lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

TOPICS: Business continuity planning

KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

Multiple Choice

20. _____ can interfere with users’ control of their computers, through such methods as installing additional software and
redirecting Web browsers.
a. Keystroke
loggers
b. Spyware
c. Firmware
d. Script loggers
ANSWER: b
RATIONALE: Correct. Spyware can interfere with users’ control of their computers, through
such methods as installing additional software and redirecting Web browsers. It
is software that secretly gathers information about users while they browse the
Web. See 5-1: Risks Associated with Information Technologies
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe information technologies that could be used in computer
: crimes.
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.01
JECTIVES:
TOPICS: Security risks and threats
Computer crimes
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

21. Which statement best describes spyware?

a. It is software that secretly gathers information about users while they browse the Web.
b.It is an attack that floods a server with service requests to prevent legitimate users’
access to the system.
c. It is encryption security that manages transmission security on the Internet.
d.It is a programming routine built into a system by its designer to bypass system
security and sneak back into the system later to access programs or files.
ANSWER: a
Copyright Cengage Learning. Powered by Cognero. Page 12

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

RATIONALE: Correct. Spyware is software that secretly gathers information about users while
they browse the Web. This information could be used for malicious purposes.
See 5-1: Risks Associated with Information Technologies
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe information technologies that could be used in computer
: crimes.
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.01
JECTIVES:
TOPICS: Security risks and threats
Computer crimes
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

22. Which statement is true of phishing?

a. It involves monitoring and recording keystrokes.
b. It involves sending fraudulent e-mails that seem to come from legitimate sources.
c. It consists of self-propagating program code that is triggered by a specified time or
event.
d. It prevents the disclosure of information to anyone who is not authorized to access it.
ANSWER: b
RATIONALE: Correct. Phishing is sending fraudulent e-mails that seem to come from
legitimate sources, such as a bank or university. The e-mails usually direct
recipients to false Web sites that look like the real thing for the purpose of
capturing personal information. See 5-1: Risks Associated with Information
Technologies
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Describe information technologies that could be used in computer
: crimes.
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.01
JECTIVES:
TOPICS: Security risks and threats
Computer crimes
KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
Copyright Cengage Learning. Powered by Cognero. Page 13

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

23. In the context of computer crimes and attacks, the difference between phishing and spear phishing is that:
a. in spear phishing, the attack is targeted toward a specific person or a group.
b. spear phishing involves monitoring and recording keystrokes.
c. in spear phishing, hackers capture and record network traffic.
d. spear phishing involves collecting sensitive information via phone calls.
ANSWER: a
RATIONALE: Correct. Spear phishing is the same as phishing. The difference is that the attack
is targeted toward a specific person or a group. See 5-1: Risks Associated with
Information Technologies
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Describe information technologies that could be used in computer
: crimes.
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.01
JECTIVES:
TOPICS: Security risks and threats
Computer crimes
KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

24. Similar to phishing, _____ is directing Internet users to fraudulent Web sites with the intention of stealing their
personal information, such as Social Security numbers, passwords, bank account numbers, and credit card numbers.
a. sniffing
b. screening
c. pharming
d. cybersquattin
g
ANSWER: c
RATIONALE: Correct. Pharming is similar to phishing in that Internet users are directed to
fraudulent Web sites with the intention of stealing their personal information,
such as Social Security numbers, passwords, bank account numbers, and credit
card numbers. The difference is that pharmers usually hijack an official Web
site address by hacking a Domain Name System server, then alter the legitimate
Web site IP address so that users who enter the correct Web address are directed
to the pharmers’ fraudulent Web site. See 5-1: Risks Associated with
Information Technologies

Copyright Cengage Learning. Powered by Cognero. Page 14

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe information technologies that could be used in computer
: crimes.
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.01
JECTIVES:
TOPICS: Security risks and threats
Computer crimes
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

25. The process of capturing and recording network traffic is referred to as _____.
a. sniffing
b. phishing
c. bombing
d. pharmin
g
ANSWER: a
RATIONALE: Correct. Sniffing is capturing and recording network traffic. Although it can be
done for legitimate reasons, such as monitoring network performance, hackers
often use it to intercept information. See 5-1: Risks Associated with Information
Technologies
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe information technologies that could be used in computer
: crimes.
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.01
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

26. Spoofing happens when:

Copyright Cengage Learning. Powered by Cognero. Page 15

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

a. a word is converted into a digital pattern.

b. keystrokes are monitored and recorded.
c. an illegitimate program poses as a legitimate
one.
d. a firewall rejects the incoming data packets.
ANSWER: c
RATIONALE: Correct. Spoofing happens when an illegitimate program poses as a legitimate
one. It is an attempt to gain access to a network by posing as an authorized user
in order to find sensitive information, such as passwords and credit card
information. See 5-1: Risks Associated with Information Technologies
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Describe information technologies that could be used in computer
: crimes.
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.01
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:12 PM
ED:

