IS3230 CHAPTER 7

Question 1

An employee who is angry or dissatisfied, usually with some aspect of their employment is called ___.

Answer 1

DISGRUNTLED EMPLOYEE

Question 2

The sum of qualities and traits shared by all humans is called ___.

Answer 2

HUMAN NATURE

Question 3

The practice of dividing essential steps of a task between multiple individuals is called ___.

Answer 3

SEPARATION OF DUTIES

Question 4

Any system or network that contains valuable data and has attracted the notice of the hacker is called ___.

Answer 4

TARGET

Question 5

The concept that there must be two authorized individuals available to approve any sensitive activity is called ___.

Answer 5

TWO-PERSON CONTROL

Question 6

1. Generally, hackers are motivated by ___ and ___.

Answer 6

STATUS AND WEALTH

Question 7

2. A target is a system or network that contains valuable data, and has attracted the notice of the hacker.
   TRUE OR FALSE

Answer 7

TRUE

Question 8

3. A typical social engineering strategy involves which of the following?
4. Assumed identity
5. Believability
6. Multiple contacts
7. Requests for information
8. 1 and 2 only
9. All the above

Answer 8

Assumed identity
Believability
Multiple contacts
Requests for information

Question 9

4. What element of human nature does a social engineer exploit?
5. Fear
6. Ambition
7. Trust
8. Desire for status
9. Greed

Answer 9

Trust

Question 10

5. An employer can obtain an applicant’s driving records as part of a pre-employment background check.
   TRUE OR FALSE

Answer 10

TRUE

Question 11

6. An employer can obtain an applicant’s medical history and credit reports without special consent of the applicant.
   TRUE OR FALSE

Answer 11

FALSE

Question 12

7. Passive-aggressive behavior can be an indicator of a ___ employee.

Answer 12

Disgruntled employee

Question 13

8. Prior to or during an employee termination meeting, which of the following should be locked or changed?
9. The employee’s workstation and network accounts
10. The employee’s email account(s)
11. Passwords for online accounts accessible to the employee
12. The employee’s accounts on databases and file servers
13. All the above

Answer 13

1. The employee’s workstation and network accounts
2. The employee’s email account(s)
3. Passwords for online accounts accessible to the employee
4. The employee’s accounts on databases and file servers

ALL THE ABOVE

Question 14

9. Two-way communication is critical to the organizational structure model of access control.
   TRUE OR FALSE

Answer 14

TRUE

Question 15

10. Which of the following can help uncover dishonesty, such as fraud or theft, in the workplace? (Select two)
11. Mandatory vacation
12. Pre-employment checks
13. Job rotation
14. Ethics training
15. All the above

Answer 15

Mandatory vacation

Job rotation

Question 16

11. ___ is designed to eliminate the opportunity for theft, fraud, or other harmful activity.

Answer 16

Two person control

Question 17

12. Access owners are responsible for maintaining a list of authorized users.
    TRUE OR FALSE

Answer 17

TRUE

Question 18

13. Informing employees of security and acceptable use policies during orientation is sufficient training.
    TRUE OR FALSE

Answer 18

FALSE

Question 19

14. Human resources should be an integral part of enforcing security policy.
    TRUE OR FALSE

Answer 19

TRUE