Chapter 8

Question 1

) attack uses numerous computers to inundate
and overwhelm the network from numerous launch points.

Answer 1

DDOS attack

Question 2

redirects users to a bogus Web page, even when the individual
types the correct Web page address into his or her browser.

Answer 2

Pharming

Question 3

uses systems that read and interpret individual
human traits, such as fingerprints, irises, and voices, in order to grant or deny
access.

Answer 3

Biometric Authentication

Question 4

the sender and
receiver establish a secure Internet session by creating a single encryption key
and sending it to the receiver so both the sender and receiver share the same
key

Answer 4

Symmetric Encryption

Question 5

is a rogue software program that attaches itself to other software
programs or data files in order to be executed, usually without user knowledge
or permission

Answer 5

computer
virus

Question 6

refers to the policies, procedure, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.

Answer 6

Security

Question 7

focuses on how the company can restore business operations after a disaster strikes.

plan identifies
critical business processes and determines action plans for handling mission-critical functions if systems go down.

Answer 7

Business Continuity Planning

Question 8

also may involve redirecting a Web link to an address different from the
intended one, with the site masquerading as the intended destinati

Answer 8

Spoofing

Question 9

t determines the level of risk to the firm if a specific activity or process is not properly controlled. Not all risks can be anticipated and
measured, but most businesses will be able to acquire some understanding of
the risks they face.

Answer 9

Risk Assessment

Question 10

is a physical
device, similar to an identification card, that is designed to prove the identity
of a single user.

Answer 10

Token

Question 11

are data files used to establish the identity of users and electronic assets for protection of online transactions

Answer 11

Digital Certificate

Question 12

refers to the ability to know that a person is who he or she claims to be.

Answer 12

Authentication

Question 13

The initial security standard developed for Wi-Fi

Answer 13

Wired equivalent privacy

Question 14

check data for accuracy and completeness when they enter
the system. There are specific input controls for input authorization, data
conversion, data editing, and error handling

Answer 14

Input controls

Question 15

contain redundant hardware, software,
and power supply components that create an environment that provides
continuous, uninterrupted service.

use special software routines or self-checking logic built into their circuitry to detect hardware
failures and automatically switch to a backup device.

Answer 15

Fault tolerant computer system

Question 16

• are the largest malware threat
• take advantage of vulnerabilities in poorly coded Web application software to introduce malicious program code into a company’s systems
  and networks.

Answer 16

SQL Injection Attack

Question 17

enable client and server computers to manage encryption and decryption
activities as they communicate with each other during a secure Web session

Answer 17

Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS)

Question 18

outlines medical security and privacy rules and procedures for
simplifying the administration of health care billing and automating the
transfer of health care data between health care providers, payers, and plans

Answer 18

Health Isurance portability and accountability act of 1996

Question 19

examines the firm’s overall security
environment as well as controls governing individual information systems.

Answer 19

MIS Audit

Question 20

in which eavesdroppers drive by buildings or park outside and try to intercept
wireless network traffic.

Answer 20

War Driving

Question 21

govern the
design, security, and use of computer programs and the security of data files in
general throughout the organization’s information technology infrastructure.

Answer 21

General Control

Question 22

To correct software flaws once they are identified, the software vendor
creates small pieces of software

Answer 22

Patch

Question 23

the intentional disruption, defacement, or even destruction of a Web site or
corporate information system

Answer 23

Cybervandalism

Question 24

When errors are discovered, the source is found
and eliminated through a process

Answer 24

Debugging

Question 25

Types of General control

Answer 25

1. Hardware Control
2. Software Control
3. Computer operation Control
4. Data security control
5. Implementation control
6. Administrative control

Question 26

helps firms recover quickly from a
system crash, whereas fault tolerance promises continuous availability and the
elimination of recovery time altogether.

Answer 26

High Availability computing

Question 27

, hackers flood a network server or Web
server with many thousands of false communications or requests for services to
crash the network

Answer 27

DOS attack

Question 28

are methods, policies, and organizational
procedures that ensure the safety of the organization’s assets; the accuracy and
reliability of its records; and operational adherence to management standards.

