ISYS 363 Ch. 10 Flashcards
A person who breaks into a politician’s website with plans to deface photos and add disturbing text is called a ____________________.
smacker
black hat
hacktivist
red hat
cracktivist
hacktivist
People who break into computer systems out of curiosity or to test security measures are often called ________.
hacktivists
white hats
cracktivists
smackers
black hats
white hats
Many popular movies today portray individuals who steal trade secrets to gain advantages over competitors. This activity is called __________________.
hacktivism
blackmail
technological surveillance
operational espionage
industrial espionage
industrial espionage
One troubling method computer criminals use to steal your passwords is called _________________, which involves collecting every keystroke.
keyboard capture
photo capturing
key recording
brute-force
keylogging
keylogging
A type of malware that appears to be a legitimate program but actually carries a destructive program is called a _____________.
Trojan horse
virus
super worm
worm
superbug
Trojan horse
Which of the following is a type of malware that holds a computer hostage by locking the computer or encrypting the computer’s files?
Ransomware
Trojan horse
Kidnapper
Time bomb
Virus
Ransomware
Which of the following is a type of attack that could prevent the users of a website from being able to use the website?
Spyware
Spam
Adware
Denial of service
Cookies
Denial of service
About 85% of all e-mail spam is sent by one of six major __________, which are destructive software robots working together on a collection of zombie computers.
spy rings
spear phishers
botnets
zombie webs
bot webs
botnets
Which of the following is the stealing of another person’s private information with the intention of executing financial transactions using the victim’s accounts?
Captcha
Botnet
Identity theft
Spyware
Spam
Identity theft
Which of the following is NOT a form of cyberstalking?
Posting incriminating pictures of the victim on social networking sites
Making false accusations that damage the reputation of the victim on blogs, Web sites, chat rooms, or e-commerce sites
Gaining information on a victim by monitoring online activities, accessing databases, and so on
Using LinkedIn to find out where an acquaintance is employed
Encouraging others to harass a victim by posting personal information about the victim on Web sites, chat rooms, or social networking sites
Using LinkedIn to find out where an acquaintance is employed
The illegal practice of using proprietary software that you have not paid for is called _______________, and it costs the software industry billions of dollars a year.
software piracy
software stealing
cyberharrassment
cybersquatting
software plundering
software piracy
Which of the following prevents an individual from including a favorite song without permission in a commercial business presentation?
Copyright laws
Patent protection
Hacking concerns
Federal customs laws
Computer fraud fears
Copyright laws
One part of an organization’s security measures involves ensuring that unauthorized manipulations of data and systems (that may compromise accuracy, completeness, or reliability) are prevented. This is referred to as ________________.
confidentiality
availability
accountability
privacy
integrity
integrity
One important security measure necessary for an organization to create a digital audit trail by ensuring that all actions can be traced is referred to as ________________.
integrity
confidentiality
availability
auditability
accountability
accountability
When an organization provides its employees with policies stating, for instance, whether employees have permission to use Facebook during the day, the organization is providing its _____________ policies.
technology
privacy
acceptable use
copyright
information systems
acceptable use
Which of the following statements is NOT true about cyberwar and cyberterrorism?
Damages from a major attack could cost billions of dollars and endanger many citizens.
Energy and transportation systems are extremely vulnerable.
A major attack could cripple a country’s economic system.
Most experts believe cyberwar and cyberterrorism are imminent threats to the United States.
The prospects for a significant attack are considered very low.
The prospects for a significant attack are considered very low.
Which of the following is the ultimate goal of cyberwar?
Denial of service
Intimidation
Web vandalism
Distribute propaganda
Gain an information advantage over an opponent in order to diminish various capabilities
Gain an information advantage over an opponent in order to diminish various capabilities
Terrorists are using the Internet extensively to distribute propaganda to current and potential supporters, to influence international public opinion, and to notify potential enemies of pending plans. This is an example of ______________.
recruiting
training
information dissemination
networking
data mining
information dissemination
The precautions taken to keep all aspects of information systems (e.g., all hardware, software, network equipment, and data) safe from destruction, manipulation, or unauthorized use or access, while providing the intended functionality to legitimate users are collectively referred to as __________________.
information systems security
information systems countermeasures
cybermeasures
information systems protections
reverse engineering
information systems security
If you were advising an organization about what to include in its information system security process, which of the following would you NOT include?
Assess risks.
Monitor security.
Develop a security strategy.
Implement controls and training.
Once developed, the plan need not be changed.
Once developed, the plan need not be changed.
Undesirable events that can cause harm, arising from agents internal or external to an organization, are called ________.
risks
threats
impacts
vulnerabilities
controls
threats
An organization that implements no information system countermeasures and decides to absorb any damages which are incurred has implemented a risk ________ strategy.
reduction
transference
acceptance
avoidance
mitigation
acceptance
Limiting users’ access to just the systems, data, or resources that are needed to perform their duties and restricting access to other resources is accomplished by implementing the principles of ________.
user restraints
least permissions and least privileges
least permissions and maximum access
limited scope and access
restricted access
least permissions and least privileges
Issues that should be included in an organization’s disaster recovery plan include all of the following EXCEPT:
identify the hardware and software that is needed to recover from a disaster.
define the chain of command.
identify which events are considered disasters.
identify the people that will be needed and their roles during the recovery.
plan only for events with a high likelihood of occurring.
plan only for events with a high likelihood of occurring.
An ________ can help organizations assess the state of their IS controls to determine necessary changes and to help ensure the information systems’ availability, confidentiality, and integrity.
information systems protocol
information systems pact
information systems audit
information systems contract
information systems standard
information systems audit
a backup facility consisting of an empty warehouse with all the necessary connections for power and communications but nothing else
cold backup site
a fully equipped backup facility, having everything from hardware, software, and current data to office equipment
hot backup site
