Question 1

Supervisory control and data acquisition (SCADA) systems require human data input.

Accepted Answer

SCADA systems are designed to automate processes and collect and analyze data without requiring human input for their daily operations, although they can be configured or monitored by humans.

Question 2

Trojan horses are software programs that hide in other computer programs and reveal their designed behavior only when they are activated.

Accepted Answer

Trojan horses are specifically designed to disguise themselves as benign or useful programs in order to gain access to a computer system and carry out harmful actions, such as stealing data or damaging files. Once activated by the user, they can execute their malicious code without being detected by antivirus software, making them a dangerous threat to users' security.

Question 3

In most cases, cookies track your path through Web sites and are therefore invasions of your privacy.

Accepted Answer

Cookies can track your browsing activity, which can be considered an invasion of privacy. However, there are certain types of cookies that are necessary for the proper functioning of websites (e.g. to remember your login information), and these are generally considered harmless. It is important to be aware of the types of cookies a website is using and to manage your cookie settings accordingly.

Question 4

Voice recognition is an example of &#34;something a user does&#34; authentication.

Accepted Answer

Voice recognition is a type of biometric authentication where a user's unique voice patterns are used to verify their identity. It is a behavioral form of authentication where the user's speech characteristics are compared to a pre-recorded sample to grant or deny access. Therefore, it is an example of "something a user does" authentication.

Question 5

Zero-day attacks use deceptive e-mails to acquire sensitive personal information.

Accepted Answer

Zero-day attacks exploit previously unknown vulnerabilities in software or hardware before developers have an opportunity to address the issue, rather than using deceptive emails, which describes phishing attacks.

Question 6

IT security is the responsibility of everyone in the organization.

Accepted Answer

IT security is not just the responsibility of the IT department but also everyone in the organization, including employees, managers, and executives. This is because a security breach can have negative consequences for the entire organization, not just the IT department. Therefore, it is important for everyone to be aware of and follow best practices for IT security.

Question 7

The area located between two firewalls within an organization is called the demilitarized zone.

Accepted Answer

The demilitarized zone (DMZ) is a network segment located between two firewalls that is used to provide an additional layer of security for an organization's internal network. It is called a DMZ because it is not fully exposed to the internet or the internal network, but rather is a neutral zone that can be used to host publicly accessible services without exposing the internal network to unnecessary risk.

Question 8

Cyberterrorism and cyberwarfare can attack supervisory control and data acquisition (SCADA) systems to cause widespread physical damage.

Accepted Answer

Cyberterrorism and cyberwarfare can target SCADA systems, which control critical infrastructure such as power plants and water treatment facilities, and cause physical damage by disrupting their functioning or causing them to malfunction.

Question 9

The higher the level of an employee in organization, the greater the threat that he or she poses to the organization.

Accepted Answer

Higher level employees have access to more sensitive information, decision-making power, and influence over others, making them potentially more damaging if they engage in unethical or harmful behavior.

Question 10

Public-key encryption uses two different keys, one public and one private.

Accepted Answer

Public-key encryption involves two different keys, one for encrypting data (public key) and one for decrypting it (private key).

Question 11

The security of each computer on the Internet is independent of the security of all other computers on the Internet.

Accepted Answer

The answer of The security of each computer on the...

Question 12

A password refers to &#34;something the user is.&#34;

Accepted Answer

The answer of A password refers to &#34;something the user...

Question 13

The computing skills necessary to be a hacker are decreasing.

Accepted Answer

The answer of The computing skills necessary to be a...

Question 14

Having one backup of your business data is sufficient for security purposes.

Accepted Answer

The answer of Having one backup of your business data...

Question 15

Organizations use authentication to establish privileges to systems operations.

Accepted Answer

The answer of Organizations use authentication to establish privileges to...

Question 16

Risk analysis involves determining whether security programs are working.

Accepted Answer

The answer of Risk analysis involves determining whether security programs...

Question 17

Dumpster diving is always illegal because it involves trespassing on private property.

Accepted Answer

The answer of Dumpster diving is always illegal because it...

Question 18

Cyberterrorism is usually carried out by nations.

Accepted Answer

The answer of Cyberterrorism is usually carried out by nations....

Question 19

Software can be copyrighted.

Accepted Answer

The answer of Software can be copyrighted....

Question 20

Organizations utilize layers of controls because they face so many diverse threats to information security.

Accepted Answer

The answer of Organizations utilize layers of controls because they...

