0% found this document useful (0 votes)

2K views113 pages

Chapter 4 - Version1

The document contains a series of true/false questions about ethics, privacy, information governance, and computer security topics. It tests the reader's knowledge on issues like intellectual property, data protection, bring your own device policies, and social media monitoring.

Uploaded by

raxhelamm

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

2K views113 pages

Chapter 4 - Version1

Uploaded by

raxhelamm

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 113

Student name:__________

TRUE/FALSE - Write 'T' if the statement is true and 'F'

if the statement is false.
1) Ethics and security are two fundamental building
blocks for all organizations.

⊚ true
⊚ false

2) Privacy is the legal protection afforded an expression

of an idea, such as a song, book, or video game.

⊚ true
⊚ false

3) Information governance is a method or system of

government for information management or control.

⊚ true
⊚ false

4) Confidentiality is the right to be left alone when you

want to be, to have control over your own personal
possessions, and not to be observed without your consent.

⊚ true
⊚ false

5) Digital rights management is a technological solution

that allows publishers to control their digital media to
discourage, limit, or prevent illegal copying and distribution.

⊚ true
⊚ false

Version 1 1
6) The Child Online Protection Act was passed to protect
minors from accessing inappropriate material on the Internet.

⊚ true
⊚ false

7) Counterfeit software is the unauthorized use,

duplication, distribution, or sale of copyrighted software.

⊚ true
⊚ false

8) Pirated software is software that is manufactured to

look like the real thing and sold as such.

⊚ true
⊚ false

9) A patent is the legal protection afforded an expression

of an idea, such as a song, book, or video game.

⊚ true
⊚ false

10) Intellectual property is intangible creative work that is

embodied in physical form and includes copyrights,
trademarks, and patents.

⊚ true
⊚ false

11) Copyright is an exclusive right to make, use, and sell

an invention and is granted by a government to the inventor.

Version 1 2
⊚ true ⊚ false

12) Rule 41 is the part of the United States Federal Rules physical and digital
of Criminal Procedure that covers the search and seizure of evidence.

⊚ true
⊚ false

13) Information management examines the organizational data/information required

resource of information and regulates its definitions, uses, to function and grow
value, and distribution, ensuring it has the types of effectively.

⊚ true
⊚ false

14) Information compliance is the act of conforming,

acquiescing, or yielding information.

⊚ true
⊚ false

15) Information property is an ethical issue that focuses on

who owns information about individuals and how information
can be sold and exchanged.

⊚ true
⊚ false

16) Information secrecy is an ethical issue that focuses on

who owns information about individuals and how information
can be sold and exchanged.

⊚ true
⊚ false

Version 1 3
17) Information secrecy is the category of computer unauthorized disclosure
security that addresses the protection of data from and confirmation of data
source authenticity.

⊚ true
⊚ false

18) Information property is the category of computer

security that addresses the protection of data from
unauthorized disclosure and confirmation of data source
authenticity.

⊚ true
⊚ false

19) Epolicies are policies and procedures that address

information management along with the ethical use of
computers and the Internet in the business environment.

⊚ true
⊚ false

20) An acceptable use policy (AUP) requires a user to information systems, and
agree to follow it to be provided access to corporate email, the Internet.

⊚ true
⊚ false

21) Companies do not need a privacy policy for email

because an employee’s work email is private and cannot be
viewed by the company.

⊚ true
⊚ false

22) A social media

Version 1 4
policy outlines the corporate guidelines or principles
governing employee online communications.

⊚ true
⊚ false

23) An ethical computer use policy contains general

principles to guide computer user behavior.

⊚ true
⊚ false

24) Employee monitoring policies explicitly state how,

when, and where the company monitors its employees.

⊚ true
⊚ false

25) Workplace MIS monitoring tracks people’s activities number of transactions

by such measures as number of keystrokes, error rate, and processed.

⊚ true
⊚ false

26) Cybervandalism is the electronic defacing of an

existing website.

⊚ true
⊚ false

27) Cybervandalism is a problem that occurs when

someone registers purposely misspelled variations of well-
known domain names.

⊚ true
⊚ false

Version 1 5
28) Website name stealing is the theft of a website’s name website to another website
that occurs when someone, posing as a site’s administrator, owner.
changes the ownership of the domain name assigned to the

⊚ true
⊚ false

29) Internet governance is government attempts to control viewed by a country’s

Internet traffic, thus preventing some material from being citizens.

⊚ true
⊚ false

30) Cybervandalism includes threats, negative remarks, or

defamatory comments transmitted via the Internet or posted
on the website.

⊚ true
⊚ false

31) Bring your own device is a policy that allows to access enterprise data
employees to use their personal mobile devices and computers and applications.

⊚ true
⊚ false

32) Fair information practices are policies that allow to access enterprise data
employees to use their personal mobile devices and computers and applications.

⊚ true
⊚ false

33) Fair information

practices is a general term

Version 1 6
for a set of standards governing the collection and use of
personal data and addressing issues of privacy and accuracy.

⊚ true
⊚ false

34) Bring your own devices is a general term for a set of and addressing issues of
standards governing the collection and use of personal data privacy and accuracy.

⊚ true
⊚ false

35) BYOD policies offer four basic options, including preventing local storage of
unlimited access for personal devices; access only to data on personal devices.
nonsensitive systems and data; access, but with IT control
over personal devices, apps, and stored data; and access, but

⊚ true
⊚ false

36) Different organizations and countries have their own protection of privacy and
terms for these concerns. The United Kingdom terms it "data transborder flows of
protection," and the European Union calls it "personal data personal data.
privacy"; the Organization for Economic Co-operation and
Development (OECD) has written guidelines on the

⊚ true
⊚ false

37) Teergrubing is an antispamming approach where the

receiving computer launches a return attack against the
spammer, sending email messages back to the computer that
originated the suspected spam.

Version 1 7
⊚ true ⊚ false

38) Click-fraud is the abuse of pay-per-click, pay-per-call,

and pay-per-conversion revenue models by repeatedly
clicking on a link to increase charges or costs for the
advertiser.

⊚ true
⊚ false

39) Competitive click-fraud is a computer crime where a

competitor or disgruntled employee increases a company’s
search advertising costs by repeatedly clicking on the
advertiser’s link.

⊚ true
⊚ false

40) A user can opt out of receiving emails by choosing to

deny permission to incoming emails.

⊚ true
⊚ false

41) A user can opt in to receive emails by choosing to

allow permissions to incoming emails.

⊚ true
⊚ false

42) A user can opt in to receiving emails by choosing to

deny permission to incoming emails.

⊚ true
⊚ false

Version 1 8
43) A user can opt out of receiving emails by choosing to
allow permissions to incoming emails.

⊚ true
⊚ false

44) Social media monitoring is the process of monitoring individual, product, or

and responding to what is being said about a company, brand.

⊚ true
⊚ false

45) A social media manager is a person within the

organization who is trusted to monitor, contribute, filter, and
guide the social media presence of a company, individual,
product, or brand.

⊚ true
⊚ false

46) A social media manager refers to the process of company, individual,

monitoring and responding to what is being said about a product, or brand.

⊚ true
⊚ false

47) Cyberbullying is a person within the organization who

is trusted to monitor, contribute, filter, and guide the social
media presence of a company, individual, product, or brand.

⊚ true
⊚ false

Version 1 9
48) Cyberbullying is an act or object that poses a danger to assets.

Version 1 10
49) Spyware is software that, while purporting to serve the consent of the
some useful function and often fulfilling that function, also computer user.
allows Internet advertisers to display advertisements without

⊚ true
⊚ false

50) The Trojan-horse virus hides inside other software,

usually as an attachment or a downloadable file.

⊚ true
⊚ false

51) Information security is a broad term encompassing the misuse by persons inside
protection of information from accidental or intentional or outside an organization.

⊚ true
⊚ false

52) Two of the common forms of viruses discussed in the

book include the Trojan-horse virus and the acceptance-of-
service attack.

⊚ true
⊚ false

53) A hacker weapon called a splog (spam blog) is a fake

blog created solely to raise the search engine rank of affiliated
websites.

⊚ true
⊚ false

54) Information

Version 1 11
security is a high priority for protection of the company’s
information, and it is critical to implement an information
security procedure to combat misuse of this information.

