5/21/2018 TIF_9780273761389_09

1/38

Exam

Name___________________________________

36.

Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification,

perusal, inspection, recording, or destruction best definesA)

anti-virus protection.

B)

security audit.

C)

incident management.D)

information security.

Answer:

D

Diff: 1

Type: MC

Page Ref: 488

AACSB:

Objective:

37.

The ________ translates or converts domain names to their IP addresses.

A)

VPN

B)

IPS

C)

DOS

D)

5/21/2018 TIF_9780273761389_09

2/38

DNS

Answer:

D

Diff: 2

Type: MC

Page Ref: 491

AACSB:

Objective:

38.

________ refers to the e-markets for stolen information.

A)

Internet underground economy

B)

Cybercriminal

C)

Virtual private network

D)

Denial of service

Answer:

A

Diff: 2

Type: MC

Page Ref: 492

AACSB:

Objective:

39.

________ systems are highly useful for both law enforcement and for law breaking, for example, by providing a means

obtain passwords or encryption keys and thus bypassing other security measures.

A)

5/21/2018 TIF_9780273761389_09

3/38

Access control

B)

Biometric

C)

Keystroke logging

D)

Intrusion detection

Answer:

C

Diff: 2

Type: MC

Page Ref: 493AACSB:

Objective:

40.

________ is a crimeware technique used to steal the identity of target companies to get the identities of their customers.

A)

Pretexting

B)

Spamming

C)

Social engineering

D)

Phishing

Answer:

D

Diff: 2

Type: MC

Page Ref: 494

AACSB: Use of information technology

Objective:

5/21/2018 TIF_9780273761389_09

4/38

41.

A plan that keeps the business running after a disaster occurs best defines

A)

security audit specifications.

B)

vulnerability assessment plan.

C)

project initiation plan.

D)

business continuity plan.

Answer:

D

Diff: 2

Type: MC

Page Ref: 494

AACSB:

Objective:

42.

The estimated cost, loss, or damage that can result if a threat exploits a vulnerability best describes

A)

present value of risk.

B)

total cost of ownership.

C)

exposure.

D)

risk feasibility assessment.

5/21/2018 TIF_9780273761389_09

5/38

Answer:

C

Diff: 2

Type: MC

Page Ref: 494

AACSB:Objective:

43.

A generic term for malicious software is

A)

NOS.

B)

malware.

C)

ad-aware.

D)

spynet.

Answer:

B

Diff: 1

Type: MC

Page Ref: 494

AACSB:

Objective:

44.

The probability that a vulnerability will be known and used best describes

A)

security fault.

B)

5/21/2018 TIF_9780273761389_09

6/38

risk.

C)

feasibility.

D)

splog point.Answer:

B

Diff: 2

Type: MC

Page Ref: 494

AACSB:

Objective:

45.

A type of nontechnical attack that uses some ruse to trick users into revealing information or performing an action that

compromises a computer or network best describes

A)

identity theft.

B)

viral email.

C)

social engineering.

D)

splog.

Answer:

C

Diff: 2

Type: MC

Page Ref: 494

AACSB:

Objective:

5/21/2018 TIF_9780273761389_09

7/38

46.

Computers infected with malware that are under the control of a spammer, hacker, or other criminal best describes

A)

fraud servers.

B)

electronic defenders.

C)

cyber warriors.

D)

zombies.

Answer:

D

Diff: 2

Type: MC

Page Ref: 495

AACSB:

Objective:

47.

Unintentional threats include each of the followingexcept

A)

identity theft.

B)

environmental hazards.

C)

computer system malfunctions.

D)

human errors.

Answer:

5/21/2018 TIF_9780273761389_09

8/38

A

Diff: 2

Type: MC

Page Ref: 495

AACSB:

Objective:

48.

Someone who gains unauthorized access to a computer system best describes a

A)

cyberseeker.

B)

hacker.

C)

network technician.

D)

cyberwarrior.

Answer:

B

Diff: 2

Type: MC

Page Ref: 496

AACSB:

Objective:

49.

A malicious hacker who may represent a serious problem for a corporation best describes a

A)

cracker.

B)

web surfer.

C)

5/21/2018 TIF_9780273761389_09

9/38

Internet commando.

D)

cyberspy.

Answer:

ADiff: 2

Type: MC

Page Ref: 496

AACSB:

Objective:

50.

According to Sullivan (2011), vulnerabilities in IT and EC systems include each of the followingexcept

A)

lack of environmental support.

B)

unencrypted communications.

C)

poor application security.

D)

weak boundary security.