27. John downloaded Alten Cleaner, a program that poses as a computer registry cleaner, on his computer. Once he
installed the program on his computer, the program illegitimately gained access to John’s passwords and credit card
information. In this scenario, it is evident that John was a victim of _____.
a. spoofing
b. phishing
c. baiting
d. pharmin
g
ANSWER: a
RATIONALE: Correct. In the given scenario, it is evident that John was a victim of spoofing.
Spoofing happens when an illegitimate program poses as a legitimate one. It is
an attempt to gain access to a network by posing as an authorized user in order
to find sensitive information, such as passwords and credit card information.
See 5-1: Risks Associated with Information Technologies
POINTS: 1
DIFFICULTY: Challenging
REFERENCES Describe information technologies that could be used in computer
: crimes.
QUESTION TY Multiple Choice
PE:
Copyright Cengage Learning. Powered by Cognero. Page 16

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

HAS VARIABL False

ES:
LEARNING OB MIS9.BIDG.19.05.01
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Apply
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

28. _____ is a computer crime that involves destroying or disrupting computer services.
a. Keystroke
logging
b. Dumpster diving
c. Bombing
d. Sabotage
ANSWER: d
RATIONALE: Correct. Sabotage is a computer crime that involves destroying or disrupting
computer services. Surprisingly, most computer crimes are committed by
company insiders, which makes protecting information resources even more
difficult. See 5-1: Risks Associated with Information Technologies
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe information technologies that could be used in computer
: crimes.
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.01
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:13 PM
ED:

29. In the context of computer and network security, _____ means that a system must not allow the disclosing of
information by anyone who is not authorized to access it.
a. reliability
b. confidentialit
y
c. integrity
d. availability
ANSWER: b
Copyright Cengage Learning. Powered by Cognero. Page 17

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

RATIONALE: Correct. Confidentiality means that a system must not allow the disclosing of
information by anyone who is not authorized to access it. In businesses,
confidentiality ensures that private information, such as payroll and personnel
data, is protected from competitors and other organizations. See 5-2: Computer
and Network Security: Basic Safeguards
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe basic safeguards in computer and network security.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.02
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

30. In the context of computer and network security, _____ refers to the accuracy of information resources within an
organization.
a. validity
b. confidentialit
y
c. integrity
d. availability
ANSWER: c
RATIONALE: Correct. Integrity refers to the accuracy of information resources within an
organization. In other words, a security system must not allow data to be
corrupted or allow unauthorized changes to a corporate database. See 5-2:
Computer and Network Security: Basic Safeguards
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe basic safeguards in computer and network security.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.02
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
Copyright Cengage Learning. Powered by Cognero. Page 18

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

31. In the context of computer and network security, a security system is said to possess _____ when it does not allow
data to be corrupted or allow unauthorized changes to a corporate database.
a. integrity
b. confidentialit
y
c. validity
d. availability
ANSWER: a
RATIONALE: Correct. Integrity refers to the accuracy of information resources within an
organization. In other words, a security system must not allow data to be
corrupted or allow unauthorized changes to a corporate database. See 5-2:
Computer and Network Security: Basic Safeguards
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe basic safeguards in computer and network security.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.02
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

32. In the context of computer and network security, _____ means that computers and networks are operating and
authorized users can access the information they need.
a. validity
b. confidentialit
y
c. integrity
d. availability
ANSWER: d
RATIONALE: Correct. Availability means that computers and networks are operating and
authorized users can access the information they need. It also means a quick
recovery in the event of a system failure or disaster. See 5-2: Computer and
Network Security: Basic Safeguards
POINTS: 1
DIFFICULTY: Easy
Copyright Cengage Learning. Powered by Cognero. Page 19

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

REFERENCES Describe basic safeguards in computer and network security.

:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.02
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

33. In the context of computer and network security, _____ means a quick recovery in the event of a system failure or
disaster.
a. availability
b. confidentialit
y
c. integrity
d. validity
ANSWER: a
RATIONALE: Correct. Availability means that computers and networks are operating and
authorized users can access the information they need. It also means a quick
recovery in the event of a system failure or disaster. See 5-2: Computer and
Network Security: Basic Safeguards
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe basic safeguards in computer and network security.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.02
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

34. The Committee on National Security Systems (CNSS) proposed a model known as the _____ for evaluating
information security.
a. McCumber cube
Copyright Cengage Learning. Powered by Cognero. Page 20

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

b. Six Sigma model

c. Bohr model
d. SWOT analysis
ANSWER: a
RATIONALE: Correct. The CNSS proposed a model known as the McCumber cube. John
McCumber created this framework for evaluating information security. See 5-2:
Computer and Network Security: Basic Safeguards
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe basic safeguards in computer and network security.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.02
JECTIVES:
TOPICS: Security protection
Hacking
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

35. A level 1 security system is used to protect _____ against unauthorized access.
a. users’ workstations
b. back-end systems
c. internal database
servers
d. front-end servers
ANSWER: d
RATIONALE: Correct. In level 1 security, front-end servers, those available to both internal
and external users, must be protected against unauthorized access. Typically,
these systems are e-mail and Web servers. See 5-2: Computer and Network
Security: Basic Safeguards
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Describe basic safeguards in computer and network security.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.02
JECTIVES:
TOPICS: Security protection
Copyright Cengage Learning. Powered by Cognero. Page 21

