encryption and the key for decryption are quite different, although related.

Answer 5

True

Question 6

A block cipher encodes one character at a time.

Answer 6

False

Question 7

The main difficulty with a symmetric algorithm is how to securely transmit the secret key.

Answer 7

True

Question 8

The success of RSA encryption depends on the fact that it is extremely difficult to find the prime factors for n if n is a small number.

Answer 8

False

Question 9

Opening an online store requires less planning than building another physical store location.

Answer 9

False

Question 10

Each record in a file contains information about an item in the “universe of discourse” that the file describes

Answer 10

True

Question 11

To manage a relational table, you need only be able to add new tuples to the table and delete tuples from a table.

Answer 11

False

Question 12

Making critical decisions about computing technology is unavoidable

Answer 12

True

Question 13

The digital representation of audio information can produce massive and unwieldy data files, which can be reduced by using a compression algorithm such as FTP

Answer 13

False

Question 14

The MP3 protocol allows one level of compression.

Answer 14

False

Question 15

By most accounts, the majority of MP3 music that Napster users “shared” was copyrighted, and most of the copyright holders objected to the copying of their music without royalty payments.

Answer 15

True

Question 16

Napster lost the case accusing it of copyright infringement but won subsequent appeals.

Answer 16

False

Question 17

Most ethicists agree that since there are many more music publishers than listeners, MP3 copying is okay.

Answer 17

False

Question 18

MP3 file copying has encouraged CD buying as a long term effect.

Answer 18

False

Question 19

All music artists are naturally opposed to MP3 copying

Answer 19

False

Question 20

An ethical dialectic usually has a clean stopping point.

Answer 20

False

Question 21

Some people view hackers as social gadflies, people who raise important, but irritating, questions about society.

Answer 21

True

Question 22

____ means keeping information secure—that is, protected from those who should not have access to it.

a. Network security c. Information assurance
b. Network assurance d. Information security

Answer 22

Information security

Question 23

The first line of defense against illicit use of, or threats to, computer resources and sensitive information is a strong ____ and authorization process.

a. authentication c. access
b. encryption d. interference

Answer 23

authentication

Question 24

A ____ attack automatically directs browsers on many machines to a single URL at roughly the same time, causing so much network traffic to that site that it is effectively shut down to legitimate users.

a. denial-of-use c. trial-of-use
b. trial-of-service d. denial-of-service

Answer 24

denial-of-service

Question 25

____ is a practice used to illegally obtain sensitive information such as credit card numbers, account numbers, and passwords.

a. Phishing c. Blasting
b. Pharming d. Fishing

Answer 25

Phishing

Question 26

A ____ cipher, also called a shift cipher, involves shifting each character in the message to another character some fixed distance farther along in the alphabet.

a. block c. Caesar
b. Trojan d. Brutus

Answer 26

Caesar

Question 27

A row of the table containing data about one instance of an entity is called a ___?

a. tuple c. connection
b. triple d. unit

Answer 27

tuple

Question 28

Each category of information in a database is called a(n) ____.

a. element c. attribute
b. tuple d. entity

Answer 28

attribute

Question 29

A ____ is an attribute or combination of attributes that uniquely identifies a tuple.

a. secondary key c. foreign key
b. primary key d. preferred key

Answer 29

primary key

Question 30

____ answer the question “Good for whom?” with a hearty, “Good for everyone!”.

a. Deontologists c. Utilitarians
b. Consequentialists d. Intelligent agents

Answer 30

Utilitarians

Question 31

Ethicists depend on what is called a(n) ____ to try to make better and better ethical decisions.

a. PGP c. MP3
b. dialectic d. deontology

Answer 31

dialectic

Question 32

In a(n) ____, we move back and forth between different viewpoints, criticizing each and trying to learn from each.

a. encryption scheme c. utilitarian scheme
b. dialectic d. PGP

Answer 32

dialectic

Question 33

The new way of thinking about making and sharing music will deemphasize the need for large ____ companies.

a. record c. software
b. music d. publishing

Answer 33

publishing

Question 34

Social ____ are people who raise important, but irritating, questions about society.

