Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

BCIS 3610 - Basic Info System > Using MIS Chapter 12 > Flashcards

Using MIS Chapter 12 Flashcards

1
Q

Advanced Persistent Threat (APT)

A

A sophisticated, possibly long-running, computer hack that is perpetrated by large, well-funded organizations like governments. APTs are a means to engage in cyberwarfare.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Adware

A

Programs installed on the user’s computer without the user’s knowledge or permission that reside in the background and, unknown to the user, observe the user’s actions and keystrokes, modify computer activity, and report the user’s activities to sponsoring organizations. Most Adware is benign in that it does not perform malicious acts or steal data. It does, however, watch user activity and produce pop-up ads.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Asymmetric Encryption

A

An encryption method whereby different keys are used to encode and to decode the message; one key encodes the message, and the other key decodes the message. Asymmetric encryption is slower and more complicated than symmetric encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Authentication

A

The process whereby an information system verifies (validates) a user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Biometric Authentication

A

The use of personal physical characteristics, such as fingerprints, facial features, and retinal scans, to authenticate users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Brute Force Attack

A

A password-cracking program that tries every possible combination of characters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cookies

A

A small file that is stored on the user’s computer by a browser. Cookies can be used for authentication, for storing shopping cart contents and user preferences, and for other legitimate purposes. Cookies can also be used to implement spyware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data Administration

A

An organization-wide function that develops and enforces data policies and standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Data Safeguards

A

Measures used to protect databases and other data assets from threats. Includes data rights and responsibilities, encryptions, backup and recovery, and physical security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Database Administration

A

A person or department that develops procedures and practices to ensure efficient and orderly multiuser processing of the database, to control changes to database structure, and to protect the database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Denial of Service (DOS)

A

Security problem in which users are not able to access an information system; can be caused by human errors, natural disaster, or malicious activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Drive-by-Sniffer

A

A person who takes a computer with a wireless connection through an area and searches for unprotected wireless networks in an attempt to gain free Internet access or to gather unauthorized data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Email Spoofing

A

A synonym for ‘phishing’. A technique for obtaining unauthorized data that uses pretexting via email. The phisher pretends to be a legitimate company and sends email requests for confidential data, such as account numbers, Social Security numbers, account passwords, and so forth. Phishers direct traffic to their sites under the guise of a legitimate business.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Encryption

A

The process of transforming clear text into coded, unintelligible text for secure storage or communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Encryption Algorithms

A

Algorithms used to transform clear text into coded, unintelligible text for secure storage or communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

FIDO

A

Fast Identity OnLine. A set of open standards and protocols under development as an alternative to password authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Firewall

A

Computing devices located between public and private networks that prevent unauthorized access to or from the internal network. A firewall can be a special purpose computer or it can be a program on a general-purpose computer or on a router.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Gramm-Leach-Bliley (GLB) Act

A

Passed by Congress in 1999, this act protects consumer financial data stored by financial institutions, which are defined as banks, securities firms, insurance companies, and organizations that provide financial advice, prepare tax returns, and provide similar financial services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Hacking

A

A form of computer crime in which a person gains unauthorized access to a computer system. Although some people hack for the sheer joy of doing it, other hackers invade systems for the malicious purpose of stealing or modifying data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Hardening

A

A term used to describe server operating systems that have been modified to make them especially difficult for them to be infiltrated by malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Health Insurance Portability and Accountability (HIPAA)

A

The privacy provisions of this 1996 act give individuals the right to access health data created by doctors and other health-care providers. HIPAA also sets rules and limits on who can read and receive a person’s health information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Honeypots

A

False targets for computer criminals to attack. To an intruder, a honeypot looks like a particularly valuable resource, such as an unprotected Web site, but in actuality the only site content is a program that determines the attacker’s IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

https

A

An indication that a Web browser is using the SSL/TLS protocol to provide secure communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Human Safeguards

A

Steps taken to protect against security threats by establishing appropriate procedures for users to following during system use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Identification

A

The process whereby an information system identifies a user by requiring the user to sign on with a user name and password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Internal Firewalls

A

Firewalls that sit inside the organizational network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Intrusion Detection System (IDS)

A

A computer program that senses when another computer is attempting to scan the disk or otherwise access a computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

IP Spoofing

A

A type of spoofing whereby an intruder uses another site’s IP address as if it were that other site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Key

A

A number used to encrypt data. The encryption algorithm applies the key to the original message to produce the coded message. Decoding (decrypting) a message is similar; a key is applied to the coded message to recover the original text.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Key Escrow

A

A control procedure whereby a trusted party is given a copy of a key used to encrypt database data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Malware

A

Viruses, worms, Trojan horses, spyware, and adware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Malware Definitions

A

Patterns that exist in malware code. Antimalware vendors update these definitions continuously and incorporate them into their products in order to better fight against malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Packet-Filtering Firewall

A

A firewall that examines each packet and determines whether to let the packet pass. To make this decision, it examines the source address, the destination addresses, and other data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Payload

A

The program codes of a virus that causes unwanted or hurtful actions, such as deleting programs or data, or even worse, modifying data in ways that are undetected by the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Perimeter Firewall

A

A firewall that sits outside the organizational network; it is the first device that Internet traffic encounters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Personal Identification Number (PIN)

A

A form of authentication whereby the user supplies a number that only he or she knows.