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

Hacking
KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

36. In a level 2 security system, _____ must be protected to ensure confidentiality, accuracy, and integrity of data.
a. back-end systems
b. external
databases
c. private networks
d. front-end servers
ANSWER: a
RATIONALE: Correct. In level 2 security, back-end systems (such as users’ workstations and
internal database servers) must be protected to ensure confidentiality, accuracy,
and integrity of data. See 5-2: Computer and Network Security: Basic
Safeguards
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe basic safeguards in computer and network security.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.02
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

37. A level 3 security system focuses on protecting the _____ against intrusion, denial-of-service attacks, and
unauthorized access.
a. back-end server
b. corporate network
c. user’s work station
d. front-end server
ANSWER: b
RATIONALE: Correct. In level 3 security, the corporate network must be protected against
intrusion, denial-of-service attacks, and unauthorized access. See 5-2: Computer
and Network Security: Basic Safeguards
POINTS: 1
DIFFICULTY: Easy
Copyright Cengage Learning. Powered by Cognero. Page 22

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

REFERENCES Describe basic safeguards in computer and network security.

:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.02
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

38. When a computer is infected by a virus, _____.

a. the system’s disk access is fast
b. system updates are recommended often
c. some programs suddenly increase in size
d. the available memory space remains
constant
ANSWER: c
RATIONALE: Correct. A virus consists of self-propagating code that is triggered by a specific
time or event. When programs suddenly increase in size, it is an indication that
the computer is infected by a virus. See 5-3: Security Threats: An Overview
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Explain the major security threats.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.03
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

39. In the context of the common intentional security threats, which statement best describes a worm?
a. It travels from computer to computer in a network, but it does not usually erase data.
b.It attaches itself to a host program to spread to other files in a computer.
c. It is a programming routine built into a system by its designer to bypass system
security and sneak back into the system later to access data.
Copyright Cengage Learning. Powered by Cognero. Page 23

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

d.It floods a network or server with service requests to prevent legitimate users’ access
to the system.
ANSWER: a
RATIONALE: Correct. A worm travels from computer to computer in a network, but it does
not usually erase data. Unlike a virus, it is an independent program that can
spread itself without having to be attached to a host program. See 5-3: Security
Threats: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Explain the major security threats.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.03
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

40. Which of the following statements is true of a worm?

a. It is usually hidden inside a popular program, but it is not capable of replicating itself.
b.It floods a network or server with service requests to prevent legitimate users’ access
to the system.
c. It is an independent program that can spread itself without attaching itself to a host
program.
d.It enables a system designer to bypass the security of a system and sneak back into the
system later to access files.
ANSWER: c
RATIONALE: Correct. A worm travels from computer to computer in a network, but it does
not usually erase data. Unlike a virus, it is an independent program that can
spread itself without attaching itself to a host program. See 5-3: Security
Threats: An Overview
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Explain the major security threats.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.03
JECTIVES:
Copyright Cengage Learning. Powered by Cognero. Page 24

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

TOPICS: Security risks and threats

KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:15 PM
ED:

41. In the context of intentional security threats, _____ can erase data and wreak havoc on computers and networks but do
not replicate themselves.
a. Trojan programs
b. worms
c. viruses
d. McCumber
cubes
ANSWER: a
RATIONALE: Correct. Trojan programs can erase data and wreak havoc on computers and
networks, but they do not replicate themselves, as viruses and worms do. They
contain code intended to disrupt a computer, network, or Web site, and they are
usually hidden inside a popular program. See 5-3: Security Threats: An
Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Explain the major security threats.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.03
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

42. A _____ is a type of an intentional computer and network threat.

a. latch
b. proxy server
c. backdoor
d. corner bolt
ANSWER: c
RATIONALE: Correct. A backdoor, a type of an intentional computer and network threat, is a
programming routine built into a system by its designer or programmer. This
routine enables the designer or programmer to bypass system security and sneak
back into the system later to access programs or files. See 5-3: Security Threats:
Copyright Cengage Learning. Powered by Cognero. Page 25

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Explain the major security threats.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.03
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

43. Which of the following intentional computer and network threats is a type of Trojan program used to release a virus,
worm, or other destructive code?
a. A logic bomb
b. Dumpster
diving
c. A blended threat
d. Shoulder surfing
ANSWER: a
RATIONALE: Correct. A logic bomb is a type of Trojan program used to release a virus,
worm, or other destructive code. Logic bombs are triggered at a certain time
(sometimes the birthday of a famous person) or by a specific event, such as a
user pressing the Enter key or running a certain program. See 5-3: Security
Threats: An Overview
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Explain the major security threats.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.03
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:
Copyright Cengage Learning. Powered by Cognero. Page 26

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

44. In the context of intentional computer and network threats, a _____ is a programming routine built into a system by its
designer or programmer to bypass system security and sneak back into the system later to access programs or files.
a. logic bomb
b. proxy server
c. firewall
d. backdoor
ANSWER: d
RATIONALE: Correct. A backdoor (also called a trapdoor) is a programming routine built into
a system by its designer or programmer. This routine enables the designer or
programmer to bypass system security and sneak back into the system later to
access programs or files. See 5-3: Security Threats: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Explain the major security threats.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.03
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