⊚ true
⊚ false

55) Smoking areas are targeted by hackers as they

regularly use smoking entrances to gain building access where
they pose as employees to gain access to the company
network.

⊚ true
⊚ false

56) Downtime refers to a period of time when a system is

unavailable, and unplanned downtime can strike at any time
for various reasons.

⊚ true
⊚ false

57) Drive-by hacking is a computer attack where an

attacker accesses a wireless computer network, intercepts
data, uses network services, and/or sends attack instructions
without entering the office or organization that owns the
network.

⊚ true
⊚ false

58) White-hat hackers break into other people’s computer

systems and may just look around or may steal and destroy
information.

⊚ true
⊚ false

Version 1 12
59) Black-hat hackers work at the request of the system
owners to find system vulnerabilities and plug the holes.

⊚ true
⊚ false

60) Ransomware is a form of malicious software that

infects your computer and asks for money.

⊚ true
⊚ false

61) Simplelocker is a new ransomware program that

encrypts your personal files and demands payment for the
files’ decryption keys.

⊚ true
⊚ false

62) A worm is a form of malicious software that infects

your computer and asks for money.

⊚ true
⊚ false

63) A worm spreads itself not only from file to file but
also from computer to computer.

⊚ true
⊚ false

64) Script-kiddies have criminal intent when hacking.

⊚ true
⊚ false

Version 1 13
65) Cyberterrorists seek to cause harm to people or to a weapon of mass
destroy critical systems or information and use the Internet as destruction.

⊚ true
⊚ false

66) White-hat hackers have philosophical and political

reasons for breaking into systems and will often deface the
website as a protest.

⊚ true
⊚ false

67) Script kiddies or script bunnies find hacking code on cause damage or spread
the Internet and click-and-point their way into systems to viruses.

⊚ true
⊚ false

68) A worm spreads itself not only from file to file but not need to attach to
also from computer to computer. The primary difference anything to spread and can
between a virus and a worm is that a virus must attach to tunnel themselves into
something, such as an executable file, to spread. Worms do computers.

⊚ true
⊚ false

69) Backdoor programs change their form as they

propagate.

⊚ true
⊚ false

Version 1 14
70) Backdoor programs open a way into the network for future attacks.

Version 1 15
71) A denial-of-service attack (DoS) floods a website with
so many requests for service that it slows down or crashes the
site.

⊚ true
⊚ false

72) Legitimate users who purposely or accidentally misuse business-affecting incident

their access to the environment and cause some kind of are called insiders.

⊚ true
⊚ false

73) Insiders are illegitimate users who purposely or

accidentally misuse their access to the environment to do
business.

⊚ true
⊚ false

74) Information security policies detail how an

organization will implement the information security plan.

⊚ true
⊚ false

75) Dumpster diving is another security breach for

companies and is where people not associated with the
company jump into the company’s outside garbage bins and
try to gather and steal any valuable company products they
can resell on eBay.

Version 1 16
⊚ true ⊚ false

76) Organizations address security risks through two lines

of defense: The first is people and the second is technology.

⊚ true
⊚ false

77) Pretexting is a form of social engineering in which one

individual lies to obtain confidential data about another
individual.

⊚ true
⊚ false

78) Ransomware is a form of social engineering in which

one individual lies to obtain confidential data about another
individual.

⊚ true
⊚ false

79) Through social engineering, hackers use their social

skills to trick people into revealing access credentials or other
valuable information.

⊚ true
⊚ false

80) Through pretexting, hackers use their social skills to

trick people into revealing access credentials or other valuable
information.

⊚ true
⊚ false

Version 1 17
81) The three primary information security areas are (1)
authentication and authorization, (2) policies and rewards, and
(3) detection and response.

⊚ true
⊚ false

82) Tokens are small electronic devices that change user

passwords automatically.

⊚ true
⊚ false

83) The technique to gain personal information for the

purpose of identity theft, often through fraudulent emails that
look as though they came from legitimate businesses, is called
phishing.

⊚ true
⊚ false

84) A process of providing a user with permission

including access levels and abilities such as file access, hours
of access, and amount of allocated storage space is called
authentication.

⊚ true
⊚ false

85) One of the most ineffective ways to set up

authentication techniques is by setting up user IDs and
passwords.

⊚ true
⊚ false

Version 1 18
86) Biometrics is the identification of a user based on a
physical characteristic, such as a fingerprint, iris, face, voice,
or handwriting.

⊚ true
⊚ false

87) A firewall scrambles information into an alternative

form that requires a key or password to decrypt.

⊚ true
⊚ false

88) Identity theft is the forging of someone’s identity for

the purpose of fraud.

⊚ true
⊚ false

89) Identity theft is the category of computer security that and confirmation of data
addresses the protection of data from unauthorized disclosure source authenticity.

⊚ true
⊚ false

90) A phishing expedition is a masquerading attack that

combines spam with spoofing. The perpetrator sends millions
of spam emails that appear to be from a respectable company.
The emails contain a link to a website that is designed to look
exactly like the company’s website. The victim is encouraged
to enter his or her username, password, and sometimes credit
card information.

Version 1 19
⊚ true ⊚ false

91) Spear phishing is a phishing expedition in which the

emails are carefully designed to target a particular person or
organization.

⊚ true
⊚ false

92) Spear phishing is a phone scam that attempts to number to "confirm" their
defraud people by asking them to call a bogus telephone account information.

⊚ true
⊚ false

93) Phishing reroutes requests for legitimate websites to

false websites.

⊚ true
⊚ false

94) A zombie is a program that secretly takes over another

computer for the purpose of launching attacks on other
computers.

⊚ true
⊚ false

95) A zombie farm is a group of computers on which a

hacker has planted zombie programs.

⊚ true
⊚ false

96) A pharming attack

Version 1 20
uses of a zombie farm, often by an organized crime
association, to launch a massive phishing attack.

⊚ true
⊚ false

97) Worms are computer viruses that wait for a specific

date before executing their instructions.

⊚ true
⊚ false

98) Decrypting information is to decode it and is the

opposite of encrypting.

⊚ true
⊚ false

99) Cryptography is the science that studies encryption,

which is the hiding of messages so that only the sender and
receiver can read them.

⊚ true
⊚ false

100) A certificate authority is a trusted third party, such as

VeriSign, that validates user identities by means of digital
certificates.

⊚ true
⊚ false

101) A certificate authority is a data file that identifies

individuals or organizations online and is comparable to a
digital signature.

Version 1 21
⊚ true ⊚ false

102) A voiceprint is a data file that identifies individuals or

organizations online and is comparable to a digital signature.

⊚ true
⊚ false

103) A voiceprint is a set of measurable characteristics of a authentication such as

human voice that uniquely identifies an individual. These voiceprints can be costly
characteristics, which are based on the physical configuration and intrusive.
of a speaker’s mouth and throat, can be expressed as a
mathematical formula. Unfortunately, biometric

⊚ true
⊚ false

104) Single-factor authentication is the traditional security

process, which requires a username and password.

⊚ true
⊚ false

105) Two-factor authentication requires the user to provide and what the user has
two means of authentication: what the user knows (password) (security token).

⊚ true
⊚ false

106) Multifactor authentication requires more than two

means of authentication such as what the user knows
(password), what the user has (security token), and what the
user is (biometric verification).

Version 1 22
⊚ true ⊚ false

107) Multifactor authentication is the traditional security

process, which requires a username and password.

⊚ true
⊚ false

108) Single-factor authentication requires more than two user is (biometric

means of authentication such as what the user knows verification).
(password), what the user has (security token), and what the

⊚ true
⊚ false

109) Single-factor authentication requires the user to (password) and what the
provide two means of authentication: what the user knows user has (security token).

⊚ true
⊚ false

110) The goal of multifactor authentication is to make it have to break through

difficult for an unauthorized person to gain access to a system additional levels.
because if one security level is broken, the attacker will still

⊚ true
⊚ false

MULTIPLE CHOICE - Choose the one alternative that

best completes the statement or answers the question.
111) Which of the following represents the two
fundamental building blocks that protect organizational
information?

B) human
A) security and sales resources and security

Version 1 23
C) ethics and security
D) ethics and technology

112) What is the legal protection afforded an expression of

an idea, such as a song, book, or video game?

D) copyright
A) privacy
B) confidentiality
C) intellectual property

113) What is the intangible creative work that is embodied

in physical form and includes trademarks and patents?