Answer:

A

Diff: 2

Type: MC

Page Ref: 497

AACSB:

Objective:

51.

According to Sullivan (2011), the vulnerabilities in Business IT and EC systems include each of the following

5/21/2018 TIF_9780273761389_09

10/38

organizational weaknessesexcept

A)

lax security with mobile devices.

B)

inappropriate use of business computers and network services.

C)

closed systems not reacting quickly enough to security breaches.

D)

end-user training and security awareness.

Answer:

C

Diff: 3

Type: MC

Page Ref: 497

AACSB:

Objective:

52.

The process of determining what the authenticated entity is allowed to access and what operations it is allowed to

perform is known as

A)

nonrepudiation.

B)

authorization.

C)

integrity.

D)

availability.

Answer:

B

Diff: 2

5/21/2018 TIF_9780273761389_09

11/38

Type: MC

Page Ref: 498

AACSB: Use of information technology

Objective:

53.

The process of verifying the real identity of an individual, computer, computer program, or EC website best defines

A)

authorization.

B)

authentication.

C)

vulnerability assessment.

D)

security audit.

Answer:

B

Diff: 2

Type: MC

Page Ref: 498

AACSB:

Objective:

54.

The assurance that an online customer or trading partner cannot falsely deny their purchase or transaction is referred to

A)

integrity.

B)

nonrepudiation.

C)

5/21/2018 TIF_9780273761389_09

12/38

availability.

D)

authentication.

Answer:

B

Diff: 2

Type: MC

Page Ref: 498

AACSB: Use of information technology

Objective:

55.

The protection of information systems against unauthorized access to or modification of information that is stored,

processed, or being sent over a network is referred to as

A)

data integrity.

B)

human firewall.

C)

information integrity.

D)

information assurance.

Answer:

D

Diff: 2

Type: MC

Page Ref: 499

AACSB: Use of information technology

Objective:

56.

A strategy that views EC security as the process of preventing and detecting unauthorized use of the organization's bra

5/21/2018 TIF_9780273761389_09

13/38

identity, website, e-mail, information, or other asset and attempts to defraud the organization, its customers, and

employees best describes

A)

EC security strategy.

B)

disaster recovery plan.C)

information systems security plan.

D)

feasibility assessment.

Answer:

ADiff: 2

Type: MC

Page Ref: 499

AACSB:

Objective:

57.

A program that appears to have a useful function but that contains a hidden function that presents a security risk best

defines

A)

Trojan horse.

B)

virus.

C)

worm.

D)

botnet.

Answer:

A

5/21/2018 TIF_9780273761389_09

14/38

Type: MC

Page Ref: 501

AACSB:

Objective:

58.

A software program that runs independently, consuming the resources of its host in order to maintain itself, that is

capable of propagating a complete working version of itself onto another machine best describes

A)

tidal wave.

B)

worm.

C)

Trojan horse.

D)

splog.

Answer:

B

Diff: 2

Type: MC

Page Ref: 501

AACSB:

Objective:

59.

An attack on a website in which an attacker uses specialized software to send a flood of data packets to the targetcomputer with the aim of overloading its resources best describes

A)

botnet infestation.

B)

denial-of-service attack.

C)

5/21/2018 TIF_9780273761389_09

15/38

cyberhijacking.

D)

cyberraid.

Answer:

BDiff: 2

Type: MC

Page Ref: 503

AACSB:

Objective:

60.

Creating a rogue copy of a popular website that shows contents similar to the original to a Web crawler. Once there, an

unsuspecting user is redirected to malicious websites. This description is indicative of

A)

page hijacking.

B)

cyberworming.

C)

spamming.

D)

electronic splogging.

Answer:

A

Diff: 2

Type: MC

Page Ref: 503

AACSB:

Objective:

61.

5/21/2018 TIF_9780273761389_09

16/38

A botnet is a

A)

piece of software code that inserts itself into a host or operating system to launch DoS attacks.

B)

coordinated network of computers that can scan and compromise other computers and launch DoS attacks.

C)

piece of code in a worm that spreads rapidly and exploits some known vulnerability.

D)

collection of a few hundred hijacked Internet computers that have been set up to forward traffic, including spam and

viruses, to other computers on the Internet.

Answer:

BDiff: 2

Type: MC

Page Ref: 503

AACSB: Use of information technology

Objective:

62.

Software that gathers user information over an Internet connection without the user's knowledge best defines

A)

Trojan horse.

B)

spyware.

C)

search engine spam.

D)

zombie.

Answer:

B

Diff: 2

5/21/2018 TIF_9780273761389_09

17/38

Type: MC

Page Ref: 499

AACSB:

Objective:

63.

A page that uses techniques that deliberately subvert a search engine's algorithms to artificially inflate the page's rankin

best describes

A)

Trojan page.

B)

search engine imposter.

C)

spam site.

D)

zombie.

Answer:

C

Diff: 2

Type: MC

Page Ref: 511

AACSB:

Objective:

64.

The success and security of EC can be measured byA)

authentication, authorization, and nonrepudiation.

B)

encryption, functionality, and privacy.

C)

5/21/2018 TIF_9780273761389_09

18/38

confidentiality, integrity, and availability.

D)

quality, reliability, and speed.

Answer:

C

Diff: 3

Type: MC

Page Ref: 513

AACSB: Use of information technology

Objective:

65.

Which of the following refers to the assurance of data privacy and accuracy?

A)

availability

B)

confidentiality

C)

security

D)

integrity

Answer:

B

Diff: 2

Type: MC

Page Ref: 513

AACSB:

Objective:

66.

Which of the following refers to the assurance that access to data, the website, or other EC data service is timely, availab

reliable, and restricted to authorized users?

5/21/2018 TIF_9780273761389_09

19/38

A)

availability

B)

integrity

C)

spontaneity

D)

confidentiality

Answer:

A

Diff: 2

Type: MC

Page Ref: 513

AACSB:

Objective:

67.

Which of the following refers to the process of identifying, quantifying, and prioritizing the vulnerabilities in a system?

A)

certification audit

B)

initial security report

C)

feasibility assessment

D)

vulnerability assessment

Answer:

D

Diff: 3

Type: MC

5/21/2018 TIF_9780273761389_09

20/38

Page Ref: 513

AACSB:

Objective:

68.

A method of evaluating the security of a computer system or a network by simulating an attack from a malicious sourc

best describes

A)

penetration test.

B)

vulnerability assessment.

C)

security breach.

D)

cyber audit.

Answer:

A

Diff: 2

Type: MC

Page Ref: 513

AACSB:

Objective:

69.

Each of the following is a characteristic of access controlexcept

A)

access control lists (ACLs) define users' rights, such as what they are allowed to read, view, write, print, copy, delete,

execute, modify, or move.

B)

after a user has been identified, the user must be authenticated.

C)

5/21/2018 TIF_9780273761389_09

21/38

all resources need to be considered together to identify the rights of users or categories of users.

D)

access control determines which persons, programs, or machines can legitimately use a network resource and which

resources he, she, or it can use.

Answer:

CDiff: 2

Type: MC

Page Ref: 517

AACSB: Use of information technology

Objective:

70.

Fingerprint scanners, facial recognition systems, and voice recognition are examples of ________ that recognize a perso

by some physical trait.

A)

human firewalls

B)

biometric systems

C)

intrusion detection systems

D)

access control lists

Answer:

B

Diff: 2

Type: MC

Page Ref: 518

AACSB: Use of information technology

Objective:

71.

5/21/2018 TIF_9780273761389_09

22/38

The mathematical formula used to encrypt the plaintext into the ciphertext, and vice versa best defines

A)

public key infrastructure.

B)

locking algorithm.

C)

encryption algorithm.

D)

key space.

Answer:

C

Diff: 2

Type: MC

Page Ref: 519

AACSB:

Objective:

72.

The large number of possible key values created by the algorithm to use when transforming the message best describes

A)

encryption lock.

B)

determinate.

C)

encryption code.

D)

key space.

Answer:

D

Diff: 2

5/21/2018 TIF_9780273761389_09

23/38

Type: MC

Page Ref: 519

AACSB:

Objective:

73.

Security functions or characteristics of digital signatures include all of the followingexcept

A)

digital signatures are portable.

B)

digital signatures ensure that the original content of an electronic message or document is unchanged.

C)

a digital signature is the electronic equivalent of a personal signature, which can be forged.

D)

digital signatures are based on public keys for authenticating the identity of the sender of a message or document.

Answer:

C

Diff: 3

Type: MC

Page Ref: 521

AACSB: Use of information technology

Objective:

74.

A summary of a message converted into a string of digits after the hash has been applied best describes

A)

message digest.

B)

reference rate.

C)

5/21/2018 TIF_9780273761389_09

24/38

digital certificate.

D)

key code.

Answer:

A

Diff: 3

Type: MC

Page Ref: 521

AACSB:

Objective:

75.

A mathematical computation that is applied to a message, using a private key to encrypt the message, best defines

A)

standard deviation.