45. In the context of intentional computer and network threats, a _____ combines the characteristics of computer viruses,
worms, and other malicious codes with vulnerabilities found on public and private networks.
a. blended threat
b. mirror disk
c. backdoor
threat
d. firewall
ANSWER: a
RATIONALE: Correct. A blended threat combines the characteristics of computer viruses,
worms, and other malicious codes with vulnerabilities found on public and
private networks. Blended threats search for vulnerabilities in computer
networks and then take advantage of these vulnerabilities by embedding
malicious codes in the server’s HTML files or by sending unauthorized e-mails
from compromised servers with a worm attachment. See 5-3: Security Threats:
An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Explain the major security threats.
Copyright Cengage Learning. Powered by Cognero. Page 27

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.03
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

46. In the context of intentional computer and network threats, a _____ floods a network or server with service requests to
prevent legitimate users’ access to the system.
a. blended threat
b. denial-of-service attack
c. keystroke logging
attack
d. backdoor threat
ANSWER: b
RATIONALE: Correct. A denial-of-service (DoS) attack floods a network or server with
service requests to prevent legitimate users’ access to the system. It can be
thought of as 5,000 people surrounding a store and blocking customers who
want to enter; the store is open, but it cannot provide service to legitimate
customers. See 5-3: Security Threats: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Explain the major security threats.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.03
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

47. In the context of security, _____ is an attack that takes advantage of the human element of security systems.
a. disk mirroring
b. weblogging
Copyright Cengage Learning. Powered by Cognero. Page 28

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

c. voice recognition
d. social engineering
ANSWER: d
RATIONALE: Correct. In the context of security, social engineering means using “people
skills”-such as being a good listener and assuming a friendly, unthreatening air-
to trick others into revealing private information. Social engineering attacks
take advantage of the human element of security systems. See 5-3: Security
Threats: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Explain the major security threats.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.03
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

48. Which security measure uses a physiological element that is unique to a person and cannot be stolen, lost, copied, or
passed on to others?
a. A physical security measure
b. A firewall security measure
c. An e-commerce security
measure
d. A biometric security measure
ANSWER: d
RATIONALE: Correct. Biometric security measures use a physiological element that is unique
to a person and cannot be stolen, lost, copied, or passed on to others. See 5-4:
Security Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Biometric access systems
Copyright Cengage Learning. Powered by Cognero. Page 29

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

49. Which of the following is a biometric security measure?

a. Terminal resource security
b. A corner bolt
c. A callback modem
d. Signature analysis
ANSWER: d
RATIONALE: Correct. Signature analysis is a biometric security measure. It involves checking
a user’s signature as well as deviations in pen pressure, speed, and length of
time used to sign the name. See 5-4: Security Measures and Enforcement: An
Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Biometric access systems
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

50. Which biometric security measure compares the length of each finger, the translucence of fingertips, and the webbing
between fingers against stored data to verify users’ identities?
a. Hand geometry
b. Fingerprint
recognition
c. Vein analysis
d. Palm prints
ANSWER: a
RATIONALE: Correct. Hand geometry is a biometric security measure that compares the
length of each finger, the translucence of fingertips, and the webbing between
fingers against stored data to verify users’ identities. See 5-4: Security Measures
and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
Copyright Cengage Learning. Powered by Cognero. Page 30

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

REFERENCES Describe security and enforcement measures.

:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Biometric access systems
Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

51. Which is a nonbiometric security measure?

a. Electronic
trackers
b. Retinal scanning
c. Callback modems
d. Signature analysis
ANSWER: c
RATIONALE: Correct. The three main nonbiometric security measures are callback modems,
firewalls, and intrusion detection systems. A callback modem verifies whether a
user’s access is valid by logging the user off (after he or she attempts to connect
to the network) and then calling the user back at a predetermined number. See
5-4: Security Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

52. Which statement is true of application-filtering firewalls?

a. They are less secure than packet-filtering firewalls.
Copyright Cengage Learning. Powered by Cognero. Page 31

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

b. They filter viruses less effectively than packet-filtering firewalls.

c. They filter faster than packet-filtering firewalls.
d. They are more expensive than packet-filtering firewalls.
ANSWER: d
RATIONALE: Correct. Application-filtering firewalls are more expensive than packet-filtering
firewalls. They are generally more secure and flexible than packet-filtering
firewalls. See 5-4: Security Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

53. In the context of firewall as a nonbiometric security measure, a _____ is software that acts as an intermediary between
two systems.
a. logic bomb
b. callback modem
c. proxy server
d. block
multiplexer
ANSWER: c
RATIONALE: Correct. A proxy server is software that acts as an intermediary between two
systems-between network users and the Internet, for example. It is often used to
help protect a network against unauthorized access from outside the network by
hiding the network addresses of internal systems. See 5-4: Security Measures
and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
Copyright Cengage Learning. Powered by Cognero. Page 32