D) ethical
A) intellectual software property
B) intellectual property
C) trademark property

114) Trust between companies, customers, partners, and

suppliers is the support structure of which of the following?

C) esoftware
A) ebusiness D) epolicies
B) eharmony

115) In relation to privacy, which of the following is the only to those authorized to
assurance that messages and information remain available view them?

D) firewall
A) contentment security
B) ethical standard
C) confidentiality

116) Which of the following represents the principles and standards that guide our

Version 1 24
behavior toward other people?

D) security
A) ethics
B) intellectual property
C) standards of living

117) What is the difference between pirated and counterfeit

software?

the real thing and sold as

A) Counterfeit software is fake technology products, such.
whereas pirated is invisible technological cameras placed D) Pirated
online. software is stolen and used
B) Pirated software is the unauthorized use, to hack into a company’s
duplication, distribution, or sale of copyrighted software, classified material,
whereas counterfeit is software that is manufactured to look whereas counterfeit is a
like the real thing and sold as such. fake version of firewall
C) Counterfeit software is the unauthorized use, software.
duplication, distribution, or sale of copyrighted software,
whereas pirated is software that is manufactured to look like

118) Which of the following governs the ethical and moral distribution, and
issues arising from the development and use of information processing of information?
technologies and the creation, collection, duplication,

D) information
A) ethical information ethics
B) information technology
C) information policies

119) Which of the following means the right to be left alone

when you want to be, to have control over your personal
possessions, and not to be observed without your consent?

C) privacy
A) safety D) confidentiality
B) ethical standard

Version 1 25
120) Determining what is ethical can sometimes be difficult
because certain actions can be justified or condemned
depending on how you view the relationship between which
of the following?

D) confidential
A) legal and confidential and open
B) legal and ethical
C) legal and technical

121) What is a technological solution that allows publishers illegal copying and
to control their digital media to discourage, limit, or prevent distribution?

D) pirated
A) digital rights management software
B) counterfeit software
C) privacy

122) Which of the following examines the organizational information required to

resource of information and regulates its definitions, uses, function and grow
value, and distribution, ensuring it has the types of data or effectively?

D) information
A) information code governance
B) information technology
C) information management

123) Sophie Black works as a computer programmer for a unsure about accepting the
software company. Her boss, Mike Jones, is responsible for game because legally it
developing a new software game Nintendo After completion would be considered
of the project, Mike gives all of the team members a free copy
of the game without consent from the company. Sophie is

D) governance
A) counterfeit software. software.
B) pirated software.
C) ethical software.

Version 1 26
124) What is the method or system of government for
information management or control?

D) information
A) information management secrecy
B) information compliance
C) information governance

125) What is the category of computer security that and confirmation of data
addresses the protection of data from unauthorized disclosure source authenticity?

D) information
A) information management ethics
B) information compliance
C) information secrecy

126) Which of the following represents the definition of

information property?

information and regulates

A) an ethical issue that focuses on who owns its definitions, uses, values,
information about individuals and how information can be and distribution, ensuring
sold and exchanged that it has the types of
B) a method or system of government for data/information required
information management or control to function and grow
C) the category of computer security that addresses effectively
the protection of data from unauthorized disclosure and
confirmation of data source authenticity
D) examines the organizational resource of

127) Which of the following represents the definition of

information governance?

information management
A) the act of conforming, acquiescing, or yielding or control
information C) the category of
B) a method or system of government for computer security that

Version 1 27
addresses the protection of data from unauthorized disclosure required to function and
and confirmation of data source authenticity grow effectively
D) examines the organizational resource of
information and regulates its definitions, uses, values, and
distribution, ensuring that it has the types of data/information

128) Which of the following represents the definition of

information secrecy?

information and regulates

A) the act of conforming, acquiescing, or yielding its definitions, uses, values,
information and distribution, ensuring
B) a method or system of government for that it has the types of
information management or control data/information required
C) the category of computer security that addresses to function and grow
the protection of data from unauthorized disclosure and effectively
confirmation of data source authenticity
D) examines the organizational resource of

129) Which of the following represents the definition of

information management?

information and regulates

130) Which of the following represents the definition of

information compliance?

B) a method or
A) the act of conforming, acquiescing, or yielding system of government for
information information management

Version 1 28
or control distribution, ensuring that
C) information secrecy is the category of computer it has the types of
security that addresses the protection of data from data/information required
unauthorized disclosure and confirmation of data source to function and grow
authenticity effectively
D) examines the organizational resource of
information and regulates its definitions, uses, values, and

131) Which of the following represents the definition of

information compliance?

company’s policies and

A) the act of conforming, acquiescing, or yielding procedures
information
B) the ability to comply with software
C) the understanding of technology
D) the verbalization of information governance in a

132) Which of the following serves as key evidence in to search and organize
many legal cases today and also provides a faster, easier way paper documents?

D) information
A) confidentiality ethics
B) digital information
C) privacy policies

133) Which of the following refers to the ability of a

company to identify, search, gather, seize, or export digital
information in responding to a litigation, audit, investigation,
or an information inquiry?

C) ediscovery
A) eauthorization D) epolicies
B) emanagement

Version 1 29
134) In the information technology world, which of the
following are examples of ethical issues that a company may
have to manage?

Version 1 30
viruses to confuse IT
A) employees copying and distributing company- D) All of the
owned software answer choices are correct.
B) employees searching other employees’ private
information without their consent
C) employees intentionally creating or spreading

135) When studying the figure of the four quadrants of make decisions in which of
ethical and legal behavior, the goal is for organizations to the following quadrants?

C) quadrant I
A) quadrant IV D) quadrant III
B) quadrant II and III

136) Which of the following is included in the four

quadrants of ethical and legal behavior?

D) All of the
A) legal behavior and ethical behavior answer choices are correct.
B) illegal behavior and ethical behavior
C) legal behavior and unethical behavior

137) What is intangible creative work that is embodied in

physical form and includes copyrights, trademarks, and
patents?

C) privacy
A) ethics D) confidentiality
B) intellectual property

138) Which of the following describes privacy?

C) the right to be
A) the assurance that messages and data are left alone when you want
available only to those who are authorized to view them to be, to have control over
B) policies and procedures that address the ethical your own personal
use of computers and the Internet in the business environment possessions, and to not be

Version 1 31
observed without your consent behavior toward other
D) the principles and standards that guide our people

139) Which of the following is an example of acting

ethically?

proprietary information.
A) Individuals copy, use, and distribute software. D) None of the
B) Employees search organizational databases for answer choices are correct.
sensitive corporate and personal information.
C) Individuals hack into computer systems to steal

140) Which of the following describes confidentiality?

be observed without your

A) the assurance that messages and information are consent
available only to those who are authorized to view them D) the principles
B) policies and procedures that address the ethical and standards that guide
use of computers and the Internet in the business environment our behavior toward other
C) the right to be left alone when you want to be, to people
have control over your own personal possessions, and not to

141) What refers to the ability of a company to identify,

search, gather, seize, or export digital information in
responding to a litigation, audit, investigation, or information
inquiry?

D) pirated
A) ediscovery software
B) Child Online Protection Act
C) digital rights management

142) What was passed to protect minors from accessing

inappropriate material on the Internet?

A) ediscovery

Version 1 32
D) pirated
B) Child Online Protection Act software
C) digital rights management

143) What is the part of the United States Federal Rules of physical and digital
Criminal Procedure that covers the search and seizure of evidence?

D) pirated
A) ediscovery software
B) Child Online Protection Act
C) Rule 41

144) Which rule is the part of the United States Federal seizure of physical and
Rules of Criminal Procedure that covers the search and digital evidence?

C) Rule 41
A) Rule 4 D) Rule 4.2
B) Rule 1

145) What is the measure of consumer, partner, and and secure data and the
employee confidence in an organization’s ability to protect privacy of individuals?

C) Rule 41
A) digital trust D) digital child
B) Child Online Protection Act.

146) What is a technological solution that allows publishers illegal copying and
to control their digital media to discourage, limit, or prevent distribution?

D) digital trust
A) ediscovery
B) Child Online Protection Act
C) digital rights management

Version 1 33
D) pirated
A) digital trust software
B) Child Online Protection Act
C) digital rights management

148) What is ediscovery?