Question 21

Employees in which functional areas of the organization pose particularly grave threats to information security?&#10;A) human resources, finance&#10;B) human resources, management information systems&#10;C) finance, marketing&#10;D) operations management, management information systems&#10;E) finance, management information systems

Accepted Answer

The answer of Employees in which functional areas of the...

Question 22

Cybercriminals can obtain the information they need in order to assume another person's identity by:&#10;A) Infiltrating an organization that stores large amounts of personal information.&#10;B) Phishing.&#10;C) Hacking into a corporate database.&#10;D) Stealing mail.&#10;E) All of the above are strategies to obtain information to assume another person's identity.

Accepted Answer

The answer of Cybercriminals can obtain the information they need...

Question 23

A VPN is a network within the organization.

Accepted Answer

The answer of A VPN is a network within the...

Question 24

The computing skills necessary to be a hacker are decreasing for which of the following reasons?&#10;A) More information systems and computer science departments are teaching courses on hacking so that their graduates can recognize attacks on information assets.&#10;B) Computer attack programs, called scripts, are available for download from the Internet.&#10;C) International organized crime is training hackers.&#10;D) Cybercrime is much more lucrative than regular white-collar crime.&#10;E) Almost anyone can buy or access a computer today.

Accepted Answer

The answer of The computing skills necessary to be a...

Question 25

A _____ is any danger to which an information resource may be exposed.&#10;A) vulnerability&#10;B) risk&#10;C) control&#10;D) threat&#10;E) compromise

Accepted Answer

The answer of A _____ is any danger to which...

Question 26

_____ are segments of computer code that attach to existing computer programs and perform malicious acts.&#10;A) Viruses&#10;B) Worms&#10;C) Trojan horses&#10;D) Back doors&#10;E) Logic bombs

Accepted Answer

The answer of _____ are segments of computer code that...

Question 27

A URL that begins with https rather than http indicates that the site transmits using an extra layer of security called transport layer security.

Accepted Answer

The answer of A URL that begins with https rather...

Question 28

Rank the following in terms of dollar value of the crime, from highest to lowest.&#10;A) robbery - white collar crime - cybercrime&#10;B) white collar crime - extortion - robbery&#10;C) cybercrime - white collar crime - robbery&#10;D) cybercrime - robbery - white collar crime&#10;E) white collar crime - burglary - robbery

Accepted Answer

The answer of Rank the following in terms of dollar...

Question 29

The most overlooked people in information security are:&#10;A) consultants and temporary hires.&#10;B) secretaries and consultants.&#10;C) contract laborers and executive assistants.&#10;D) janitors and guards.&#10;E) executives and executive secretaries.

Accepted Answer

The answer of The most overlooked people in information security...

Question 30

_____ are software programs that hide in other computer programs and reveal their designed behavior only when they are activated.&#10;A) Viruses&#10;B) Worms&#10;C) Trojan horses&#10;D) Back doors&#10;E) Logic bombs

Accepted Answer

The answer of _____ are software programs that hide in...

Question 31

Dumpster diving is:&#10;A) always illegal because it is considered trespassing.&#10;B) never illegal because it is not considered trespassing.&#10;C) typically committed for the purpose of identity theft.&#10;D) always illegal because individuals own the material in the dumpster.&#10;E) always legal because the dumpster is not owned by private citizens.

Accepted Answer

The answer of Dumpster diving is:&#10;A) always illegal because it...

Question 32

Which of the following factors is not increasing the threats to information security?&#10;A) smaller computing devices&#10;B) downstream liability&#10;C) the Internet&#10;D) limited storage capacity on portable devices&#10;E) due diligence

Accepted Answer

The answer of Which of the following factors is not...

Question 33

A _____ is intellectual work that is known only to a company and is not based on public information.&#10;A) copyright&#10;B) patent&#10;C) trade secret&#10;D) knowledge base&#10;E) private property

Accepted Answer

The answer of A _____ is intellectual work that is...

Question 34

A _____ is a document that grants the holder exclusive rights on an invention for 20 years.&#10;A) copyright&#10;B) patent&#10;C) trade secret&#10;D) knowledge base&#10;E) private property notice

Accepted Answer

The answer of A _____ is a document that grants...

Question 35

An information system's _____ is the possibility that the system will be harmed by a threat.&#10;A) vulnerability&#10;B) risk&#10;C) control&#10;D) danger&#10;E) compromise

Accepted Answer

The answer of An information system's _____ is the possibility...

