1 / 40

Too many users Technical factors Organizational factors Environmental factors

Which of the following is not a source of common threats against contemporary information systems?. Too many users Technical factors Organizational factors Environmental factors Poor management decisions.

elizabethmonroe
Télécharger la présentation

Too many users Technical factors Organizational factors Environmental factors

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Which of the following is not a source of common threats against contemporary information systems? • Too many users • Technical factors • Organizational factors • Environmental factors • Poor management decisions

  2. Which of the following is not a source of common threats against contemporary information systems? • Too many users • Technical factors • Organizational factors • Environmental factors • Poor management decisions In the multitier client/server computing environment, vulnerabilities exist at each layer and in the communications between the layers.

  3. The act of eavesdroppers driving by buildings or parking outside and intercepting wireless network traffic is called… • eavesdropping. • war driving. • driving interception. • wireless interception. • Not sure

  4. The act of eavesdroppers driving by buildings or parking outside and intercepting wireless network traffic is called… • eavesdropping. • war driving. • driving interception. • wireless interception. • Not sure Wireless networks in many locations do not have basic protections against war driving, thereby leaving the networks susceptible to eavesdropping and transmission interceptions.

  5. Computer viruses, worms, and Trojan horses are collectively called… • spyware. • spam. • groupware. • malware. • macroware.

  6. Computer viruses, worms, and Trojan horses are collectively called… • spyware. • spam. • groupware. • malware. • macroware. Malicious software programs are referred to as malware and constitute major threats to corporate and private systems.

  7. A rogue software program that attaches itself to other software programs or data files in order to be executed is called a… • Trojan horse. • worm. • virus. • spoofer. • spammer.

  8. A rogue software program that attaches itself to other software programs or data files in order to be executed is called a… • Trojan horse. • worm. • virus. • spoofer. • spammer . Most computer viruses deliver a “payload” that may be relatively benign or highly destructive. Viruses typically spread from computer to computer when humans send an infected e-mail or copy an infected file.

  9. A software program that appears to be benign, but then does something other than expected is called a… • Trojan horse. • worm. • virus. • spoofer. • spammer.

  10. Trojan horse. • worm. • virus. • spoofer. • spammer. A software program that appears to be benign, but then does something other than expected is called a… A Trojan horse is not itself a virus because it does not replicate, but is often a way for viruses or other malicious code to be introduced into a computer system.

  11. An independent computer program that copies itself from one computer to others over a network and operates on its own is referred to as a … • Trojan horse • worm. • virus. • spoofer. • spammer.

  12. An independent computer program that copies itself from one computer to others over a network and operates on its own is referred to as a … • Trojan horse. • worm. • virus. • spoofer. • spammer. Worms rely less on human behavior in order to spread from computer to computer than do viruses. This explains why computer worms spread much more rapidly than computer viruses.

  13. A type of eavesdropping program that monitors information traveling over a network is known as… • a spoofer. • a sniffer. • spyware. • spam. • spybot.

  14. A type of eavesdropping program that monitors information traveling over a network is known as… • a spoofer. • a sniffer. • spyware. • spam. • spybot. When used legitimately, sniffers can help identify potential network trouble-spots or criminal activity on networks, but when used for criminal purposes, they can be damaging and difficult to detect.

  15. A crime in which an imposter obtains key pieces of personal information in order to impersonate another person is known as… • spoofing. • identity theft. • denial of service attack. • fraud. • breach of confidentiality.

  16. A crime in which an imposter obtains key pieces of personal information in order to impersonate another person is known as… • spoofing. • identity theft. • denial of service attack. • fraud. • breach of confidentiality. Identity theft is the fastest growing crime in the United States. Stolen information can be used to obtain credit, merchandise, or services in the name of the victim or to provide the thief with false credentials.

  17. The act of setting up fake Web sites or sending emails that look like those of legitimate businesses asking users for confidential personal data is called… • phishing. • faking. • spotting. • denial of service. • theft.

  18. The act of setting up fake Web sites or sending e-mails that look like those of legitimate businesses asking users for confidential personal data is called… • phishing. • faking. • spotting. • denial of service. • theft. The e-mail instructs recipients to update or confirm records by providing social security numbers, bank and credit card information, and other confidential data by responding to the e-mail or by entering the information at a bogus Web site.

  19. The largest financial threats to business institutions come from… • the competition. • customers. • suppliers. • the government. • insiders.

  20. The largest financial threats to business institutions come from… • the competition. • customers. • suppliers. • the government. • insiders. Some of the largest disruptions to service, destruction of e-commerce sites, and diversion of customer credit data and personal information have come from insiders—once trusted employees.