D) the measure of
A) the unauthorized use, duplication, distribution, or consumer, partner, and
sale of copyrighted software employee confidence in an
B) the ability of a company to identify, search, organization’s ability to
gather, seize, or export digital information in responding to a protect and secure data and
litigation, audit, investigation, or information inquiry the privacy of individuals
C) a law passed to protect minors from accessing
inappropriate material on the Internet

149) What is the Child Online Protection Act?

150) What is digital rights management?

D) a
A) the measure of consumer, partner, and employee technological solution that
confidence in an organization’s ability to protect and secure allows publishers to
data and the privacy of individuals control their digital media
B) the ability of a company to identify, search, to discourage, limit, or
gather, seize, or export digital information in responding to a prevent illegal copying and
litigation, audit, investigation, or information inquiry distribution
C) a law passed to protect minors from accessing
inappropriate material on the Internet

Version 1 34
151) What is pirated software?

D) a
A) the unauthorized use, duplication, distribution, or technological solution that
sale of copyrighted software allows publishers to
B) the ability of a company to identify, search, control their digital media
gather, seize, or export digital information in responding to a to discourage, limit, or
litigation, audit, investigation, or information inquiry prevent illegal copying and
C) the measure of consumer, partner, and employee distribution
confidence in an organization’s ability to protect and secure
data and the privacy of individuals

152) What are policies and procedures that address

information management along with the ethical use of
computers and the Internet in the business environment?

D) data scraping
A) information systems policy
B) epolicies
C) technology applied policy

153) Which of the below is not one of the six epolicies that
a company should implement for information protection as
discussed in the text?

D) GDPR
A) information privacy policy monitoring policy
B) workplace monitoring policy
C) acceptable use policy

154) Which of the following contains general principles to

guide computer user behavior?

D) information
A) information technology code systems
B) technology policy
C) ethical computer use policy

Version 1 35
155) Which of the following clauses is typically contained
in an acceptable use policy?

D) employee use
A) nonrepudiation clause clause
B) digital trust clause
C) confidentiality clause

156) Which of the following would not be found in a

typical acceptable use policy?

D) not attempting
A) not using the service as part of violating any law to break the security of any
computer network
B) not posting commercial messages to groups
where the employee has received user consent
C) not performing any nonrepudiation

157) Which of the following terms refers to a contractual

stipulation to ensure that ebusiness participants do not deny
their online actions?

D) digital trust
A) compliance
B) noncommittal
C) nonrepudiation

158) According to the ethical computer use policy, users on that basis, ________ to
should ________ the rules and, by agreeing to use the system abide by the rules.

D) consent to; be
A) be informed of; collaborate informed
B) consent to; be informed
C) be informed; consent

159) Which of the following policies states that users agree to follow it in order to be

Version 1 36
given access to corporate email, information systems, and the Internet?

D) email privacy
A) acceptable use policy policy
B) social media policy
C) information privacy policy

160) Which of the following is not considered an epolicy?

D) anti-hacker
A) acceptable use policy use policy
B) Internet use policy
C) ethical computer use policy

161) Which policy contains general principles regarding

information privacy?

D) antispam
A) information privacy policy policy
B) acceptable use policy
C) Internet use policy

162) Which of the following represents the classic example

of unintentional information reuse?

D) driver’s
A) phone number license number
B) Social Security number
C) address

163) What is the process of extracting large amounts of

data from a website and saving it to a spreadsheet or
computer?

D) GDPR
A) data scraping
B) data security
C) fair information practices

Version 1 37
164) What is a legal framework that sets guidelines for the individuals within the
collection and processing of personal information of European Union?

D) General Data
A) data scraping Protection Regulation
B) the right to be forgotten (GDPR)
C) fair information practices

165) What occurs when you allow an individual to request

to have all content that violates their privacy removed?

D) General Data
A) data scraping Protection Regulation
B) the right to be forgotten
C) fair information practices

166) What is one of the guidelines an organization can

follow when creating an information privacy policy?

D) None of the
A) adoption and implementation of an antispam answer choices are correct.
policy
B) notice and disclosure
C) choice and quality

167) What is one of the major problems with email?

D) None of the
A) intellectual property answer choices are correct.
B) nonrepudiation
C) user’s expectation of privacy

168) If an organization implemented only one policy, which

one would it want to implement?

A) information

Version 1 38
privacy policy D) ethical
B) acceptable use policy computer use policy
C) Internet use policy

169) Jackie is the head teller at ABC Bank, and her significant amounts of time
responsibilities include overseeing and managing the tellers, playing Internet games and
resolving customer issues, and developing and implementing posting on Facebook.
systems for an optimal and efficient team. She notices a Which policy should the
steady increase in customer complaints and tracks back to company implement to
find that the complaints started right around the time ABC help eliminate this
Bank provided Internet access to all employees. Jackie problem?
watched the tellers closely and found that they were spending

D) workplace
A) information privacy policy monitoring policy
B) email privacy policy
C) Internet use policy

170) Which of the below would you find in a typical

Internet use policy?

good name
A) user ramifications if the policy is violated D) All of the
B) user responsibility for properly handling answer choices are correct.
offensive material
C) user responsibility for protecting the company’s

171) Which of the following policies details the extent to

which email messages may be read by others?

D) spam policy
A) email privacy policy
B) email confidential policy
C) right to be forgotten policy

172) Employees need to understand that corporate email is

solely owned by the

Version 1 39
D) individual
A) individual user. user’s department.
B) company.
C) human resources department.

173) Which of the following should a company email

over email once it has been

A) define legitimate email users and explain what transmitted outside the
happens to accounts after a person leaves the organization organization
B) discourage sending junk email or spam to anyone D) All of the
who doesn’t want to receive it answer choices are correct.
C) inform users that the organization has no control

174) What sends massive amounts of email to a specific

person or system that can cause that user’s server to stop
functioning?

C) digital trust
A) mail bomb D) junk mail
B) spam

175) What is unsolicited email that plagues employees at all

levels and clogs email systems?

C) adware
A) spyware D) GDPR
B) spam

176) What kind of policy can a company implement that

can help diminish the activity of sending unsolicited email?

D) GDPR policy
A) email privacy policy
B) spam policy and procedures
C) antispam policy

Version 1 40
177) To find out your company policy regarding such to refer to the ________
websites as YouTube, Facebook, and Twitter, you would have policy.

D) employee
A) Internet use policy monitoring policy
B) social media policy
C) information use policy

178) Which policy can protect a company’s brand identity

and outlines the corporate principles governing employee
online communication?

D) YouTube
A) Internet workplace policy policy
B) social media policy
C) technology information policy

179) With so much information and moving parts within a

company, technology has made it possible for employers to
monitor many aspects of employee jobs and duties. What is a
system that can track employee’s activities by such measures
as keystrokes, error rate, and number of transactions
processed?

D) company
A) antispam system technology monitoring
B) information intelligence system
C) workplace MIS monitoring

180) Which of the following is a common Internet

monitoring technology?

D) All of the
A) key logger answer choices are correct.
B) hardware key logger
C) cookie

Version 1 41
181) What is an Internet monitoring technique that captures
keystrokes on their journey from the keyboard to the
motherboard?

D) hardware key
A) spyware logger
B) web log
C) adware

182) What type of Internet monitoring technique records was, what ads were
information about a customer during a web surfing session viewed, and what was
such as what websites were visited and how long the visit purchased?

C) clickstream
A) key logger D) web log
B) stealthware

183) Which of the following is not included as a common employee monitoring

stipulation an organization would follow when creating an policy?

D) Expressly
A) Be as specific as possible stating when and what communicate that the
will be monitored. company reserves the right
B) Do not state the consequences of violating the to monitor all employees.
policy.
C) Always enforce the policy the same for everyone.

184) What is a mail bomb?

D) a contractual
A) sending a massive amount of email to a specific stipulation to ensure that
person or system, resulting in filling up the recipient’s disk ebusiness participants deny
space their online actions
B) a contractual stipulation to ensure that ebusiness
participants do not deny their online actions
C) sending a few emails to a specific person or
system, resulting in filling up the recipient’s disk space

Version 1 42
185) Which policy details the extent to which email
messages may be read by others?

D) GDPR policy
A) acceptable use policy
B) email privacy policy
C) Internet use policy

186) Workplace MIS monitoring tracks people’s activities

by such measures as

D) All of the
A) number of keystrokes. answer choices are correct.
B) error rate.
C) number of transactions processed.