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

TOPICS: Security protection

KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

54. Which statement is true of firewalls?

a. They protect against external access, but they leave networks unprotected from
internal intrusions.
b. They can identify attack signatures, trace patterns, and generate alarms for a network
administrator.
c. They monitor network traffic and use the “prevent, detect, and react” approach to
security.
d. They cause routers to terminate connections with suspicious sources.
ANSWER: a
RATIONALE: Correct. Firewalls protect against external access, but they leave networks
unprotected from internal intrusions. An intrusion detection system can protect
against both external and internal access. See 5-4: Security Measures and
Enforcement: An Overview
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

55. _____ are usually placed in front of a firewall and can identify attack signatures, trace patterns, generate alarms for a
network administrator, and cause routers to terminate connections with suspicious sources.
a. Intrusion detection
systems
b. Proxy servers
c. Identification badges
d. Virtual private networks
ANSWER: a
RATIONALE: Correct. An intrusion detection system can protect against both external and
internal access. It is usually placed in front of a firewall and can identify attack
Copyright Cengage Learning. Powered by Cognero. Page 33

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

signatures, trace patterns, generate alarms for a network administrator, and

cause routers to terminate connections with suspicious sources. See 5-4:
Security Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

56. _____ primarily control access to computers and networks and include devices for securing computers and peripherals
from theft.
a. Nonbiometric security
measures
b. Virtual security measures
c. Biometric security measures
d. Physical security measures
ANSWER: d
RATIONALE: Correct. Physical security measures primarily control access to computers and
networks, and they include devices for securing computers and peripherals from
theft. See 5-4: Security Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:
Copyright Cengage Learning. Powered by Cognero. Page 34

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

57. As a physical security measure, _____.

a. electronic trackers are attached to a computer at the power
outlet
b. passwords are used to restrict access to computers
c. firewalls are used to filter data packets
d. a user’s signature is verified before granting accessibility
ANSWER: a
RATIONALE: Correct. As a physical security measure, electronic trackers are attached to a
computer at the power outlet. If the power cord is disconnected, a transmitter
sends a message to an alarm that goes off or to a camera that records what
happens. See 5-4: Security Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

58. _____ are an inexpensive way to secure a computer to a desktop or counter and often have locks as an additional
protection against theft.
a. Corner bolts
b. Identification
badges
c. Callback modems
d. Electronic trackers
ANSWER: a
RATIONALE: Correct. Corner bolts are an inexpensive way to secure a computer to a desktop
or counter. These often have locks as an additional protection against theft. See
5-4: Security Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
Copyright Cengage Learning. Powered by Cognero. Page 35

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

59. Which type of access control is used to protect systems from unauthorized access?
a. Electronic trackers
b. Passwords
c. Firewalls
d. Identification
badges
ANSWER: b
RATIONALE: Correct. Passwords are a type of access control. A password is a combination of
numbers, characters, and symbols that is entered to allow access to a system.
See 5-4: Security Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Access control systems
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

60. A(n) _____ network is often used so that remote users have a secure connection to an organization’s network.
a. biometric
security
b. intrusion detection
c. virtual private
d. terminal resource
ANSWER: c
RATIONALE: Correct. A virtual private network (VPN) provides a secure tunnel through the
Internet for transmitting messages and data via a private network. It is often
used so that remote users have a secure connection to an organization’s
Copyright Cengage Learning. Powered by Cognero. Page 36

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

network. See 5-4: Security Measures and Enforcement: An Overview

POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

61. Data sent through a virtual private network (VPN) can be encrypted using the _____.
a. User Datagram Protocol
b. Transmission Control Protocol
c. Internet Control Message
Protocol
d. Layer Two Tunneling Protocol
ANSWER: d
RATIONALE: Correct. Data is encrypted before it is sent through a VPN with a protocol, such
as Layer Two Tunneling Protocol or Internet Protocol Security. See 5-4:
Security Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

62. Which form of text needs to be unscrambled using a decryption key?

a. Plaintext
Copyright Cengage Learning. Powered by Cognero. Page 37

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

b. Cleartext
c. Teletext
d. Ciphertext
ANSWER: d
RATIONALE: Correct. Data encryption transforms data, called plaintext or cleartext, into a
scrambled form called ciphertext that cannot be read by others. The receiver
then unscrambles the data by using a decryption key. See 5-4: Security
Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

63. _____ is a commonly used encryption protocol that manages transmission security on the Internet.
a. Application Layer
b. Secure Sockets Layer
c. Transmission Control Protocol
d. User Datagram Protocol
ANSWER: b
RATIONALE: Correct. A commonly used encryption protocol is Secure Sockets Layer, which
manages transmission security on the Internet. See 5-4: Security Measures and
Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
Copyright Cengage Learning. Powered by Cognero. Page 38

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

DATE CREATE 6/6/2018 3:59 PM

D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

64. In data encryption, the https in a browser address bar indicates a safe HTTP connection over _____.
a. Secure Sockets Layer
b. Transport Layer Security
c. User Datagram Protocol
d. Transmission Control Protocol
ANSWER: a
RATIONALE: Correct. The https indicates a Secure HTTP connection over Secure Sockets
Layer (SSL). SSL is a commonly used encryption protocol, which manages
transmission security on the Internet. See 5-4: Security Measures and
Enforcement: An Overview
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

