Fault-tolerant computers contain redundant hardware, software, and power supply components.- True- False
True
An authentication token is a(n)- device the size of a credit card that contains access permission data.

- type of smart card.- gadget that displays passcodes.- electronic marker attached to a digital authorization file.

gadget that displays passcodes
Specific security challenges that threaten the communications lines in a client/server environment include- tapping; sniffing; message alteration; radiation.

- hacking; vandalism; denial of service attacks.- theft, copying, alteration of data; hardware or software failure.- unauthorized access; errors; spyware.

tapping; sniffing; message alteration; radiation.
Viruses can be spread through e-mail.

- True- False

True
In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, a small program called Mitglieder was downloaded to the user's machine. The program enabled outsiders to infiltrate the user's machine. What type of malware is this an example of?- Trojan horse- virus- worm- spyware
Trojan horse
Application controls- can be classified as input controls, processing controls, and output controls.- govern the design, security, and use of computer programs and the security of data files in general throughout the organization.- apply to all computerized applications and consist of a combination of hardware, software, and manual procedures that create an overall control environment.

- include software controls, computer operations controls, and implementation controls.

can be classified as input controls, processing controls, and output controls.
Specific security challenges that threaten corporate servers in a client/server environment include- tapping; sniffing; message alteration; radiation.- hacking; vandalism; denial of service attacks.

- theft, copying, alteration of data; hardware or software failure.- unauthorized access; errors; spyware.

hacking; vandalism; denial of service attacks.
How do hackers create a botnet?- by infecting Web search bots with malware- by using Web search bots to infect other computers- by causing other people's computers to become "zombie" PCs following a master computer- by infecting corporate servers with "zombie" Trojan horses that allow undetected access through a back door
by causing other people's computers to become "zombie" PCs following a master computer
Online transaction processing requires- more processing time.- a large server network.- fault-tolerant computer systems.

- dedicated phone lines.

fault-tolerant computer systems.
Tricking employees to reveal their passwords by pretending to be a legitimate member of a company is called- sniffing- social engineering- phishing- pharming
social engineering
NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.- True- False
True
SSL is a protocol used to establish a secure connection between two computers.

- True- False

True
In which technique are network communications are analyzed to see whether packets are part of an ongoing dialogue between a sender and a receiver?- stateful inspection- intrusion detection system- application proxy filtering- packet filtering
stateful inspection
How do software vendors correct flaws in their software after it has been distributed?- issue bug fixes- issue patches- re-release software- issue updated versions
issue patches
Biometric authentication is the use of physical characteristics such as retinal images to provide identification.- True- False
False
Public key encryption uses two keys.- True- False
True
The Sarbanes-Oxley Act- requires financial institutions to ensure the security of customer data.- specifies best practices in information systems security and control.- imposes responsibility on companies and management to safeguard the accuracy of financial information.

- outlines medical security and privacy rules.

imposes responsibility on companies and management to safeguard the accuracy of financial information.
Rigorous password systems- are one of the most effective security tools.- may hinder employee productivity.- are costly to implement.

- are often disregarded by employees.

may hinder employee productivity.
The HIPAA Act of 1997- requires financial institutions to ensure the security of customer data.- specifies best practices in information systems security and control.

- imposes responsibility on companies and management to safeguard the accuracy of financial information.- outlines medical security and privacy rules.

outlines medical security and privacy rules.
In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?- SSL- symmetric key encryption- public key encryption- private key encryption
symmetric key encryption
The most economically damaging kinds of computer crime are e-mail viruses.

- True- False

False
An acceptable use policy defines the acceptable level of access to information assets for different users.- True- False
False
In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.- high availability computing- deep-packet inspection- application proxy filtering- stateful inspection
deep-packet inspection
________ use scanning software to look for known problems such as bad passwords, the removal of important files, security attacks in progress, and system administration errors.- Stateful inspections- Intrusion detection systems- Application proxy filtering technologies- Packet filtering technologies
Intrusion detection systems
Computers using cable modems to connect to the Internet are more open to penetration than those connecting via dial-up.- True- False
True
The Gramm-Leach-Bliley Act- requires financial institutions to ensure the security of customer data.

- specifies best practices in information systems security and control.- imposes responsibility on companies and management to safeguard the accuracy of financial information.- outlines medical security and privacy rules.

requires financial institutions to ensure the security of customer data.

Downtime refers to periods of time in which a- computer system is malfunctioning.- computer system is not operational.- corporation or organization is not operational.- computer is not online.
computer system is not operational.
A firewall allows the organization to- enforce a security policy on traffic between its network and the Internet.

- check the accuracy of all transactions between its network and the Internet.- create an enterprise system on the Internet.- check the content of all incoming and outgoing e-mail messages.

enforce a security policy on traffic between its network and the Internet.
Currently, the protocols used for secure information transfer over the Internet are- TCP/IP and SSL.