187) What program, when installed on a computer, records

every keystroke and mouse click?

C) cookie
A) key logger software D) adware
B) spyware

188) What is a small file deposited on a hard drive by a

website containing information about customers and their web
activities?

C) cookie
A) key logger D) adware
B) hardware key logger

189) What includes threats, negative remarks, or

defamatory comments transmitted via the Internet or posted
on a website?

A) cyberbullying

Version 1 43
D) BYOD
B) information vandalism
C) cookie

190) What is the electronic defacing of an existing website?

C) cookie
A) information bullying D) BYOD
B) cybervandalism

191) What includes threats, negative remarks, or

defamatory comments transmitted via the Internet or posted
on a website?

D) competitive
A) cyberbullying click-fraud
B) cybervandalism
C) click-fraud

192) What is the electronic defacing of an existing website?

D) competitive
A) cyberbulling click-fraud
B) cybervandalism
C) click-fraud

193) What is a general term for a set of standards governing

the collection and use of personal data and addressing issues
of privacy and accuracy?

D) bring your
A) cyberbullying own device
B) fair information practices
C) click-fraud

194) What is a policy that allows employees to use their personal mobile devices

Version 1 44
and computers to access enterprise data and applications?

D) bring your
A) cyberbulling own device
B) fair information practices
C) click-fraud

195) Which of the following is one of the four basic options

included in a bring your own device policy?

personal devices
A) unlimited access for personal devices D) All of the
B) access only to nonsensitive systems and data answer choices are correct.
C) access but preventing local storage of data on

196) What refers to denying permissions to incoming

emails?

D)
A) opt out nonrepudiation
B) opt in
C) BYOD

197) What refers to choosing to allow permissions to

incoming emails?

D)
A) opt out nonrepudiation
B) opt in
C) BYOD

198) What is the process of monitoring and responding to

what is being said about a company, individual, product, or
brand?

C) social media
A) social media monitoring
B) social media manager

Version 1 45
policy
D) antispam policy

Version 1 46
199) Who is a person within the organization who is trusted
to monitor, contribute, filter, and guide the social media
presence of a company, individual, product, or brand?

D) information
A) social media monitoring privacy manager
B) social media manager
C) social media policy

200) What outlines the corporate guidelines or principles

governing employee online communications?

D) information
A) social media monitoring privacy manager
B) social media manager
C) social media policy

201) What is the abuse of pay-per-click, pay-per-call, and a link to increase charges
pay-per-conversion revenue models by repeatedly clicking on or costs for the advertiser?

D) competitive
A) cyberbulling click-fraud
B) cybervandalism
C) click-fraud

202) What is a computer crime where a competitor or

disgruntled employee increases a company’s search
advertising costs by repeatedly clicking on the advertiser’s
link?

D) competitive
A) cyberbulling click-fraud
B) cybervandalism
C) click-fraud

203) What is an act or object that poses a danger to assets?

Version 1 47
D) competitive
A) cyberbullying click-fraud
B) threat
C) click-fraud

204) What is cybervandalism?

advertising costs by
A) the electronic defacing of an existing website repeatedly clicking on the
B) the abuse of pay-per-click, pay-per-call, and pay- advertiser’s link
per-conversion revenue models by repeatedly clicking on a D) an act or
link to increase charges or costs for the advertiser object that poses a danger
C) a computer crime where a competitor or to assets
disgruntled employee increases a company’s search

205) What is click-fraud?

206) What is competitive click-fraud?

207) What is a threat?

Version 1 48
advertising costs by
A) the electronic defacing of an existing website repeatedly clicking on the
B) the abuse of pay-per-click, pay-per-call, and pay- advertiser’s link
per-conversion revenue models by repeatedly clicking on a D) an act or
link to increase charges or costs for the advertiser object that poses a danger
C) a computer crime where a competitor or to assets
disgruntled employee increases a company’s search

208) What is a problem that occurs when someone registers

purposely misspelled variations of well-known domain
names?

D) teergrubing
A) typosquatting
B) website name stealing
C) Internet censorship

209) What is the theft of a website’s name that occurs when

someone, posing as a site’s administrator, changes the
ownership of the domain name assigned to the website to
another website owner?

D) teergrubing
A) typosquatting
B) website name stealing
C) Internet censorship

210) What is government attempts to control Internet

traffic, thus preventing some material from being viewed by a
country’s citizens?

D) teergrubing
A) typosquatting
B) website name stealing
C) Internet censorship

211) What is an antispamming approach where the receiving computer

Version 1 49
launches a return attack against the spammer, sending email
messages back to the computer that originated the suspected
spam?

D) teergrubing
A) cyber duty
B) website name stealing
C) Internet censorship

212) What occurs when a person chooses to deny

permission to incoming emails?

D) digital trust
A) opt out
B) website name stealing
C) Internet censorship

213) Which of the following definitions represents

typosquatting?

D) an
A) a problem that occurs when someone registers antispamming approach
purposely misspelled variations of well-known domain names where the receiving
computer launches a return
B) the theft of a website’s name that occurs when attack against the
someone, posing as a site’s administrator, changes the spammer, sending email
ownership of the domain name assigned to the website to messages back to the
another website owner computer that originated
C) government attempts to control Internet traffic, the suspected spam
thus preventing some material from being viewed by a
country’s citizens

214) Which of the following definitions represents website

name stealing?

A) a problem that occurs when someone registers B) the theft of a

purposely misspelled variations of well-known domain names website’s name that occurs

Version 1 50
when someone, posing as a site’s administrator, changes the computer launches a return
ownership of the domain name assigned to the website to attack against the
another website owner spammer, sending email
C) government attempts to control Internet traffic, messages back to the
thus preventing some material from being viewed by a computer that originated
country’s citizens the suspected spam
D) an antispamming approach where the receiving

215) Which of the following definitions represents Internet

censorship?

216) Which of the following definitions represents

teergrubing?

Version 1 51
217) Which of the following definitions represents opt-out?

C) allowing
A) a problem that occurs when someone registers permission to incoming
purposely misspelled variations of well-known domain names emails
D) denying
B) the theft of a website’s name that occurs when permission to incoming
someone, posing as a site’s administrator, changes the emails
ownership of the domain name assigned to the website to
another website owner

218) Which of the following definitions represents opt-in?

219) Which of the following defines physical security?

country’s citizens
A) a problem that occurs when someone registers D) denying
purposely misspelled variations of well-known domain names permission to incoming
emails
B) tangible protection such as alarms, guards,
fireproof doors, fences, and vaults
C) government attempts to control Internet traffic,
thus preventing some material from being viewed by a

220) Which of the following refers to a period of time when

a system is unavailable?

B) MIS down
A) downtime

Version 1 52
C) direct data loss
D) downtown

Version 1 53
221) Which of the following is not an example of
unplanned downtime?

D) flood
A) power outage
B) tornado
C) system upgrade

222) Which of the following is a cost of downtime in

addition to lost revenue?

D) All of the
A) legal expenses answer choices are correct.
B) loss in financial performance
C) damage to reputation

223) A company should be able to calculate the cost of

downtime by which of the following?

capital
A) per hour, per day, and per week D) None of the
B) per employee, per computer, and per company answer choices are correct.
C) per stock, per stockholder, and per investment

224) Which quadrant in the cost of downtime includes

equipment rental, overtime costs, and travel expenses?

C) other expenses
A) fiscal responsibility D) regeneration
B) damaged reputation

225) Jensen is a senior developer for HackersRUs, a and plug the holes. What
company that helps secure management information systems. type of hacker is Jensen?
Jensen’s new task is to break into the computer system of one
of HackersRUs’s top clients to identify system vulnerabilities

Version 1 54
D) black-hat
A) cracker hacker
B) white-hat hacker
C) script bunny

226) Which of the following defines information security?

D) All of the
A) a broad term encompassing the protection of answer choices are correct.
information
B) protects information from accidental misuse
C) protects information from intentional misuse

227) What are experts in technology who use their just as a challenge known
knowledge to break into computers and networks for profit or as?

C) hackers
A) elevation of privilege D) worms
B) viruses

228) What is a hacker who breaks into other people’s

computer systems and may just look around or steal and
destroy information?

D) cracker
A) script kiddies
B) black-hat hacker
C) white-hat hacker

229) Which of the following is the correct list of the six

different types of hackers listed in your text?