Question 36

Unintentional threats to information systems include all of the following except:&#10;A) malicious software&#10;B) tailgating&#10;C) power outage&#10;D) lack of user experience&#10;E) tornados

Accepted Answer

The answer of Unintentional threats to information systems include all...

Question 37

An organization's e-mail policy has the least impact on which of the following software attacks?&#10;A) virus&#10;B) worm&#10;C) phishing&#10;E) spear phishing&#10;E) zero-day

Accepted Answer

The answer of An organization's e-mail policy has the least...

Question 38

_____ involves building an inappropriate trust relationship with employees for the purpose of gaining sensitive information or unauthorized access privileges.&#10;A) Tailgating&#10;B) Hacking&#10;C) Spoofing&#10;D) Social engineering&#10;E) Spamming

Accepted Answer

The answer of _____ involves building an inappropriate trust relationship...

Question 39

A pharmaceutical company's research and development plan for a new class of drugs would be best described as which of the following?&#10;A) Copyrighted material&#10;B) Patented material&#10;C) A trade secret&#10;D) A knowledge base&#10;E) Public property

Accepted Answer

The answer of A pharmaceutical company's research and development plan...

Question 40

The cost of a stolen laptop includes all of the following except:&#10;A) Loss of intellectual property&#10;B) Loss of data&#10;C) Backup costs&#10;D) Loss of productivity&#10;E) Replacement cost

Accepted Answer

The answer of The cost of a stolen laptop includes...

Question 41

Bob is using public key encryption to send a message to Ted. Bob encrypts the message with Ted's _____ key, and Ted decrypts the message using his _____ key.&#10;A) public, public&#10;B) public, private&#10;C) private, private&#10;D) private, public&#10;E) none of these

Accepted Answer

The answer of Bob is using public key encryption to...

Question 42

_____ controls are concerned with user identification, and they restrict unauthorized individuals from using information resources.&#10;A) Access&#10;B) Physical&#10;C) Data security&#10;D) Administrative&#10;E) Input

Accepted Answer

The answer of _____ controls are concerned with user identification,...

Question 43

In _____, the organization takes concrete actions against risks.&#10;A) risk management&#10;B) risk analysis&#10;C) risk mitigation&#10;D) risk acceptance&#10;E) risk transference

Accepted Answer

The answer of In _____, the organization takes concrete actions...

Question 44

Which of the following is(are) designed to use your computer as a launch pad for sending unsolicited e-mail to other computers?&#10;A) Spyware&#10;B) Spamware&#10;C) Adware&#10;D) Viruses&#10;E) Worms

Accepted Answer

The answer of Which of the following is(are) designed to...

Question 45

Which of the following is not a strategy for mitigating the risk of threats against information?&#10;A) Continue operating with no controls and absorb any damages that occur&#10;B) Transfer the risk by purchasing insurance.&#10;C) Implement controls that minimize the impact of the threat&#10;D) Install controls that block the risk.&#10;E) All of the above are strategies for mitigating risk.

Accepted Answer

The answer of Which of the following is not a...

Question 46

Voice and signature recognition are examples of:&#10;A) something the user is.&#10;B) something the user wants.&#10;C) something the user has.&#10;D) something the user knows.&#10;E) something the user does.

Accepted Answer

The answer of Voice and signature recognition are examples of:&#10;A)...

Question 47

_____ is the process in which an organization assesses the value of each asset being protected, estimates the probability that it will be compromised, and compares the probable costs of an attack with the costs of protecting the asset.

A) Risk management
B) Risk analysis
C) Risk mitigation
D) Risk acceptance
E) Risk transference

Accepted Answer

The answer of _____ is the process in which an...

Question 48

Which of the following is not a characteristic of strong passwords?&#10;A) They are difficult to guess.&#10;B) They contain special characters.&#10;C) They are not a recognizable word.&#10;D) They are not a recognizable string of numbers&#10;E) They tend to be short so they are easy to remember.

Accepted Answer

The answer of Which of the following is not a...

Question 49

The term _____ refers to clandestine software that is installed on your PC through duplicitous channels but is not particularly malicious.&#10;A) Alien software&#10;B) Virus&#10;C) Worm&#10;D) Back door&#10;E) Logic bomb

Accepted Answer

The answer of The term _____ refers to clandestine software...

Question 50

In _____, the organization purchases insurance as a means to compensate for any loss.&#10;A) risk management&#10;B) risk analysis&#10;C) risk mitigation&#10;D) risk acceptance&#10;E) risk transference

Accepted Answer

The answer of In _____, the organization purchases insurance as...