37
Q

Phisher

A

An individual or organization that spoofs legitimate companies in an attempt to illegally capture personal data, such as credit card numbers, email accounts, and driver’s license numbers.

38
Q

Phishing

A

A technique for obtaining unauthorized data that uses pretexting via email. The phisher pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, Social Security numbers, account passwords, and so forth.

39
Q

Pretexting

A

Deceiving someone over the Internet by pretending to be another person or organization.

40
Q

Privacy Act of 1974

A

Federal law that provides protections to individuals regarding records maintained by the U.S. government.

41
Q

Public Key/Private Key

A

A special version of asymmetric encryption that is popular on the Internet. With this method, each site has a public key for encoding messages and a private key for decoding them.

42
Q

Safeguard

A

Any action, device, procedure, technique, or other measure that reduces a system’s vulnerability to a threat.

43
Q

Secure Sockets Layer (SSL)

A

A protocol that uses both asymmetric and symmetric encryption. When SSL is in use, the browser address will begin with https://. The most recent version of SSL is called TLS.

44
Q

Smart Cards

A

Plastic cards similar to credit cards that have microchips. The microchip, which holds much more data than a magnetic strip, is loaded with identifying data. Normally requires a PIN.

45
Q

Sniffing

A

A technique for intercepting computer communications. With wired networks, sniffing requires a physical connection to the network. With wireless networks, no such connection is required.

46
Q

Spoofing

A

When someone pretends to be someone else with the intent of obtaining unauthorized data. If you pretend to be your professor, you are spoofing your professor.

47
Q

Spyware

A

Programs installed on the user’s computer without the user’s knowledge or permission that reside in the background and, unknown to the user, observe the user’s actions and keystrokes, modify computer activity, and report the user’s activities to sponsoring organizations. Malicious spyware captures keystrokes to obtain user names, passwords, account numbers, and other sensitive information. Other spyware is used for marketing analyses, observing what users do, Web sites visited, products examined and purchased, and so forth.

48
Q

SQL Injection Attack

A

The situation that occurs when a user obtains unauthorized access to data by entering a SQL statement into a form in which they are supposed to enter a name or other data. If the program is improperly designed, it will accept this statement and make it part of the SQL command that it issues to the DBMS.

49
Q

Symmetric Encryption

A

An encryption method whereby the same key is used to encode and to decode the message.

50
Q

Target

A

The asset that is desired by a security threat.

51
Q

Technical Safeguards

A

Security safeguards that involve the hardware and software components of an information system.

52
Q

Threat

A

A person or organization that seeks to obtain or alter data or other IS assets illegally, without the owner’s permission and often without the owner’s knowledge.

53
Q

Transport Layer Security (TLS)

A

The new name for a later version of Secure Sockets Layer (SSL).

54
Q

Trojan Horses

A

Viruses that masquerade as useful programs or files. A typical Trojan horse appears to be a computer game, an MP3 music file, or some other useful, innocuous program.

55
Q

Usurpation

A

Occurs when unauthorized programs invade a computer system and replace legitimate programs. Such unauthorized programs typically shut down the legitimate system and substitute their own processing to spy, steal and manipulate data, or achieve other purposes.

56
Q

Virus

A

A computer program that replicates itself.

57
Q

Vulnerability

A

An opportunity for threats to gain access to individual or organizational assets. Some vulnerabilities exist because there are no safeguards or because the existing safeguards are ineffective.

58
Q

Worm

A

A virus that propagates itself using the Internet or some other computer network. Worm code is written specifically to infect another computer as quickly as possible.

59
Q 
\_\_\_\_\_\_\_\_ involves accomplishing job tasks during failure.
A) Recovery
B) Usurpation
C) Authentication
D) Hardening
A

A) Recovery

60
Q

The senior management must establish a company-wide security policy that states the organization’s posture regarding the data that it gathers.

True or False

A

True

61
Q 
A(n) \_\_\_\_\_\_\_\_ has a microchip in it to hold data.
A) ATM card
B) smart card
C) key escrow
D) cookie
A

B) smart card

62
Q 
A \_\_\_\_\_\_\_\_ pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, Social Security numbers, account passwords, and so forth.
A) hacker
B) sniffer
C) phisher
D) safeguard
A

C) phisher

63
Q

Unauthorized data disclosures are possible due to human error.