  21. A major source of errors introduced into an information system comes from… • suppliers. • customers. • business partners. • employees. • networks.

  22. A major source of errors introduced into an information system comes from… • suppliers. • customers. • business partners. • employees. • networks. Employees—both end users and information systems specialists—can introduce errors by entering faulty data or by not following the proper instructions for processing data and using computer equipment.

  23. customer input. • supplier access. • presence of hidden bugs. • network access points. • business partner input. A major problem with software is…

  24. A major problem with software is… • customer input. • supplier access. • presence of hidden bugs. • network access points. • business partner input. Studies have shown that it is virtually impossible to eliminate all bugs from large programs. The main source of bugs is the complexity of decision-making code.

  25. Which of the following pieces of government legislation was designed to protect investors from financial scandals? • HIPAA • Gramm-Leach-Bliley Act • Sarbanes-Oxley Act of 2002 • ISO 17799 • Child Decency Act

  26. Which of the following pieces of government legislation was designed to protect investors from financial scandals? • HIPAA • Gramm-Leach-Bliley Act • Sarbanes-Oxley Act of 2002 • ISO 17799 • Child Decency Act This Act imposes responsibility on companies and their management to safeguard the integrity of the information that is used internally and released externally. The Act has had a significant impact on how information systems are structured and maintained.

  27. The type of control associated with the accuracy and completeness of data when they enter the system is referred to as… • general controls. • input controls. • processing controls. • output controls. • network controls.

  28. The type of control associated with the accuracy and completeness of data when they enter the system is referred to as… • general controls. • input controls. • processing controls. • output controls. • network controls. There are specific input controls for input authorization, data conversion, data editing, and error handling.

  29. Which of the following is not an element of a risk assessment? • Value of information assets • Points of vulnerability • Likely frequency of a problem • Potential for damage • Cost of erroneous data

  30. Which of the following is not an element of a risk assessment? • Value of information assets • Points of vulnerability • Likely frequency of a problem • Potential for damage • Cost of erroneous data A risk assessment determines the level of risk to the firm if a specific activity or process is not properly controlled.

  31. Which of the following is not an integral part of a well-formulated security policy? • Ranking information risks • Identifying acceptable security goals • Level of acceptable risk • Number of network access points • Identifying security goals

  32. Ranking information risks • Identifying acceptable security goals • Level of acceptable risk • Number of network access points • Identifying security goals Which of the following is not an integral part of a well-formulated security policy? The chief security officer is responsible for enforcing the firm’s security policy.

  33. Which of the following is not a method of ensuring business continuity associated with information systems? • Fault-tolerant systems • High-availability systems • Limiting the number of users • Load balancing • Mirroring

  34. Which of the following is not a method of ensuring business continuity associated with information systems? • Fault-tolerant systems • High-availability systems • Limiting the number of users • Load balancing • Mirroring As companies increasingly rely on digital networks for their revenue and operations, they need to take additional steps to ensure that their systems and applications are always available.

  35. Access control • Authentication • Biometric authentication • Firewalls • Spyware Which of the following consists of all the policies and procedures a company uses to prevent improper system access by unauthorized outsiders?

  36. Which of the following consists of all the policies and procedures a company uses to prevent improper system access by unauthorized outsiders? • Access control • Authentication • Biometric authentication • Firewalls • Spyware To gain access to a system, a user must be authorized and authenticated. Access control is the first step to ensure that happens.

  37. Which of the following access controls is based on the measurement of a physical or behavioral trait that makes each individual unique? • Intrusion Detection systems • Authentication • Biometric authentication • Firewalls • Spyware

  38. Which of the following access controls is based on the measurement of a physical or behavioral trait that makes each individual unique? • Intrusion Detection systems • Authentication • Biometric authentication • Firewalls • Spyware Biometric authentication represents a promising new technology that can overcome some of the limitations of passwords for authenticating system users.

  39. A method for encrypting data flowing over the Internet, but limited to Web documents is… • secure sockets layer. • public key infrastructure. • secure hypertext transfer protocol. • transport layer security. • digital certificates.

  40. A method for encrypting data flowing over the Internet, but limited to Web documents is… • secure sockets layer. • public key infrastructure. • secure hypertext transfer protocol. • transport layer security. • digital certificates. S-HTTP encrypts data flowing over the Internet from Web documents. Secure sockets layer and transport layer security encrypt all data being passed between client and server.

More Related