65. _____, a recent cryptographic protocol, ensures data security and integrity over public networks, such as the Internet.
a. Transport Layer Security
b. Terminal Resource Security
c. Transmission Control Security
d. User Datagram Security
ANSWER: a
RATIONALE: Correct. Transport Layer Security (TLS) is a recent cryptographic protocol,
which ensures data security and integrity over public networks, such as the
Internet. TLS encrypts the network segment used for performing transactions.
See 5-4: Security Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
Copyright Cengage Learning. Powered by Cognero. Page 39

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

66. _____ is a type of data encryption that enables users of the Internet to securely and privately exchange data through
the use of a pair of keys that is obtained from a trusted authority and shared through that authority.
a. A public key infrastructure
b. Open key encryption
c. Secret key encryption
d. A private key infrastructure
ANSWER: a
RATIONALE: Correct. A public key infrastructure (PKI) enables users of a public network
such as the Internet to securely and privately exchange data through the use of a
pair of keys-a public one and a private one-that is obtained from a trusted
authority and shared through that authority. See 5-4: Security Measures and
Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

67. _____ uses a public key known to everyone and a private key known only to the recipient.
a. Symmetric encryption
b. Asymmetric
encryption
c. Remote key encryption
d. Secret key encryption
Copyright Cengage Learning. Powered by Cognero. Page 40

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

ANSWER: b
RATIONALE: Correct. Asymmetric encryption uses two keys: a public key known to everyone
and a private or secret key known only to the recipient. This encryption usually
works better for public networks, such as the Internet. See 5-4: Security
Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

68. Which statement is true of asymmetric encryption?

a. It uses the same key to encrypt and decrypt a message.
b. It requires a large amount of processing power.
c. It can easily share a key over the Internet.
d. It needs the shared key to be a secret between the sender and the receiver.
ANSWER: b
RATIONALE: Correct. The main drawback of asymmetric encryption is that it is slower and
requires a large amount of processing power. Asymmetric encryption uses two
keys: a public key known to everyone and a private or secret key known only to
the recipient. See 5-4: Security Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
Copyright Cengage Learning. Powered by Cognero. Page 41

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

ED:

69. _____ is also known as secret key encryption.

a. Symmetric encryption
b. Auto key generation
c. Public key
cryptography
d. Message authentication
ANSWER: a
RATIONALE: Correct. Symmetric encryption is also known as secret key encryption. In this,
the sender and receiver must agree on a key and keep it secret. See 5-4: Security
Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

70. Which statement is true of symmetric encryption?

a. It uses two different keys to encrypt and decrypt a message.
b. It requires more processing power than asymmetric encryption.
c. It is difficult to share a key over the Internet in symmetric encryption.
d. It is impossible to create digital signatures using symmetric
encryption.
ANSWER: c
RATIONALE: Correct. In symmetric encryption, the same key is used to encrypt and decrypt
the message. The problem with symmetric encryption is that sharing the key
over the Internet is difficult. See 5-4: Security Measures and Enforcement: An
Overview
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
Copyright Cengage Learning. Powered by Cognero. Page 42

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

71. In the context of e-commerce transaction security measures, authentication is a critical factor because it ensures that:
a. a system quickly recovers in the event of a system failure or disaster.
b. the person using a credit card number is the card’s legitimate owner.
c. the accuracy of information resources within an organization is maintained.
d. a system can easily be restored to operational status.
ANSWER: b
RATIONALE: Correct. Authentication is important because the person using a credit card
number in an online transaction is not necessarily the card’s legitimate owner,
for example. Two factors are important: what the receiver knows to be accurate
and what the sender is providing. See 5-4: Security Measures and Enforcement:
An Overview
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

72. The main function of Cyber Incident Response Capability (CIRC) is to _____.
a. provide level 1 security
b. restrict access controls to unauthorized
personnel
c. provide information on security incidents
d. create backdoors to bypass security protocols
ANSWER: c
RATIONALE: Correct. CIRC’s main function is to provide information on security incidents,
including information systems’ vulnerabilities, viruses, and malicious programs.
Copyright Cengage Learning. Powered by Cognero. Page 43

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

CIRC also provides awareness training, analysis of threats and vulnerabilities,

and other services. See 5-4: Security Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Understand
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

73. _____ outlines procedures for keeping an organization operational in the event of a natural disaster or a network attack
or intrusion.
a. An access control system
b. Business continuity planning
c. An intrusion detection
system
d. Terminal resource security
ANSWER: b
RATIONALE: Correct. To lessen the effects of a natural disaster or a network attack or
intrusion, planning the recovery is important. This includes business continuity
planning, which outlines procedures for keeping an organization operational.
See 5-5: Guidelines for a Comprehensive Security System
POINTS: 1
DIFFICULTY: Easy
REFERENCES Summarize the guidelines for a comprehensive security system,
: including business continuity planning.
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.05
JECTIVES:
TOPICS: Business continuity planning
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:
Copyright Cengage Learning. Powered by Cognero. Page 44

