1.

2.
3.
4.

5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.

If a backup is made, the database is secure.

False
Which of the following observations concerning Secure Socket Layer (SSL) is
true?
It is a useful hybrid of symmetric and asymmetric encryption
techniques.
Usurpation occurs when computer criminals invade a computer system and
replace legitimate programs with their own unauthorized ones.
True
________ occurs when computer criminals invade a computer system and
replace legitimate programs with their own unauthorized ones that shut down
legitimate applications and substitute their own processing to spy, steal and
manipulate data, or other purposes.
Usurpation
Which of the following is covered by the Gramm-Leach-Bliley Act of
1999?
consumer financial data stored by financial institutions
Users of smart cards are required to enter a ________ to be authenticated.
personal identification number
________ occurs when a person breaks into a network to steal data such as
customer lists, product inventory data, employee data, and other proprietary and
confidential data.
Hacking
Email spoofing is a synonym for ________.
Phishing
Which of the following is an example of an intangible consequence?
a loss
of customer goodwill due to an outage
Drive-by sniffers monitor and intercept wireless traffic at will.
True
Email spoofing is a synonym for phishing.
True
A magnetic strip holds far more data than a microchip.
False
The existence of accounts that are no longer in use are not a security threat to an
organization.
False
A ________ pretends to be a legitimate company and sends an email requesting
confidential data, such as account numbers, Social Security numbers, account
passwords, and so forth.
Phisher
In disaster-preparedness terminology, a ________ is a utility company that can
take over another company's processing with no forewarning.
Hot site
Natural disasters present the largest risk for infrastructure loss.
True
Intangible consequences are those whose financial impact can be
measured.
False
Probable loss is the probability that a given asset will be compromised by a given
threat, despite the safeguards.
False
Windows, Linux, Unix, and other operating systems employ Kerberos and
authenticate user requests across networks of computers using a mixture of
these operating systems.
True
A virus is a computer program that replicates itself. The program code that
causes unwanted activity is called the ________.
Payload
Probable loss is concerned only with tangible consequences.
False
Which of the following is most likely to be the result of hacking?
an
unexplained reduction in your account balance
________ are the primary means of authentication and are important not just for
access to a user's computer, but also for authentication to other networks and
servers to which the user may have access.
Passwords

24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.

35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.

________ are small files that your browser stores on your computer when you
visit Web sites and enable you to access Web sites without having to sign in
every time.
Cookies
The total cost of a cold site, including all customer labor and other expenses, is
always less than the cost of a hot site.
False
Which of the following systems procedures is specifically the responsibility of
operations personnel?
backing up system databases
Wireless networks are more secure than wired networks.
False
________ is a technique for intercepting computer communications, either
through a physical connection to a network or, in the case of wireless networks,
with no physical connection.
Sniffing
Which element of a security policy specifies how an organization will ensure the
enforcement of security programs and policies?
the general statement
of the security policy
To obtain a measure of probable loss, companies ________.
multiply
likelihood by the cost of the consequences
________, tiny files that gather demographic information, use a single code to
identify users by age, gender, location, likely income, and online activity.
Beacons
________ is the term used to denote viruses, worms, Trojan horses, spyware,
and adware.
Malware
Sniffing occurs when an intruder uses another site's IP address as if it were that
other site.
False
________ a site means to take extraordinary measures to reduce a system's
vulnerability, using special versions of the operating system, and eliminating
operating systems features and functions that are not required by the
application.
Hardening
A retina scan is a biometric authentication technique.
True
Drive-by sniffers monitor and intercept wireless traffic at will.
True
According to the elements of company security outlined in the NIST Handbook,
computer security is not constrained by societal factors.
False
Which of the following is used for biometric authentication?
Facial
features
Phishing is a technique for intercepting computer communications.
False
Faulty service includes incorrectly billing customers or sending the wrong
information to employees, but not incorrect data modification.
False
An example of a computer crime includes an employee who inadvertently installs
an old database on top of the current one.
False
Pretexting occurs when a person receives a confidential text message by
mistake and pretends to be the intended recipient.
False
You are transferring funds online through the Web site of a reputed bank. Which
of the following displayed in your browser's address bar will let you know that the
bank is using the SSL protocol?
Https
Security, like BPM, is a process that requires process management.
True
________ refers to things we do not know, while ________ is the likelihood of an
adverse occurrence.
Uncertainty; risk

46.
47.

48.
49.
50.
51.
52.
53.
54.

Which of the following usually happens in a malicious denial-of-service

attack?
A hacker floods a Web server with millions of bogus service
requests.
Many companies create ________, which are false targets for computer
criminals to attack. To an intruder, it would look like a particularly valuable
resource, such as an unprotected Web site, but in actuality the only site content
is a program that determines the attacker's IP address.
Honeypots
A(n) ________ is a type of virus that propagates using the Internet or other
computer networks.
Worm
Technical safeguards involve the hardware and software components of an
information system.
True
Maintaining the computers that run a DBMS in a locked room is a part of
________.
physical security procedures
Because encryption keys can be lost or destroyed, a copy of the key should be
stored with a trusted third party. This procedure is called ________.
key escrow
To gain access to a wired network, a potential intruder must obtain physical
access to the network.
True
Encryption is an example of a technical safeguard.
True
Which factor of risk assessment refers to the probability that a given asset will be
compromised by a given threat, despite the safeguards?
Likelihood