C) black-hat,
A) black-hat, crackers, cyberterrorists, hacktivists,
script kiddies, and white-hat
B) black-top, cookie, script kiddies, environment,
web 3.0, and white-top

Version 1 55
script kiddies, script bats, spider crawlers, ad spiders, and
white-hat
D) None of the answer choices are correct.

Version 1 56
230) What is software written with malicious intent to
cause annoyance or damage?

C) sniffer
A) elevation of privilege D) virus
B) spoofing

231) What are malicious attempts to access or damage a

computer system?

D) information
A) cyberattacks ethics
B) spoofing
C) information attacks

232) What involves prevention, detection, and response to

cyberattacks that can have wide-ranging effects on the
individual, organization, community, and at the national
level?

D) information
A) cyberattacks attacks
B) cybersecurity
C) sniffer

233) What builds the national capacity to defend against assessment capabilities to
cyberattacks and works with the federal government to safeguard .gov networks?
provide cyber security tools, incident response services, and

D) information
A) cyberattacks attacks
B) data security
C) Cybersecurity and Infrastructure Security Agency

234) What includes a variety of threats such as viruses,

worms, and Trojan horses?

Version 1 57
C) spoofing
A) malicious code D) sniffers
B) hoaxes

235) What is the forging of the return address on an email other than the actual
so that the email message appears to come from someone sender?

C) spoofing
A) malicious code D) sniffer
B) hoax

236) What is a special class of adware that collects data user’s knowledge or
about the user and transmits it over the Internet without the permission?

C) spoofware
A) sniffer D) splog
B) spyware

237) What is a new ransomware program that encrypts your

personal files and demands payment for the files’ decryption
keys?

C) spoofware
A) sniffer D) simplelocker
B) spyware

238) What is a form of malicious software that infects your

computer and asks for money?

C) spoofware
A) sniffer D) ransomware
B) spyware

239) What is ransomware?

A) a form of

Version 1 58
malicious software that infects your computer and asks for D) a special class
money of adware that collects data
B) a new ransomware program that encrypts your about the user and
personal files and demands payment for the files’ decryption transmits it over the
keys Internet without the user’s
C) software that allows Internet advertisers to knowledge or permission
display advertisements without the consent of the computer
user

240) What is simplelocker?

user
A) a form of malicious software that infects your D) a special class
computer and asks for money of adware that collects data
B) a new ransomware program that encrypts your about the user and
personal files and demands payment for the files’ decryption transmits it over the
keys Internet without the user’s
C) software that allows Internet advertisers to knowledge or permission
display advertisements without the consent of the computer

241) What is adware?

242) What is spyware?

keys
A) a form of malicious software that infects your C) software that
computer and asks for money allows Internet advertisers
B) a new ransomware program that encrypts your to display advertisements
personal files and demands payment for the files’ decryption without the consent of the

Version 1 59
computer user knowledge or permission
D) a special class of adware that collects data about
the user and transmits it over the Internet without the user’s

243) What is the primary difference between a worm and a

virus?

whereas a worm does not

A) a worm must attach to something to spread, need to attach to anything
whereas a virus does not need to attach to anything to spread to spread and can tunnel
and can tunnel itself into the computer. itself into the computer.
B) a virus is copied and spread by a person, whereas D) All of the
a worm takes a string of tag words and deletes websites. answer choices are correct.
C) a virus must attach to something to spread,

244) What is a process by which a user misleads a system compromising or

into granting unauthorized rights, usually for the purpose of destroying the system?

C) spoofing
A) elevation of privilege D) spyware
B) packet tampering

245) DDoS stands for one of the common forms of viruses or crashes. What does
that attack multiple computers to flood a website until it slows DDoS stand for?

D) distributed
A) data distribution of systems attack denial-of-service attack
B) data denial-of-software attack
C) distributed data online systems attack

246) Which of the following are all common forms of

viruses?

service viruses
A) packet tampering, worms, cakes, and Trojan
viruses
B) polymorphic, sniffer, splogs, and denial-of-

Version 1 60
C) backdoor program, worm, and Trojan-horse
viruses
D) All of the answer choices are correct.

Version 1 61
247) What is the software called that allows Internet
advertisers to display advertisements without the consent of
the computer user?

C) spygloss
A) sploging D) CPU buzzer
B) adware

248) Who are hackers with criminal intent?

C) hoaxes
A) crackers D) cyberterrorists
B) black-hat hackers

249) Who are those who seek to cause harm to people or to a weapon of mass
destroy critical systems or information and use the Internet as destruction?

C) cyberterrorists
A) white-hat hackers D) script bunnies
B) black-hat hackers

250) Which of the following types of viruses spread

themselves not just from file to file but also from computer to
computer?

D) backdoor
A) polymorphic virus program
B) worm
C) Trojan-horse virus

251) What is the one of the most common forms of

computer vulnerabilities that can cause massive computer
damage?

B) white-hat
A) virus hackers

Version 1 62
C) dumpster diving
D) All of the answer choices are correct.

252) Which of the following change form as they

propagate?

D) splogs
A) backdoor programs
B) strikers
C) polymorphic viruses and worms

253) Which of the following is a computer attack where an without entering the office
attacker accesses a wireless computer network, intercepts or organization that owns
data, uses network services, and/or sends attack instructions the network?

D) hacker
A) backdoor program
B) drive-by hacking
C) polymorphic virus or worm

254) What is a broad term encompassing the protection of inside or outside an

information from accidental or intentional misuse by persons organization?

D) adware
A) information security
B) physical security
C) drive-by hacking

255) Who is an expert in technology who uses their

knowledge to break into computers and computer networks,
either for profit or just motivated by the challenge?

C) spyware
A) information spy D) adware
B) hacker

Version 1 63
256) What is a computer attack where an attacker accesses office or organization that
a wireless computer network, intercepts data, uses network owns the network?
services, and/or sends attack instructions without entering the

D) adware
A) spyware
B) hacker
C) drive-by hacking

257) What is a special class of adware that collects data user’s knowledge or
about the user and transmits it over the Internet without the permission?

D) adware
A) spyware
B) hacker
C) drive-by hacking

258) What is software that while purporting to serve some consent of the computer
useful function and often fulfilling that function also allows user?
Internet advertisers to display advertisements without the

D) adware
A) spyware
B) hacker
C) drive-by hacking

259) What is spyware?

office or organization that

A) a special class of adware that collects data about
the user and transmits it over the Internet without the user’s
knowledge or permission
B) experts in technology who use their knowledge to
break into computers and computer networks, either for profit
or just motivated by the challenge
C) a computer attack where an attacker accesses a
wireless computer network, intercepts data, uses network
services, and/or sends attack instructions without entering the

Version 1 64
owns the network
D) software that while purporting to serve some
useful function and often fulfilling that function also allows
Internet advertisers to display advertisements without the
consent of the computer user

Version 1 65
260) What is adware?

D) software that
A) a special class of adware that collects data about while purporting to serve
the user and transmits it over the Internet without the user’s some useful function and
knowledge or permission often fulfilling that
B) experts in technology who use their knowledge to function also allows
break into computers and computer networks, either for profit Internet advertisers to
or just motivated by the challenge display advertisements
C) a computer attack where an attacker accesses a without the consent of the
wireless computer network, intercepts data, uses network computer user
services, and/or sends attack instructions without entering the
office or organization that owns the network

261) What is drive-by hacking?

262) What is a hacker?

wireless computer
A) a special class of adware that collects data about network, intercepts data,
the user and transmits it over the Internet without the user’s uses network services,
knowledge or permission and/or sends attack
B) experts in technology who use their knowledge to instructions without
break into computers and computer networks, either for profit entering the office or
or just motivated by the challenge organization that owns the
C) a computer attack where an attacker accesses a network

Version 1 66
D) software that while purporting to serve some consent of the computer
useful function and often fulfilling that function also allows user
Internet advertisers to display advertisements without the

263) What is information security?

D) software that
A) a broad term encompassing the protection of while purporting to serve
information from accidental or intentional misuse by persons some useful function and
inside or outside an organization often fulfilling that
B) a special class of adware that collects data about function also allows
the user and transmits it over the Internet without the user’s Internet advertisers to
knowledge or permission display advertisements
C) a computer attack where an attacker accesses a without the consent of the
wireless computer network, intercepts data, uses network computer user
services, and/or sends attack instructions without entering the
office or organization that owns the network

264) What is a crowdsourcing initiative that rewards

individuals for discovering and reporting software bugs?