- S-HTTP and CA.- HTTP and TCP/IP.- SSL, TLS, and S-HTTP.

SSL, TLS, and S-HTTP.
An analysis of the firm's most critical systems and the impact a system's outage would have on the business is included in a(n)- security policy.

- AUP.- risk assessment.- business impact analysis.

business impact analysis.
The Internet poses specific security problems because- it was designed to be easily accessible.- everyone uses the Internet.

- Internet standards are universal.- it changes so rapidly.

it was designed to be easily accessible
Most antivirus software is effective against- only those viruses active on the Internet and through e-mail.- any virus.- any virus except those in wireless communications applications.

- only those viruses already known when the software is written.

only those viruses already known when the software is written.
In 2004, ICQ users were enticed by a sales message from a supposed anti-virus vendor. On the vendor's site, a small program called Mitglieder was downloaded to the user's machine.

The program enabled outsiders to infiltrate the user's machine. What type of malware is this an example of?- Trojan horse- virus- worm- spyware

Trojan horse
Biometric authentication- is inexpensive.- is used widely in Europe for security applications.- can use a person's face as a unique, measurable trait.- only uses physical traits as a measurement.
can use a person's face as a unique, measurable trait.
Phishing is a form of- spoofing.- spinning.- snooping.- sniffing.
spoofing.
The potential for unauthorized access is usually limited to the communications lines of a network.- True- False
False
An independent computer program that copies itself from one computer to another over a network is called a- worm.- Trojan horse.- bug.- pest.
worm.
Viruses can be spread through e-mail.- True- False
True
Wireless networks are vulnerable to penetration because radio frequency bands are easy to scan.- True- False
True
Sobig.F and MyDoom.A are- viruses that use Microsoft Outlook to spread to other systems.- worms attached to e-mail that spread from computer to computer.- multipartite viruses that can infect files as well as the boot sector of the hard drive.- Trojan horses used to create bot nets.
worms attached to e-mail that spread from computer to computer.
In which method of encryption is a single encryption key sent to the receiver so both sender and receiver share the same key?- SSL- symmetric key encryption- public key encryption- private key encryption
symmetric key encryption
Sniffers enable hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files, and confidential reports.- True- False
True
High-availability computing is also referred to as fault tolerance.- True- False
False
Computer worms spread much more rapidly than computer viruses.- True- False
True
The range of Wi-Fi networks can be extended up to two miles by using external antennae.- True- False
False
Specific security challenges that threaten clients in a client/server environment include- tapping; sniffing; message alteration; radiation.- hacking; vandalism; denial of service attacks.- theft, copying, alteration of data; hardware or software failure.- unauthorized access; errors; spyware.
unauthorized access; errors; spyware.
The WEP specification calls for an access point and its users to share the same 40-bit encrypted password.- True- False
True
________ controls ensure that valuable business data files on either disk or tape are not subject to unauthorized access, change, or destruction while they are in use or in storage.- Software- Administrative- Data security- Implementation
Data security
Biometric authentication is the use of physical characteristics such as retinal images to provide identification.- True- False
False
Pharming involves- redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.- pretending to be a legitimate business's representative in order to garner information about a security system.- setting up fake Web sites to ask users for confidential information.- using e-mails for threats or harassment.
redirecting users to a fraudulent Web site even when the user has typed in the correct address in the Web browser.
SSL is a protocol used to establish a secure connection between two computers.- True- False
True
Fault-tolerant computers contain redundant hardware, software, and power supply components.- True- False
True
NAT conceals the IP addresses of the organization's internal host computers to deter sniffer programs.- True- False
True
Analysis of an information system that rates the likelihood of a security incident occurring and its cost is included in a(n)- security policy.- AUP.- risk assessment.- business impact analysis.
risk assessment.
In controlling network traffic to minimize slow-downs, a technology called ________ is used to examine data files and sort low-priority data from high-priority data.- high availability computing- deep-packet inspection- application proxy filtering- stateful inspection
deep-packet inspection
An authentication token is a(n)- device the size of a credit card that contains access permission data.- type of smart card.- gadget that displays passcodes.- electronic marker attached to a digital authorization file.
gadget that displays passcodes.
The Sarbanes-Oxley Act- requires financial institutions to ensure the security of customer data.- specifies best practices in information systems security and control.- imposes responsibility on companies and management to safeguard the accuracy of financial information.- outlines medical security and privacy rules.
imposes responsibility on companies and management to safeguard the accuracy of financial information.
Smaller firms can outsource security functions to- MISs- CSOs- MSSPs- CAs
MSSPs
A key logger is a type of- worm.- Trojan horse.- virus.- spyware.
spyware.
In which technique are network communications are analyzed to see whether packets are part of an ongoing dialogue between a sender and a receiver?- stateful inspection- intrusion detection system- application proxy filtering- packet filtering
stateful inspection