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

74. In the event of a network attack or intrusion, a _____ lists the tasks that must be performed by the organization to
restore damaged data and equipment.
a. risk assessment plan
b. systems engineering
plan
c. disaster recovery plan
d. security compliance plan
ANSWER: c
RATIONALE: Correct. A disaster recovery plan lists the tasks that must be performed to
restore damaged data and equipment as well as steps to prepare for disaster. To
lessen the effects of a natural disaster or a network attack or intrusion, planning
the recovery is important. See 5-5: Guidelines for a Comprehensive Security
System
POINTS: 1
DIFFICULTY: Easy
REFERENCES Summarize the guidelines for a comprehensive security system,
: including business continuity planning.
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.05
JECTIVES:
TOPICS: Business continuity planning
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

75. _____ is an example of antispyware software.

a. STOPzilla
b. AndroZip
c. Tumblr
d. Dogpile
ANSWER: a
RATIONALE: STOPzilla is an example of antispyware software. To protect against spyware,
you should install antivirus software that also checks for spyware or you should
install antispyware software. See 5-1: Risks Associated with Information
Technologies
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe information technologies that could be used in computer
: crimes.
QUESTION TY Multiple Choice
PE:
Copyright Cengage Learning. Powered by Cognero. Page 45

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

HAS VARIABL False

ES:
LEARNING OB MIS9.BIDG.19.05.01
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

76. _____ is a form of spyware that collects information about a user (without the user’s consent) to determine which
commercials to display in the user’s Web browser.
a. Firmware
b. Silverwar
e
c. Freeware
d. Adware
ANSWER: d
RATIONALE: Adware is a form of spyware that collects information about a user (without the
user’s consent) to determine which advertisements to display in the user’s Web
browser. In addition to antivirus software, an ad-blocking feature should be
installed in your Web browser to protect against adware. See 5-1: Risks
Associated with Information Technologies
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe information technologies that could be used in computer
: crimes.
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.01
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:19 PM
ED:

77. _____ monitor and record the keys pressed on a keyboard and can be software or hardware devices.
a. Keystroke loggers
b. Key chain planners
c. Key punchers
d. Key performers
ANSWER: a
Copyright Cengage Learning. Powered by Cognero. Page 46

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

RATIONALE: Keystroke loggers monitor and record keystrokes and can be software or
hardware devices. Sometimes, companies use these devices to track employees’
use of e-mail and the Internet, and this use is legal. See 5-1: Risks Associated
with Information Technologies
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe information technologies that could be used in computer
: crimes.
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.01
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

78. _____ is an attempt to gain access to a network by posing as an authorized user in order to find sensitive information,
such as passwords and credit card information.
a. Phishing
b. Keystroke
logging
c. Spoofing
d. Pharming
ANSWER: c
RATIONALE: Spoofing is an attempt to gain access to a network by posing as an authorized
user in order to find sensitive information, such as passwords and credit card
information. Spoofing also happens when an illegitimate program poses as a
legitimate one. See 5-1: Risks Associated with Information Technologies
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe information technologies that could be used in computer
: crimes.
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.01
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
Copyright Cengage Learning. Powered by Cognero. Page 47

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

DATE MODIFI 7/23/2018 1:19 PM

ED:

79. _____ is the unauthorized use of system data for personal gain, such as transferring money from another’s account or
charging purchases to someone else’s account.
a. Computer fraud
b. Denial-of-service
c. Keystroke logging
d. Social
engineering
ANSWER: a
RATIONALE: Computer fraud is the unauthorized use of computer data for personal gain,
such as transferring money from another’s account or charging purchases to
someone else’s account. See 5-1: Risks Associated with Information
Technologies
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe information technologies that could be used in computer
: crimes.
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.01
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

80. When planning a comprehensive security system, the first step is designing _____, which use a combination of
hardware and software for improving reliability, a way of ensuring availability in case of a system failure.
a. database-resilient systems
b. vulnerability-evade
systems
c. primary-defense systems
d. fault-tolerant systems
ANSWER: d
RATIONALE: When planning a comprehensive security system, the first step is designing
fault-tolerant systems, which use a combination of hardware and software for
improving reliability, a way of ensuring availability in case of a system failure.
See 5-2: Computer and Network Security: Basic Safeguards
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe basic safeguards in computer and network security.
Copyright Cengage Learning. Powered by Cognero. Page 48

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.02
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:20 PM
ED:

81. A _____ consists of self-propagating program code that is triggered by a specified time or event.
a. virus
b. mirror disk
c. cable shield
d. backdoor
ANSWER: a
RATIONALE: A virus consists of self-propagating program code that is triggered by a
specified time or event. See 5-3: Security Threats: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES: Explain the major security threats.