a. gadflies c. hackers
b. gadabouts d. dialectics

Answer 34

gadflies

Question 35

A(n) ____ is someone who breaks into computer systems, launches Internet worms and viruses, or perpetrates other dubious computer-related vandalism.

a. encryption c. utilitarian
b. PGP d. hacker

Answer 35

hacker

Question 36

A ____ focus more on the duties of the person acting and the way the act impinges on the rights of others

a. utilitarian c. hacker
b. consequentialist d. deontologist

Answer 36

deontologist

Question 37

Kant came up with ____ that characterized the duties we humans have to each other.

a. ten laws c. categorical imperatives
b. a mathematical formulation d. an algorithm

Answer 37

categorical imperatives

Question 38

The “hacker ethic” makes the claim that ____.

a. all hacking is positive hacking
b. information sharing is a powerful positive good
c. hackers are ethically ok as long as they have fun
d. hacking is acceptable as long as it is a solitary activity

Answer 38

information sharing is a powerful positive good

Question 39

The first step in the paramedic method is to ____

a. ask what is at stake c. identify duties and responsibilities
b. identify stakeholders d. think of analogies

Answer 39

identify stakeholders

Question 40

What is typosquatting?

Answer 40

A variant of cybersquatting, called typosquatting, takes advantage of typographical errors a user might make when typing a URL directly into the browser, as opposed to following a link, estimated to be about 15% of all Web traffic.

Question 41

What are two challenges associated with using a utilitarian argument in a dialectic about hacking?

Answer 41

It is sometimes hard to predict consequences with any accuracy. There seems to be a distinction between “good hackers” (who are trying to act in the public interest) and “bad hackers” (who want to do damage or steal things for self-interested or pathological reasons).

Question 42

What is Kant’s second categorical imperative?

Answer 42

Never treat a fellow human merely as a means to an end.

Question 43

Define cyberbullying.

Answer 43

Cyberbullying is humiliating, taunting, threatening, or invading someone’s privacy using the Internet, Web, or other type of electronic technology. Cyberbullying can take many forms, from posting hurtful and insulting messages, to leaking sensitive and embarrassing personal data, to online threats of violence and physical assault.

Question 44

What is impersonation, in the context of cyberbullying?

Answer 44

One popular form of cyberbullying is impersonation. A bully, masquerading as the intended victim, posts provocative images or knowingly false messages on a social network, chat room, or blog. The intent is to destroy the victim’s reputation and invite retaliation from offended individuals and groups. The post will often include a home address and cell phone number to make it easy for others to find and harass the targeted victim.

Question 45

Explain in detail the definition of the terms hacker and cracker and the evolution of these terms

Answer 45

Originally, the word hacker did not have a negative connotation. It was a mildly complimentary term for people who knew how to get things done on a computer—those somewhat strange and quirky individuals who seemed to know all the incomprehensible details about how computers worked, in essence, computer enthusiasts. They were the “tinkerers” and “fixers” who could enter some weird sequence of commands that miraculously cured whatever was wrong with your system.
As computers became more and more important to the functioning of society, and as computer networks increased the number of machines that could be accessed by individuals, the term hacker began to take on a different meaning. Some hackers turned their talents to figuring out how to override security measures to gain unauthorized access to other computers.
The results at first were relatively harmless. But soon these explorations turned to exploitations—ways to attack computer systems and cause destruction. Sometimes the word cracker is used to denote those who break in to someone else’s computer (like “cracking” a safe) as opposed to the more innocent “hacker” of the original use of the word. The general usage, however, is “hacker” for both types of intent.

Question 46

Explain what a denial-of-service attack is, including the terms DDOS and zombie army in your response.