Answer 28

Controls

Question 29

provides additional security by determining whether
packets are part of an ongoing dialogue between a sender and a receiver. It sets
up state tables to track information over multiple packets

Answer 29

Stateful Inspection

Question 30

examines data files and sorts out low-priority online material
while assigning higher priority to business-critical files.

Answer 30

Deep packet inspection

Question 31

gain unauthorized access by finding weaknesses in the security protections employed by
Web sites and computer systems, often taking advantage of various features of
the Internet that make it an open system that is easy to use.

Answer 31

Hacker and cracker

Question 32

are wireless networks that pretend to offer trustworthy Wi-Fi
connections to the Internet, such as those in airport lounges, hotels, or coffee
shops.

Answer 32

Evil Twins

Question 33

is a crime in which an imposter
obtains key pieces of personal information, such as social security identification
numbers, driver’s license numbers, or credit card numbers, to impersonate
someone else

Answer 33

Identity Theft

Question 34

) can provide another layer of protection
when static packet filtering and stateful inspection are employed

Answer 34

Network Address Translation

Question 35

It imposes
responsibility on companies and their management to safeguard the accuracy and integrity of financial information that is used internally and
released externally

y is fundamentally about ensuring that internal controls are in
place to govern the creation and documentation of information in financial statements

Answer 35

Sarbanes oxley act or Public company accounting reform and investor protection act of 2002

Question 36

examines the application content of packets.

Answer 36

Application proxy filtering

Question 37

feature
full-time monitoring tools placed at the most vulnerable points or “hot spots” of
corporate networks to detect and deter intruders continually

Answer 37

Intrusion detection Systems

Question 38

establish that
data are complete and accurate during updating.

Answer 38

Processing controls

Question 39

to make virus distribution and hacker attacks that disable Web sites federal crimes.

Answer 39

National information infrastructure protection act in 1996

Question 40

looks for patterns indicative of known methods of computer attacks, such as
bad passwords, checks to see if important files have been removed or modified,
and sends warnings of vandalism or system administration errors.

Answer 40

Scanning software`

Question 41

Types of Authentication Technology

Answer 41

Token, Smart Card, and Biometric Authentication

Question 42

A more secured form of encryption is called

Answer 42

Public key encryption

Question 43

consists of statements ranking information risks, identifying acceptable
security goals, and identifying the mechanisms for achieving these goals.

Answer 43

Security Policy

Question 44

ensure that the results of computer processing are accurate, complete, and properly
distributed.

Answer 44

Output Controls

Question 45

is a software program that appears to be benign but then
does something other than expected

Answer 45

Trojan Horse

Question 46

is an individual who intends to gain unauthorized access to a computer system.

Answer 46

Hacker

Question 47

consists of business processes and software tools for identifying
the valid users of a system and controlling their access to system resources

Answer 47

Identity Management

Question 48

is a type of eavesdropping program that monitors information
traveling over a network.

Answer 48

Sniffer

Question 49

is designed to
check computer systems and drives for the presence of computer viruses.

Answer 49

Antivirus software

Question 50

These small programs
install themselves surreptitiously on computers to monitor user Web surfing
activity and serve up advertising.

Answer 50

Spyware

Question 51

is another protocol used for
encrypting data flowing over the Internet, but it is limited to individual
messages

Answer 51

Secure Hypertext transfer Protocol

Question 52

Are referred to as malware and include variety of threats, such as computer viruses, worms, and trojan hoarses

Answer 52

malicious software

Question 53

which are independent
computer programs that copy themselves from one computer to other computers over a network.

Answer 53

Worms

Question 54

It is up to users of the
software to track these vulnerabilities, test, and apply all patches

Answer 54

Patch Management

Question 55

is typically used
to denote a hacker with criminal intent, although in the public press, the terms
hacker and cracker are used interchangeably

Answer 55

Cracker

Question 56

infecting other people’s computers
with bot malware that opens a back door through which an attacker can give
instructions.

Answer 56

Botnet

Question 57

examines events as they are happening to discover security attacks in
progress.

Answer 57

Monitoring software

Question 58

are often spread over the Internet from files of downloaded software, from files attached to e-mail transmissions, or from
compromised e-mail messages or instant messaging

Answer 58

Worms and Viruses

Question 59

This act
requires financial institutions to ensure the security and confidentiality of
customer data. Data must be stored on a secure medium, and special security
measures must be enforced to protect such data on storage media and during
transmittal.