QUESTION TY Multiple Choice

PE:
HAS VARIABLE False
S:
LEARNING OB MIS9.BIDG.19.05.03
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFIE 7/23/2018 1:08 PM
D:

82. Code Red, Melissa, and Sasser are examples of _____.

a. corner bolts
b. firewalls
c. cable
shields
d. worms
ANSWER: d
Copyright Cengage Learning. Powered by Cognero. Page 49

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

RATIONALE: Worms are independent programs that can spread themselves without having to
be attached to a host program. Code Red, Melissa, and Sasser are examples of
worms. See 5-3: Security Threats: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Explain the major security threats.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.03
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:21 PM
ED:

83. A(n) _____contains code intended to disrupt a computer, network, or Web site and is usually hidden inside a popular
program.
a. Trojan program
b. PageRank
c. exit application
d. withdrawal
suite
ANSWER: a
RATIONALE: A Trojan program contains code intended to disrupt a computer, network, or
Web site, and it is usually hidden inside a popular program. Users run the
popular program, unaware that the malicious program is also running in the
background. See 5-3: Security Threats: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Explain the major security threats.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.03
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
Copyright Cengage Learning. Powered by Cognero. Page 50

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

ED:

84. A _____ is a security threat that may launch a worm through a Trojan horse or launch a denial-of-service attack at a
targeted IP address.
a. router threat
b. magnetic
threat
c. signal threat
d. blended threat
ANSWER: d
RATIONALE: A blended threat is a security threat that combines the characteristics of
computer viruses, worms, and other malicious codes with vulnerabilities found
on public and private networks. It may launch a worm through a Trojan horse or
launch a denial-of-service attack at a targeted IP address. See 5-3: Security
Threats: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Explain the major security threats.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.03
JECTIVES:
TOPICS: Security risks and threats
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:22 PM
ED:

85. _____, a biometric security measure, translates words into digital patterns, which are recorded and examined for tone
and pitch.
a. Voice recognition
b. Audio manipulation
c. Word exhibition
d. Keyword identification
ANSWER: a
RATIONALE: Voice recognition is a biometric security measure that translates words into
digital patterns, which are recorded and examined for tone and pitch. See 5-4:
Security Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
Copyright Cengage Learning. Powered by Cognero. Page 51

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Biometric access systems
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

86. A(n) _____ is a combination of hardware and software that acts as a filter or barrier between a private network and
external computers or networks.
a. intrusion detection
sysem
b. rootkit
c. firewall
d. electronic tracker
ANSWER: c
RATIONALE: A firewall is a combination of hardware and software that acts as a filter or
barrier between a private network and external computers or networks,
including the Internet. A network administrator defines rules for access, and all
other data transmissions are blocked. See 5-4: Security Measures and
Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Security protection
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:22 PM
ED:

87. _____ is a method of access control that prevents unauthorized users from using an unattended computer to access the
network and data.
a. Terminal resource security
b. Distance-vector routing
c. Direct digital synthesis
Copyright Cengage Learning. Powered by Cognero. Page 52

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

d. Link-state routing
ANSWER: a
RATIONALE: Terminal resource security is a software feature that erases the screen and signs
the user off automatically after a specified length of inactivity. This method of
access control prevents unauthorized users from using an unattended computer
to access the network and data. See 5-4: Security Measures and Enforcement:
An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Access control systems
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

88. _____ is one of the most popular password managers.

a. CounterSp
y
b. STOPzilla
c. Dashlane
d. FilePro
ANSWER: c
RATIONALE: Dashlane is an example of a password manager. Most password managers assist
you as they recognize the phishing sites even if the domain names appear to be
identical to your bank or an organization with whom you usually communicate.
See 5-4: Security Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Access control systems
KEYWORDS: Remember
Copyright Cengage Learning. Powered by Cognero. Page 53

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)

 lOMoARcPSD|31833643

Chapter 5 - Protecting Information Resources

DATE CREATE 6/6/2018 3:59 PM

D:
DATE MODIFI 7/23/2018 1:23 PM
ED:

89. _____ is used to encrypt the data sent through a virtual private network (VPN).
a. User Datagram Protocol
b. Transmission Control Protocol
c. Transport Layer Security
d. Internet Protocol Security
ANSWER: d
RATIONALE: Data is encrypted before it is sent through a VPN with a protocol, such as Layer
Two Tunneling Protocol or Internet Protocol Security. See 5-4: Security
Measures and Enforcement: An Overview
POINTS: 1
DIFFICULTY: Easy
REFERENCES Describe security and enforcement measures.
:
QUESTION TY Multiple Choice
PE:
HAS VARIABL False
ES:
LEARNING OB MIS9.BIDG.19.05.04
JECTIVES:
TOPICS: Access control systems
KEYWORDS: Remember
DATE CREATE 6/6/2018 3:59 PM
D:
DATE MODIFI 7/23/2018 1:08 PM
ED:

Essay

90. Briefly explain the McCumber cube.

ANSWER: Answers will vary. The Committee on National Security Systems proposed a
model called the McCumber cube. John McCumber created this framework for
evaluating information security. Represented as a three-dimensional cube, it
defines nine characteristics of information security. The McCumber cube is
more specific than the CIA triangle and helps designers of security systems
consider many crucial issues for improving the effectiveness of security
measures.
POINTS: 1
DIFFICULTY: Moderate
REFERENCES Describe basic safeguards in computer and network security.
:
QUESTION TY Essay
PE:

Copyright Cengage Learning. Powered by Cognero. Page 54

Downloaded by Mahra AlQubaisi (am.alqubaisi26@gmail.com)