Answer 46

A denial-of-service (DOS) attack is typically directed at a business or government Web site. The attack automatically directs browsers, usually on many machines, to a single URL at roughly the same time. The result causes so much network traffic to the targeted site that it is effectively shut down to legitimate users. (Spam e-mail can accomplish a similar, but less targeted effect, by flooding the Internet with e-mail messages that consume available bandwidth and clog mail servers.) If many machines are perpetrating this mischief, it’s called a distributed denial-of service attack, or DDOS. A DDOS may use thousands of machines, enabling much heavier attack traffic and at the same time making it harder to track down and disable all of the attacking machines. Many times, these machines are personal computers that were infected at some point by a Trojan horse. Then at a later time, the Trojan horse is activated in all these machines, putting them under the command of a single controller. This collection of machines is sometimes called a zombie army or botnet (short for “robot network” because the machines act like robots under someone else’s control).

Question 47

Discuss the ability of cloud computing to expand and contract with the needs of your business.

Answer 47

Cloud computing allows computing resources to exist anywhere with an Internet connection and still be easily accessible to the user. And these resources can expand and contract upon demand. Your business might start small and have minimal computer requirements. As your business grows, your cloud provider puts more computer assets at your disposal in a completely transparent way, that is, you need know nothing about this (at least not until you have to pay the bill). Similarly, if your business is seasonal, then after your busy season, your computing requirements go down and the pool of resources allocated for your use shrinks accordingly. This flexibility is much more efficient than buying computing resources that are underutilized much of the time or are insufficient to meet your
growing needs.

Question 48

What, in detail, is cybersquatting?

Answer 48

Cybersquatting is the practice of registering a domain name that uses the name or trademark of an existing business, with the intent to sell the name to that business at a profit or to capitalize on that name for some other purpose. A 1999 federal law called the Anti-Cybersquatting Consumer Protection Act (ACPA) makes cybersquatting illegal. A trademark owner claiming to be a victim of cybersquatting can file a suit under the ACPA. To have its claim upheld, a trademark owner must prove that it was the first to use the name or trademark for commercial purposes, that the name or trademark was distinctive at the time the domain name was first registered, that the domain name is the same as or sufficiently similar to the trademark as to cause confusion, and that the domain name registrant had a bad faith intent to profit from the trademark. A trademark owner who wins a suit can obtain the rights to the domain name and perhaps be awarded monetary damages up to $100,000. ICANN also arbitrates cybersquatting disputes, with essentially the same criteria, but does not award any monetary damages. International disputes may be brought before the World Intellectual Property Organization (WIPO), a United Nations agency. Since beginning this practice in 1999, the WIPO has received over 20,000 cases concerning about 35,000 domain names. Over 90% of these cases were decided in favor of those who charged they were the victims of cybersquatting.

Question 49

Explain what WikiLeaks is, how it operates, and what its goal is.

Answer 49

WikiLeaks, which was launched in December 2006, is a site that specializes in protecting government and corporate whistle-blowers. Imagine that you discovered a document at your work that proved the company’s leadership was engaged in significant unethical behavior. Furthermore, imagine that you decide you need to blow the whistle on this behavior. How would you go about it? In the past, one common route was to share the incriminating documents with an investigative journalist. The journalist acts as a firewall between you and the authorities; most journalists hold to a code of ethics that says that they will not identify their sources, even if it is clear that the source has committed a crime. Journalists sometimes go to prison rather than reveal their sources. The problem with this approach today is that it is very hard to share an electronic document with a journalist without leaving traces that law enforcement (or corporate security) officers can follow. Most journalists don’t have the necessary computer security and hacking skills to actually safeguard the anonymity of their sources. WikiLeaks’ goal is to provide exactly this kind of technical expertise. It provides a secure electronic drop box, and tips on how to submit documents that will prevent the leaker from being traced. WikiLeaks then provides the submitted documents to journalists. In the past, it has partnered with the New York Times, the Guardian (in the U.K.), and Der Spiegel (in Germany), among others.

Question 50

What are the components of the “hacker ethic” described in the text?

Answer 50

1. “All Information Should Be Free”—Information sharing is a powerful positive good because it is not possible to make good decisions if important information is hidden. It is the ethical duty of hackers to facilitate access to information wherever possible.
2. “Mistrust Authority—Promote Decentralization”—The rules and hierarchical management structures that characterize government and corporate bureaucracies mostly serve to prevent people from getting things done, rather than solving problems. Each hacker should act individually (or in very small groups) to do what he or she thinks is best, and ignore the rules.