C) scareware
A) bug bounty program D) ransomware
B) malware

265) What is software that is intended to damage or disable

computers and computer systems?

C) scareware
A) bug bounty program D) ransomware
B) malware

266) What is a type of malware designed to trick victims useless and potentially
into giving up personal information to purchase or download dangerous software?

B) malware
A) bug bounty program

Version 1 67
C) scareware
D) ransomware

Version 1 68
267) What is a form of malicious software that infects your
computer and asks for money?

C) scareware
A) bug bounty program D) ransomware
B) malware

268) What is a bug bounty program?

useless and potentially

A) a crowdsourcing initiative that rewards dangerous software
individuals for discovering and reporting software bugs D) a form of
B) software that is intended to damage or disable malicious software that
computers and computer systems infects your computer and
C) a type of malware designed to trick victims into asks for money
giving up personal information to purchase or download

269) What is malware?

useless and potentially

270) What is scareware?

useless and potentially

Version 1 69
271) What is ransomware?

useless and potentially

272) What are the first two lines of defense a company

should take when addressing security risks?

D) people first,
A) technology first, customers second technology second
B) technology first, people second
C) innovation first, technology second

273) Which of the following represents the biggest problem

of information security breaches?

D) company
A) people misusing organizational information departments missing sales
B) technology failures goals
C) customers misusing organizational systems

274) Angela works for an identity protection company that her customer’s names. This
maintains large amounts of sensitive customer information is a classic example of
such as usernames, passwords, personal information, and which of the following
Social Security numbers. Angela and a coworker decide to security breaches?
use the sensitive information to open credit cards in a few of

D) a dumpster
A) a social engineer diver
B) an insider
C) a spammer

Version 1 70
275) Using one’s social skills to trick people into revealing
access credentials or other valuable information is called

D) social
A) social engineering. processes.
B) social media.
C) social viruses.

276) What is it called when a hacker looks through your

trash to find personal information?

D) approved
A) striker bunny consent
B) dumpster diving
C) trash retrieval

277) What is a form of social engineering in which one

individual lies to obtain confidential data about another
individual?

C) trash retrieval
A) dumpster texting D) pretexting
B) dumpster diving

278) What is pretexting?

D) malicious
A) a form of social engineering in which one agents designed by
individual lies to obtain confidential data about another spammers and other
individual Internet attackers to farm
B) when a hacker looks through your trash to find email addresses off
personal information websites or deposit
C) legitimate users who purposely or accidentally spyware on machines
misuse their access to the environment and cause some kind
of business-affecting incident

Version 1 71
279) What is dumpster diving?

D) malicious
A) a form of social engineering in which one agents designed by
individual lies to obtain confidential data about another spammers and other
individual Internet attackers to farm
B) a hacker looking through your trash to find email addresses off
personal information websites or deposit
C) legitimate users who purposely or accidentally spyware on machines
misuse their access to the environment and cause some kind
of business-affecting incident

280) What are insiders?

D) malicious
A) a form of social engineering in which one agents designed by
individual lies to obtain confidential data about another spammers and other
individual Internet attackers to farm
B) a hacker looking through your trash to find email addresses off
personal information websites or deposit
C) legitimate users who purposely or accidentally spyware on machines
misuse their access to the environment and cause some kind
of business-affecting incident

281) What are destructive agents?

D) malicious
A) a form of social engineering in which one agents designed by
individual lies to obtain confidential data about another spammers and other
individual Internet attackers to farm
B) hackers looking through your trash to find email addresses off
personal information websites or deposit
C) legitimate users who purposely or accidentally spyware on machines
misuse their access to the environment and cause some kind
of business-affecting incident

282) Working at a ski

resort in the mountains has

Version 1 72
its own unique security issues. Kenny is the chief information may be causing this. He
officer for Sundance Ski Resort, and he is faced with both needs to clarify and
physical and information security threats every month. Since establish what type of plan
the resort implemented a new software system, they have to help reduce further
been having larger number of threats and breaches of problems?
company information. He suspects that an internal employee

D) None of the
A) information security plan answer choices are correct.
B) ethical information policy
C) antivirus plan

283) eBay is an example of an online company that has your information will be
been faced with numerous security issues. For example, stolen. What type of
imagine you purchase a digital camera on eBay. Three months information security
later, you might receive an email asking you to log in to the breach would you consider
system to update your credit card or PayPal information. This this to be?
email is not actually from eBay, and as soon as you log in,

D) phishing
A) an insider
B) dumpster diving
C) social engineering

284) Which of the following is an example of a way to in their information

maintain information security that a company should include security policies?

D) All of the
A) requiring computer users to log off before answer choices are correct.
leaving for lunch
B) never sharing user or password information with
anyone
C) changing passwords every 30 to 60 days

285) Janet is a financial

aid counselor at a local
community college, and
she shares an office with

Version 1 73
three coworkers. Janet feels safe in her office environment creating the potential for
and frequently leaves her username and password on a sticky which type of information
note next to her computer. Without realizing it, Janet is security breach to occur?

system
A) insiders to hack into the college system D) All of the
B) dumpster diving to find usernames and passwords answer choices are correct.
C) viruses and worms to spread through the college

286) Applications allowed to be placed on the corporate the following company

network, such as IM software, and corporate computer policies?
equipment used for personal reasons on personal networks are
two areas that should be addressed by managers in which of

D) All of the
A) information ethics policy answer choices are correct.
B) information security policy
C) Information technology plan

287) Which of the following represents the three areas

where technology can aid in the defense against information
security attacks?

D) authentication
A) authentication and authorization, prevention and and authorization,
resistance, prevention and response prevention and resistance,
B) authentication and authorization, prevention and detection and response
response, detection and response
C) analyzing and authenticating, prevention and
repositioning, detection and response

288) What is the forging of someone’s identity for the

purpose of fraud?

D) All of the
A) identity crisis answer choices are correct.
B) identity theft
C) ediscovery

Version 1 74
289) What is the use of a false identity to artificially
stimulate demand for a product, brand, or service?

D) sock puppet
A) personally identifiable information (PII) marketing
B) nonsensitive PII
C) sensitive PII

290) What includes any data that could potentially identify

a specific individual?

D) sock puppet
A) personally identifiable information (PII) marketing
B) nonsensitive PII
C) sensitive PII

291) What is information transmitted without encryption books, corporate

and includes information collected from public records, phone directories, or websites?

D) sock puppet
A) personally identifiable information (PII) marketing
B) nonsensitive PII
C) sensitive PII

292) What is information transmitted with encryption and, and can potentially cause
when disclosed, results in a breach of an individual’s privacy the individual harm?

D) sock puppet
A) personally identifiable information (PII) marketing
B) nonsensitive PII
C) sensitive PII

293) What is sensitive PII?

individual
A) any data that could potentially identify a specific B) information

Version 1 75
transmitted without encryption and includes information D) the use of a
collected from public records, phone books, corporate false identity to artificially
directories, websites, etc. stimulate demand for a
C) information transmitted with encryption and, product, brand, or service
when disclosed, results in a breach of an individual’s privacy
and can potentially cause the individual harm

294) What is nonsensitive PII?

and can potentially cause

A) any data that could potentially identify a specific the individual harm
individual D) the use of a
B) information transmitted without encryption and false identity to artificially
includes information collected from public records, phone stimulate demand for a
books, corporate directories, websites, etc. product, brand, or service
C) information transmitted with encryption and,
when disclosed, results in a breach of an individual’s privacy

295) What is personally identifiable information (PII)?

and can potentially cause

296) What is sock puppet marketing?

when disclosed, results in a

A) any data that could potentially identify a specific
individual
B) information transmitted without encryption and
includes information collected from public records, phone
books, corporate directories, websites, etc.
C) information transmitted with encryption and,

Version 1 76
breach of an individual’s privacy and can potentially cause
the individual harm
D) the use of a false identity to artificially stimulate
demand for a product, brand, or service

Version 1 77
297) What is the difference between phishing and
pharming?

reroutes requests for

A) phishing is not illegal; pharming is illegal. legitimate websites to false
B) phishing is the right of the company, whereas websites.
pharming is the right of the individual. D) All of the
C) phishing is a technique to gain personal answer choices are correct.
information for the purpose of identity theft, and pharming

298) Imagine you accidentally mistype the URL for your

bank and you are redirected to a fake website that collects
your information. What type of identity theft were you just a
victim of?