B)

hash.

C)

locking code.

D)

Sharpe ratio.

Answer:

B

Diff: 3

Type: MC

Page Ref: 521

AACSB:

Objective:

76.

Advantages of virtual private networks include each of the followingexcept

A)

5/21/2018 TIF_9780273761389_09

25/38

remote users can use broadband connections rather than make long distance calls to access an organization's private

network.

B)

they are less expensive than private leased lines because they use the public Internet to carry information.

C)

they ensure the confidentiality and integrity of the data transmitted over the Internet without requiring encryption.

D)

they can reduce communication costs dramatically because VPN equipment is cheaper than other remote solutions.

Answer:

C

Diff: 3

Type: MC

Page Ref: 525

AACSB: Use of information technology

Objective:

77.

A method used to ensure confidentiality and integrity of data transmitted over the Internet by encrypting data packets

sending them in packets across the Internet, and decrypting them at the destination address best defines

A)

Trojan horse.

B)

protocol tunneling.

C)

message envelope.

D)

data wrapping.

Answer:

B

Diff: 3

Type: MC

5/21/2018 TIF_9780273761389_09

26/38

Page Ref: 525

AACSB:

Objective:

78.

An EC security strategy and program begins with

A)

the commitment and involvement of executive management.

B)

secure design of EC applications.

C)

layers of hardware and software defenses.

D)

information security policies and training.

Answer:

A

Diff: 1

Type: MC

Page Ref: 536

AACSB: Use of information technology

Objective:

79.

An exercise that determines the impact of losing the support of an EC resource to an organization and establishes the

escalation of that loss over time, identifies the minimum resources needed to recover, and prioritizes the recovery of

processes and supporting systems best describesA)

business impact analysis.

B)

computer security incident management.

C)

5/21/2018 TIF_9780273761389_09

27/38

vulnerability assessment.

D)

business continuity plan.

Answer:

A

Diff: 2

Type: MC

Page Ref: 537

AACSB:

Objective:

80.

The key reasons why EC criminals cannot be stopped include each of the followingexcept

A)

there is a lack of cooperation from credit card issuers and foreign ISPs.

B)

strong EC security makes online shopping inconvenient and demanding on customers.

C)

sophisticated hackers use browsers to crack into Web sites.

D)

online shoppers do not take necessary precautions to avoid becoming a victim.

Answer:

C

Diff: 2

Type: MC

Page Ref: 537

AACSB: Use of information technology

Objective:

81.

Briefly describe nonrepudiation and its importance for EC and electronic transactions.

Answer:

5/21/2018 TIF_9780273761389_09

28/38

Nonrepudiation is assurance that an online customer or trading partner cannot falsely deny their purchase, transaction

etc. For EC and other electronic transactions, including cash machines or ATMs, all parties in a transaction must be

confident that the transaction is secure; the parties are who they say they are (authentication), and that the transaction i

verified being completed or final. Authentication and nonrepudiation are potential defenses against phishing and ident

theft.

Diff: 2

Type: ES

Page Ref: 498

AACSB:

Objective:

82.

Briefly describe the CIA security triad.

Answer:

The CIA security triad refers to the confidentiality, integrity, and availability (or accessibility) of information and busine

Web sites. Confidentiality is the assurance of data privacy. The data or transmitted message is encrypted so that it is

readable only by the person for whom it is intended. The confidentiality function prevents unauthorized disclosure of

information. Integrity is the assurance that data is accurate or that a message has not been altered. It means that stored

data has not been modified without authorization; a message that was sent is the same message that was received.

Availability is the assurance that access to data, the Web site, or other EC data service is timely, available, reliable, and

restricted to authorized users.

Diff: 2

Type: ES

Page Ref: 513AACSB:

Objective:

83.

Define biometric system. Identify four common biometrics.

Answer:

Biometric systems are authentication systems that identify a person by measurement of biological characteristics.Examples include thumbprint or fingerprints, retinal scans, voice scans, and signatures.

Diff: 2

Type: ES

Page Ref: 518

AACSB:

Objective:

5/21/2018 TIF_9780273761389_09

29/38

84.

Define encryption. Identify five major benefits of encryption.

Answer:

Encryption is the process of scrambling a message in such a way that it is difficult, expensive, or time-consuming for an

unauthorized person to unscramble it. Major benefits of encryption include allowing users to carry data on their portab

devices, protecting backup media while offsite, allowing for highly secure virtual private networks, enforcing policiesregarding who handles what corporate data, ensuring compliance with privacy laws and regulations, and protecting th

organization's reputation and secrets.