Answer 59

Financial service modernization act of 1999 or Gramm-Leach-blibey act

Question 60

any violations of criminal law
that involve a knowledge of computer technology for their perpetration, investigation, or prosecution.”

Answer 60

Computer Crime

Question 61

n is the process of
transforming plain text or data into cipher text that cannot be read by anyone
other than the sender and the intended receiver.

Answer 61

Encryption

Question 62

record every keystroke made on a computer to steal serial numbers for software, to launch Internet attacks, to gain access to
e-mail accounts, to obtain passwords to protected computer systems, or to pick
up personal information such as credit card numbers

Answer 62

keyloggers

Question 63

devises plans for the restoration of computing and communications services after they
have been disrupted.

focus primarily on the technical
issues involved in keeping systems up and running, such as which files to back
up and the maintenance of backup computer systems

Answer 63

Disaster recovery planning

Question 64

are specific controls unique to each computerized
application, such as payroll or order processing. They include both automated
and manual procedures that ensure that only authorized data are completely
and accurately processed by that application.

Answer 64

Application Control

Question 65

Researchers are exploring ways to make computing systems recover even
more rapidly when mishaps occur, an approach called

Answer 65

Recovery oriented computing

Question 66

examines selected fields in the headers of data packets flowing
back and forth between the trusted network and the Internet, examining individual packets in isolation. T

Answer 66

Packet Filtering

Question 67

—a review of a specification or design document by a small group
of people carefully selected based on the skills needed for the particular objectives being tested

Answer 67

Walkthrough

Question 68

is a device about the
size of a credit card that contains a chip formatted with access permission and
other data

Answer 68

Smart Card

Question 69

Program code defect

Answer 69

bugs

Question 70

The largest botnet attack in 2010 which started in Spain and spread across the world.

Answer 70

mariposa botnet

Question 71

is the
scientific collection, examination, authentication, preservation, and analysis of
data held on or retrieved from computer storage media in such a way that the
information can be used as evidence in a court of law. It deals with the following
problems:
* Recovering data from computers while preserving evidential integrity
* Securely storing and handling recovered electronic data
* Finding significant information in a large volume of electronic data
* Presenting the information to a court of law

Answer 71

Computer Forensic

Question 72

occurs when an individual or computer program fraudulently clicks on an online ad without any intention of learning more about the
advertiser or making a purchase.

Answer 72

Click Fraud

Question 73

Malicious intruders seeking system access sometimes trick employees
into revealing their passwords by pretending to be legitimate members of the
company in need of information

Answer 73

Social Engineering

Question 74

the use of public key cryptography working with a CA, is now widely used in e-commerce

Answer 74

Public key Infrastructure

Question 75

transactions entered online are immediately processed by the computer

Answer 75

Online transaction processing

Question 76

defines acceptable uses of
the firm’s information resources and computing equipment, including desktop
and laptop computers, wireless devices, telephones, and the Internet

Answer 76

Acceptable Use Policy

Question 77

monitor network activity and perform vulnerability
testing and intrusion detection.

Answer 77

Managed Security service provider

Question 78

Identifying the access points in a WiFi network are broadcast multiple times and can be picked up fairly easily by intruders’ sniffer program.

Answer 78

Service Set Indentifier

Question 79

comprehensive security management
products To help businesses reduce costs and improve manageability, security vendors
have combined into a single appliance various security tools

Answer 79

Unified threat management

Question 80

The U.S. Congress addressed the threat of computer crime in 1986 with the

Answer 80

Computer fraud and abuse act of 1986

Question 81

prevent unauthorized users from accessing private networks.

is a combination of hardware and software that controls the flow of
incoming and outgoing network traffic.

Answer 81

Firewall

Question 82

The ______________ may be
relatively benign, such as the instructions to display a message or image, or it
may be highly destructive—destroying programs or data, clogging computer
memory, reformatting a computer’s hard drive, or causing programs to run
improperly

Answer 82

Payload

Question 83

involves setting up fake Web sites or sending e-mail or text messages that look
like those of legitimate businesses to ask users for confidential personal data.

Answer 83

Phishing