Question 51

Which of the following statements concerning the difficulties in protecting information resources is not correct?&#10;A) Computing resources are typically decentralized.&#10;B) Computer crimes often remain undetected for a long period of time.&#10;C) Rapid technological changes ensure that controls are effective for years.&#10;D) Employees typically do not follow security procedures when the procedures are inconvenient.&#10;E) Computer networks can be located outside the organization.

Accepted Answer

The answer of Which of the following statements concerning the...

Question 52

_____ are segments of computer code embedded within an organization's existing computer programs that activate and perform a destructive action at a certain time or date.&#10;A) Viruses&#10;B) Worms&#10;C) Trojan horses&#10;D) Back doors&#10;E) Logic bombs

Accepted Answer

The answer of _____ are segments of computer code embedded...

Question 53

Which of the following statements is false?&#10;A) Credit card companies usually block stolen credit cards rather than prosecute.&#10;B) People tend to shortcut security procedures because the procedures are inconvenient.&#10;C) It is easy to assess the value of a hypothetical attack.&#10;D) The online commerce industry isn't willing to install safeguards on credit card transactions.&#10;E) The cost of preventing computer crimes can be very high.

Accepted Answer

The answer of Which of the following statements is false?&#10;A)...

Question 54

Passwords and passphrases are examples of:&#10;A) something the user is.&#10;B) something the user wants.&#10;C) something the user has.&#10;D) something the user knows.&#10;E) something the user does.

Accepted Answer

The answer of Passwords and passphrases are examples of:&#10;A) something...

Question 55

Access controls involve _____ before _____.&#10;A) biometrics, signature recognition&#10;B) authentication, authorization&#10;C) iris scanning, voice recognition&#10;D) strong passwords, biometrics&#10;E) authorization, authentication

Accepted Answer

The answer of Access controls involve _____ before _____.&#10;A) biometrics,...

Question 56

When companies attempt to counter _____ by requiring users to accurately select characters in turn from a series of boxes, attackers respond by using _____.&#10;A) keyloggers, screen scrapers&#10;B) screen scrapers, uninstallers&#10;C) keyloggers, spam&#10;D) screen scrapers, keyloggers&#10;E) spam, keyloggers

Accepted Answer

The answer of When companies attempt to counter _____ by...

Question 57

Biometrics are an example of:&#10;A) something the user is.&#10;B) something the user wants.&#10;C) something the user has.&#10;D) something the user knows.&#10;E) something the user does.

Accepted Answer

The answer of Biometrics are an example of:&#10;A) something the...

Question 58

Which of the following is not an example of a weak password?&#10;A) IloveIT&#10;B) 08141990&#10;C) 9AmGt/*&#10;D) Rainer&#10;E) InformationSecurity

Accepted Answer

The answer of Which of the following is not an...

Question 59

In a _____ attack, a coordinated stream of requests is launched against a target system from many compromised computers at the same time.&#10;A) phishing&#10;B) zero-day&#10;C) worm&#10;D) back door&#10;E) distributed denial-of-service

Accepted Answer

The answer of In a _____ attack, a coordinated stream...

Question 60

A _____ attack uses deception to fraudulently acquire sensitive personal information by masquerading as an official e-mail.&#10;A) Zero-day&#10;B) Denial-of-service&#10;C) Distributed denial-of-service&#10;D) Phishing&#10;E) Brute force dictionary

Accepted Answer

The answer of A _____ attack uses deception to fraudulently...

Question 61

Contrast unintentional and deliberate threats to an information resource. Provide examples of both.

Accepted Answer

The answer of Contrast unintentional and deliberate threats to an...

Question 62

Describe public key encryption.

Accepted Answer

The answer of Describe public key encryption....

Question 63

Discuss the possible consequences of a terrorist attack on a supervisory control and data acquisition (SCADA) system.

Accepted Answer

The answer of Discuss the possible consequences of a terrorist...

Question 64

Which of the following statements concerning firewalls is not true?&#10;A) Firewalls prevent unauthorized Internet users from accessing private networks.&#10;B) Firewalls examine every message that enters or leaves an organization's network.&#10;C) Firewalls filter network traffic according to categories of activities that are likely to cause problems.&#10;D) Firewalls filter messages the same way as anti-malware systems do.&#10;E) Firewalls are sometimes located inside an organization's private network.

Accepted Answer

The answer of Which of the following statements concerning firewalls...

Deck 4: Information Security