Diff: 2

Type: ES

Page Ref: 519

AACSB:

Objective:

85.

Why does the success of an EC security strategy and program depend on the commitment and involvement of executiv

management?

Answer:

The authority of senior managers is needed to establish and maintain EC security programs. A genuine and well-

communicated executive commitment about EC security and privacy measures is needed to convince users that insecur

practices, risky or unethical methods, and mistakes due to ignorance will not be tolerated. Most forms of security (e.g.,

airport and sports arena security) are unpopular because they are inconvenient, restrictive, time consuming, and

expensive. Security practices tend not to be a priority unless they are mandatory and there are negative consequences f

noncompliance.

Diff: 2

Type: ES

Page Ref: 536

AACSB:

Objective:

5/21/2018 TIF_9780273761389_09

30/38

1.

TRUE

2.

FALSE

3.

TRUE

4.

FALSE

5.

FALSE

6.

FALSE

7.

FALSE

8.

TRUE

9.

FALSE

10.

TRUE

5/21/2018 TIF_9780273761389_09

31/38

11.

TRUE

12.

TRUE

13.

FALSE

14.

TRUE

15.

FALSE

16.

FALSE

17.

FALSE

18.

FALSE

19.

FALSE

20.

TRUE

21.

5/21/2018 TIF_9780273761389_09

32/38

TRUE

22.

FALSE

23.

TRUE

24.

TRUE

25.

TRUE

26.

TRUE

27.

FALSE

28.

TRUE

29.

FALSE

30.

FALSE

31.

FALSE

5/21/2018 TIF_9780273761389_09

33/38

32.

TRUE

33.

TRUE

34.

FALSE

35.

TRUE

36.

D

37.

D

38.

A

39.

C

40.

D

41.

D

5/21/2018 TIF_9780273761389_09

34/38

42.

C

43.

B

44.

B

45.

C

46.

D

47.

A

48.

B

49.

A

50.

A

51.

C

5/21/2018 TIF_9780273761389_09

35/38

52.

B

53.

B

54.

B

55.

D

56.

A

57.

A

58.

B

59.

B

60.

A

61.

B

62.

5/21/2018 TIF_9780273761389_09

36/38

B

63.

C

64.

C

65.

B

66.

A

67.

D

68.

A

69.

C

70.

B

71.

C

72.

D

5/21/2018 TIF_9780273761389_09

37/38

73.

C

74.

A

75.

B

76.

C

77.

B

78.

A

79.

A

80.

C

81.

Nonrepudiation is assurance that an online customer or trading partner cannot falsely deny their purchase, transaction

etc. For EC and other electronic transactions, including cash machines or ATMs, all parties in a transaction must be

confident that the transaction is secure; the parties are who they say they are (authentication), and that the transaction i

verified being completed or final. Authentication and nonrepudiation are potential defenses against phishing and ident

theft.

5/21/2018 TIF_9780273761389_09

38/38

82.

The CIA security triad refers to the confidentiality, integrity, and availability (or accessibility) of information and busine

Web sites. Confidentiality is the assurance of data privacy. The data or transmitted message is encrypted so that it is

readable only by the person for whom it is intended. The confidentiality function prevents unauthorized disclosure of

information. Integrity is the assurance that data is accurate or that a message has not been altered. It means that stored

data has not been modified without authorization; a message that was sent is the same message that was received.

Availability is the assurance that access to data, the Web site, or other EC data service is timely, available, reliable, and

restricted to authorized users.

83.

Biometric systems are authentication systems that identify a person by measurement of biological characteristics.

Examples include thumbprint or fingerprints, retinal scans, voice scans, and signatures.

84.

Encryption is the process of scrambling a message in such a way that it is difficult, expensive, or time-consuming for an

unauthorized person to unscramble it. Major benefits of encryption include allowing users to carry data on their portab

devices, protecting backup media while offsite, allowing for highly secure virtual private networks, enforcing policies

regarding who handles what corporate data, ensuring compliance with privacy laws and regulations, and protecting th

organization's reputation and secrets.

85.

The authority of senior managers is needed to establish and maintain EC security programs. A genuine and well-

communicated executive commitment about EC security and privacy measures is needed to convince users that insecur

practices, risky or unethical methods, and mistakes due to ignorance will not be tolerated. Most forms of security (e.g.,airport and sports arena security) are unpopular because they are inconvenient, restrictive, time consuming, and

expensive. Security practices tend not to be a priority unless they are mandatory and there are negative consequences f

noncompliance.