True or False

A

True

64
Q

Which of the following statements is true of biometric identification?
A) It involves the use of a PIN for authentication.
B) It often faces resistance from users for its invasive nature.
C) It is a relatively inexpensive mode of authentication.
D) It provides weak authentication.

A

B) It often faces resistance from users for its invasive nature.

65
Q

Which of the following is most likely to be a result of hacking?
A) small amounts of spam in a user’s inbox
B) pop-up ads appearing frequently
C) an unauthorized transaction from a user’s credit card
D) certain Web sites being censored for hurting sentiments

A

C) an unauthorized transaction from a user’s credit card

66
Q 
\_\_\_\_\_\_\_\_ occurs when a person breaks into a network to steal data such as customer lists, product inventory data, employee data, and other proprietary and confidential data.
A) Phishing
B) Pretexting
C) Hacking
D) Spoofing
A

C) Hacking

67
Q 
A \_\_\_\_\_\_\_\_ examines each part of a message and determines whether to let that part pass.
A) packet-filtering firewall
B) mail server
C) private key
D) drive-by sniffer
A

A) packet-filtering firewall

68
Q

Hardening is actually a human safeguard.

True or False

A

False

69
Q

Nonword passwords are also vulnerable to brute force attacks.

True or False

A

True

70
Q

If a backup of the database contents is made, the database is completely protected.

True or False

A

False

71
Q

Pretexting occurs when a person receives a confidential text message by mistake.

True or False

A

False

72
Q

Which of the following usually happens in a malicious denial-of-service attack?
A) a hacker monitors and intercepts wireless traffic at will
B) a hacker floods a Web server with millions of bogus service requests
C) a phisher pretends to be a legitimate company and requests confidential data
D) an intruder uses another site’s IP address to masquerade as that other site

A

B) a hacker floods a Web server with millions of bogus service requests

73
Q

Unauthorized data disclosures are possible due to human error.

True or False

A

True

74
Q 
\_\_\_\_\_\_\_\_ are false targets for computer criminals to attack.
A) Honeypots
B) Web beacons
C) Botnets
D) Hot sites
A

A) Honeypots

75
Q 
Users of smart cards are required to enter a \_\_\_\_\_\_\_\_ to be authenticated.
A) private key
B) Social Security number
C) public key
D) personal identification number
A

D) personal identification number

76
Q

Usurpation occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones.

True or False

A

True

77
Q

An intrusion detection system (IDS) is a computer program that senses when another computer is attempting to scan the disk or otherwise access a computer.

True or False

A

True

78
Q 
\_\_\_\_\_\_\_\_ is a technique for intercepting computer communications, either through a physical connection to a network or without a physical connection in the case of wireless networks.
A) Phishing
B) Spoofing
C) Pretexting
D) Sniffing
A

D) Sniffing

79
Q 
Secure Socket Layer is also known as \_\_\_\_\_\_\_\_.
A) transport layer security
B) presentation layer
C) network interface layer security
D) application layer
A

A) transport layer security

80
Q

The single most important computer security safeguard that can be implemented is to create and use passwords that comprise of names.

True or False

A

False

81
Q 
\_\_\_\_\_\_\_\_ refers to an organization-wide function that is in charge of developing data policies and enforcing data standards.
A) Usurpation
B) Data encryption
C) Authentication
D) Data administration
A

D) Data administration

82
Q

Most spyware programs are benign in that they do not perform malicious acts or steal data.

True or False

A

False

83
Q

Which of the following is considered a threat caused by human error?
A) an employee intentionally destroys data and system components
B) an employee inadvertently installs an old database on top of the current one
C) a hacker breaks into a system to steal for financial gain
D) a virus and worm writer infects computer systems

A

B) an employee inadvertently installs an old database on top of the current one

84
Q 
With \_\_\_\_\_\_\_\_, the sender and receiver transmit a message using different keys.
A) block cipher
B) symmetric encryption
C) stream cipher
D) asymmetric encryption
A

D) asymmetric encryption

85
Q

Employee termination is a potential security threat for an organization.

True or False

A

True

86
Q 
When referring to security threats, pretexting, sniffing, spoofing, and phishing are all examples of \_\_\_\_\_\_\_\_.
A) incorrect data modification
B) unauthorized data disclosure
C) faulty services
D) loss of infrastructure
A

B) unauthorized data disclosure

87
Q 
Which of the following is an example of a sniffing technique?
A) adware
B) caches
C) denial of service
D) IP spoofing
A

A) adware

88
Q 
\_\_\_\_\_\_\_\_ is similar to spyware but it watches user activity and produces pop-ups.
A) Adware
B) A payload
C) Shareware
D) A cookie
A

A) Adware

BCIS 3610 - Basic Info System (20 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions