Quiz-1

1.The virtues ethics approach to decision making focuses on how one should behave and think about
relationships if he or she is concerned with his or her daily life in the community. True

2.A person who acts with integrity act in accordance with a personal code of principles. True

3. The term morality refers to social conventions about right and wrong that are so widely shared that
they become the basis for an established consensus. TRUE

4. A(n) corporate ethics officer aligns the practices of a workplace with the stated ethics and beliefs of
that workplace, holding people accountable to ethical standards. TRUE

A code of ethics is a statement that highlights its key ethical issues and identifies the overarching values
and principles that are important to the organization and its decision making.

TRUE

6. The principle that the ethical choice treats everyone the same and shows no favoritism or
discrimination is most closely associated with the fairness approach to dealing with moral issues. TRUE

7. The chairman of , an Indian based outsourcing firm, admitted he had overstated the company’s assets by
more than $1 billion in India’s largest ever corporate scandal. Satyam Computer Services

8. In a(n) morals assessment, an organization reviews how well it is meeting its ethical and social
responsibility goals and communicates its new goals for the upcoming year. False

9. Every society forms a set of rules that establishes the boundaries of generally accepted behavior.
These rules are often expressed in statements about how people should behave, and they fit together to
form the______ by which a society lives. moral code
10. The goodwill that socially responsible activities create can make it easier for corporations to conduct
their business. TRUE

11. Companies that develop and maintain strong employee relations: enjoy lower turnover rates

12. A corporate ethics officer provides an organization with ...........and leadership in the area of business
conduct. vision

13. The general public needs to develop a better understanding of the critical importance of ethics as
they apply to IT; currently, too much emphasis has been placed on technical issues. TRUE

14. The principle that the ethical choice treats everyone the same and shows no favoritism or
discrimination is most closely associated with the approach to dealing with moral issues.
fairness

15.In a(n)________, an organization reviews how well it is meeting its ethical and social responsibility
goals, and communicates its new goals for the upcoming year. Social audit

16............. is a system of rules that tells us what we can and cannot do. Law

17.Consistency means that shareholders, customers, suppliers, and the community know what they can
expect of an organization that it will behave in the future much as it has in the past. TRUE

18.A(n)_________is a habit of unacceptable behavior. vice

19.Greater globalization has increased the likelihood of unethical behavior. TRUE

20.An approach to ethical decision making that is based on a vision of society as a community whose
members work together to achieve a general set of values and goals is the________approach. Common
good

21.A complication of the________approach to decision making is that measuring and comparing the
values of certain benefits and costs is often difficult, if not impossible. utilitarian

22.The public reputation of an organization strongly influences the value of its stock, how consumers
regard its products and services, the degree of oversight it receives from government agencies, and the
amount of support and cooperation it receives from its business partners. TRUE

23.Which of the following is the most critical step in the decision-making process?

Development of a problem statement

24.Section 404 of the Sarbanes-Oxley Act states that.

25.A set of beliefs about right and wrong behavior within a society is called ethics

26...............are one’s personal beliefs about right and wrong. Moral

27.A........provides an organization with vision and leadership in the area of business conduct.
Corporate ethics officer

28.__________is the concept that an organization should act ethically by taking accountability for the
impact of its actions on the environment, the community, and the welfare of its employees. Corporate
social responsibility

29.A code of ethics can gain company-wide acceptance unless it is developed with employee
participation and fully endorsed by the organization’s leadership. False

30.The .................................. is responsible for the careful and responsible management of an

Quiz-2

1. Currently IT professional organization has emerged as preeminent, so there is universal code of

2.In the United States, a(n) government license gives permission to engage in an activity or operate a
business. TRUE

3.Compliance means to be in conformance with a profession’s core body of knowledge. FALSE

4.The United Nations Convention Against Corruption is a legally binding global treaty to fight bribery
and corruption.TRUE

5.To qualify legally as a bribe, the gift or payment must be made directly from donor to recipient

FALSE

6.A major goal for IT professionals and client is to develop good working relationships in which no
action can be perceived as unethical. FALSE
7. When it comes to distinguishing between bribes and gifts, the perceptions of the donor and recipient
almost always coincide.FALSE

8.Bribery involves providing money, property, or favors to someone in business or government to obtain
a business advantage.TRUE

9.A bribe is a crime even if the payment was lawful under the laws of the foreign country in which it
was paid.FALSE

10.The core body of knowledge for any profession outlines an agreed-upon code of ethics and practices
for those who practice in that profession.FALSE

11.Vendor certifications require passing a written exam, which usually contains multiple-choice
questions because of legal concerns about whether other types of exams can be graded
objectively.TRUE

12.Certification indicates that a professional possesses a particular set of skills, knowledge, or abilities,
in the opinion of the certifying organization.TRUE

13.A breach of the duty of care is defined as a failure to conform to the code of ethics of a professional
organization.FALSE

14.A(n) profession is a calling that requires specialized knowledge and often long and intensive
academic preparation.TRUE

15.A(n) trade secret is information used in a business, generally unknown to the public, that the
company has taken strong measures to keep confidential.TRUE

16.Misrepresentation is the misstatement or incomplete statement of a material fact. TRUE

17.Gifts come with no expectation of a future favor for the donor.TRUE

18.Professionals require advanced training and experience, must exercise discretion and judgment in the
course of their work, and their work cannot be standardized.TRUE

19. Certifications from associations generally require a certain level of experience and a broader
perspective than vendor certifications. industry

20. has been defined as not doing something that a reasonable person would do, or doing something
that a reasonable person would not do.Negligence

21. means to be in accordance with established policies, guidelines, specifications, or legislation.

Compliance
22.In relationships between IT professionals and .............. important issues include software piracy,
inappropriate use of IT resources, and inappropriate sharing of information.IT users

23.Most organizations have a(n) audit department whose primary responsibilities include
determining that internal systems and controls are adequate and effective. internal

24. is the crime of obtaining goods, services, or property through deception or trickery.Fraud

25.The Foreign Corrupt Practices Act (FCPA) makes it a crime to_______. bribe a foreign official

26. Government licensing is generally administered at the federal level in the United States.FALSE

27.From a legal perspective, there is both a reasonable person standard and a reasonable professional
standard to decide whether parties owe a duty of care. TRUE

28.Professionals' liability for injuries caused by their negligence is referred to as professional

29.From a legal perspective, IT workers are not recognized as professionals because they are not
licensed by the state or federal government.TRUE

30.Duty of care refers to the ................to protect people against any unreasonable harm or risk.
Obligation

Quiz-3
1. A security policy outlines exactly what needs to be done to safeguard computers and their data, but
not how it must be accomplished.

TRUE

2. Fraud by malicious insiders often involves some form of collusion, or cooperation, between an
employee and an outsider.

TRUE

3. The cooperation between an employee of a company and an outsider to commit fraud against the
company is called___.

collusion

4. Employees and contract workers must be educated about the importance of security so that they will
be motivated to understand and follow the security policies.
TRUE

5. A(n)----is a harmful program that resides in the active memory of the computer and duplicates itself.

worm

6. Debit and credit cards which contain a memory chip that is updated with encrypted data every time
the cards are used are called smart cards.

TRUE

7. A(n) Trojan horse is a form of malware in which malicious code is hidden inside a seemingly
harmless program.

TRUE

8. A spear-phishing attack typically employs a group of zombies to keep the target so busy responding
to a stream of automated requests that legitimate users cannot access the target.

FALSE

9. To initiate a denial of service attack, a tiny program is downloaded surreptitiously from the attacker’s
computer to dozens, hundreds, or even thousands of computers all over the world. Based on a command
by the attacker or at a preset time, the botnet computers, called---- , go into action, each sending a simple
request for access to the target site again and again.

zombies

10.Hacking to achieve a political or social goal is known as---

hacktivism

11.In a security incident, the primary goal must be to monitor and catch the intruder.

FALSE

12.An intrusion detection system monitors system and network resources and activities, and notifies the
network security when it detects attempts to circumvent the security measures of a networked computer
environment.

TRUE

13.Malicious insiders are poorly trained and inadequately managed employees who mean well but have
the potential to cause much damage.

FALSE
14.Rootkit is a set of programs that enables its users to gain administrator-level access to a computer
without the end user’s consent or knowledge.

TRUE

15.Using text messaging (SMS) fraudulently to try to get the recipient to reveal personal data is called

smishing

16.A(n)-----is a security incident prevention tool that evaluates whether an organization has a well-
considered security policy in place and if it is being followed.

Security audit

17.An attack on an information system that takes advantage of a vulnerability is called a(n)----

exploit

18.The use of voice mail to tell someone to call a phone number, or access a Web site, in an attempt to
gain personal information about that person is called .

vishing

19.Competitive Intelligence is the use of illegal means to obtain business information not available to
the general public.

FALSE

20.A large group of computers controlled from one or more remote locations by hackers without the
knowledge or consent of their owners is called a(n)

botnet

21.Smart and talented hackers who are technically inept are referred to as lamers or script kiddies by
more skilled hackers.

TRUE

22.-----is legally obtained information gathered using sources available to the public.

Competitive intelligence

23.----------- is a method of computing that delivers secure, private, and reliable computing experiences
based on sound business practices.

Trustworthy computing
24. is the abuse of email systems to send unsolicited email to large numbers of people.

Email spam

25.The process of assessing security related risks from both internal and external threats to an
organization’s computers and networks is called ---
Risk assessment

26.----differ from viruses in that they propagate without human intervention, sending copies of
themselves to other computers by email.
Worms

27.Whenever possible, automated system rules should mirror an organization's written polices.
TRUE

28.Industrial espionage is the use of illegal means to obtain business information not available to the
general public.

TRUE

29.Crackers test the limitations of information systems out of intellectual curiosity to see whether they
can gain access and how far they can go.
FALSE

30.People who use illegal means to obtain trade secrets from a competitor are called industrial spies

TRUE