D) insider
A) pharming hacking
B) worm holes
C) phishing

299) What area of information security focuses on

preventing identity theft, phishing, and pharming scams?

D) authentication
A) prevention and resistance and authorization
B) detection and authorizing
C) detection and response

300) What is the process that provides a user with

permission including access levels and abilities such as file
access, hours of access, and amount of allocated storage
space?

C) authorization
A) pharming D) programming
B) authentication

Version 1 78
301) What is a method for confirming users’ identities?

C) authorization
A) phishing D) programming
B) authentication

302) The most secure procedures combine which of the

following authentication and authorization techniques?

fingerprint or voice
A) something the user knows, such as a user ID and signature
password D) All of the
B) something the user has, such as a smart card or answer choices are correct.
token
C) something that is part of the user, such as a

303) A smart card is a device the size of a credit card that small amounts of software
contains embedded technology that stores information and and can act as a(n)

D) All of the
A) identification instrument. answer choices are correct.
B) form of digital cash.
C) data storage device.

304) The best and most effective way to manage

authentication is through

C) biometrics.
A) smart technology card. D) passwords.
B) tokens.

305) Which of the following is not considered a form of

biometrics?

B) password
A) iris scan

Version 1 79
C) fingerprint
D) handwriting

Version 1 80
306) Which of the following is the main drawback of
biometrics?

D) It requires
A) It is considered illegal. constant monitoring and
B) It is viewed as an invasion of privacy. upgrading.
C) It can be costly and intrusive.

307) How do prevention and resistance technologies stop

intruders from accessing and reading sensitive information?

D) None of the
A) content filtering, encryption, and firewalls answer choices are correct.
B) calculating, locking, and firewalls
C) content prohibiting and cookies

308) Which of the following occurs when organizations use

software that filters content, such as email, to prevent the
accidental or malicious transmission of unauthorized
information?

C) encryption
A) antivirus software D) firewalls
B) content filtering

309) What prevention technique scrambles information into

an alternative form that requires a key or password to
decrypt?

D) antivirus
A) encryption software
B) content filtering
C) firewalls

Version 1 81
D) All of the
A) switching the order of characters answer choices are correct.
B) replacing characters with other characters
C) inserting or removing characters

311) What type of encryption technology uses multiple

keys, one for public and one for private?

D) protective key
A) private key encryption code
B) policy key encryption
C) public key encryption

312) What is a data file that identifies individuals or

organizations online and is comparable to a digital signature?

D) digital card
A) digital code
B) digital sign
C) digital certificate

313) Charles Mott works for a company called VeriSign CheckMd’s success. What
that acts a trusted third party to verify information. One of type of authentication
Charles’ largest clients is CheckMd, which holds and technique is VeriSign
authenticates customer reviews of doctors and dentists online. providing for CheckMD?
Having a third party validating the reviews is critical to

D) digital content
A) firewall certificate
B) certificate authority
C) online certificate

314) What is hardware or software that guards a private

network by analyzing incoming and outgoing information for
the correct markings?

A) firewall

Version 1 82
B) certificate authority D) digital
C) online certificate certificate

315) Which of the following protection techniques scans known viruses, adware,
and searches hard drives to prevent, detect, and remove and spyware?

D) antivirus
A) firewall software
B) digital certificate
C) virus software

316) What must you do with antivirus software to make it

protect effectively?

D) All of the
A) never upgrade or change vendors answer choices are correct.
B) download a portable button for it to activate
C) frequently update it to protect against viruses

317) Which of the following systems is designed with full- network traffic that
time monitoring tools that search for patterns in network attempts to access files and
traffic to identify intruders and to protect against suspicious data?

D) Internet
A) interconnected data software (IDS) detection scanner (IDS)
B) intrusion detection software (IDS)
C) security information system (SIS)

318) What is the most secure type of authentication?

fingerprint or voice
A) something the user knows such as a user ID and signature
password D) All of the
B) something the user has such as a smart card or answer choices are correct.
token
C) something that is part of the user such as a

Version 1 83
319) What is a device that is around the same size as a
credit card and contains embedded technologies that can store
information and small amounts of software to perform some
limited processing?

C) smart card
A) token D) biometrics
B) password

320) What is the identification of a user based on a physical

characteristic, such as a fingerprint, iris, face, voice, or
handwriting?

D) content
A) smart card filtering
B) token
C) biometrics

321) Which of the following is considered a type of

biometrics?

D) All of the
A) voice answer choices are correct.
B) face
C) iris

322) What is a set of measurable characteristics of a human

voice that uniquely identifies an individual?

D) All of the
A) voiceprint answer choices are correct.
B) face
C) iris

323) What is single-

factor authentication?

Version 1 84
D) the
A) the traditional security process, which requires a identification of a user
username and password based on physical
B) requires the user to provide two means of characteristic such as a
authentication: what the user knows (password) and what the fingerprint, iris, face, voice
user has (security token) or handwriting
C) requires more than two means of authentication
such as what the user knows (password), what the user has
(security token), and what the user is (biometric verification)

324) What is multifactor authentication?

D) the
A) the traditional security process, which requires a identification of a user
username and password based on physical
B) requires the user to provide two means of characteristic such as a
authentication: what the user knows (password) and what the fingerprint, iris, face, voice
user has (security token) or handwriting
C) requires more than two means of authentication
such as what the user knows (password), what the user has
(security token), and what the user is (biometric verification)

325) What is two-factor authentication?

326) What gathers an organization’s computer network

traffic patterns to identify unusual or suspicious operations?

A) network

Version 1 85
behavior analysis D) cyber-
B) cyber-vigilantes espionage
C) cyberterrorism

327) What includes individuals who seek notoriety or want

to make a social or political point such as WikiLeaks?

D) cyber-
A) network behavior analysis espionage
B) cyber-vigilantes
C) cyberterrorism

328) What includes governments that are after some form

of information about other governments?

D) cyber-
A) network behavior analysis espionage
B) cyber-vigilantes
C) cyberterrorism

329) What is the use of computer and networking attain political, religious,
technologies against persons or property to intimidate or or ideological goals?
coerce governments, individuals, or any segment of society to

D) cyber-
A) network behavior analysis espionage
B) cyber-vigilantes
C) cyberterrorism

330) What is the traditional security process that requires a

username and password?

D) biometrics
A) single-factor authentication
B) two-factor authentication
C) multifactor authentication

Version 1 86
331) What requires more than two means of authentication
such as what the user knows (password), what the user has
(security token), and what the user is (biometric verification)?

D) biometrics
A) single-factor authentication
B) two-factor authentication
C) multifactor authentication

332) What requires the user to provide two means of

authentication: what the user knows (password) and what the
user has (security token)?

D) biometrics
A) single-factor authentication
B) two-factor authentication
C) multifactor authentication

333) What are biometrics?

334) Which of the following authentication methods is 100

percent accurate?

D) None of the
A) smart card answer choices are correct.
B) fingerprint authentication
C) user ID

Version 1 87
335) Where do organizations typically place firewalls?

software
A) between a personal computer and the server D) between the
B) between a personal computer and a printer server and the Internet
C) between the server and the content filtering

336) What is the category of computer security that and confirmation of data
addresses the protection of data from unauthorized disclosure source authenticity?

D) spear phishing
A) information secrecy
B) phishing
C) phishing expedition

337) What is a technique to gain personal information for

the purpose of identity theft, usually by means of fraudulent
emails that look as though they came from legitimate
businesses?

D) spear phishing
A) pharming
B) phishing
C) phishing expedition

338) What is a masquerading attack that combines spam

with spoofing?

D) spear phishing
A) pharming
B) phishing
C) phishing expedition

339) What is a phone scam that attempts to defraud people

by asking them to call a bogus telephone number to "confirm"
their account information?

Version 1 88
D) vishing
A) pharming
B) phishing
C) phishing expedition

340) What reroutes requests for legitimate websites to false

websites?

D) spear phishing
A) pharming
B) phishing
C) phishing expedition

341) What is information secrecy?

spoofing
A) the category of computer security that addresses D) a phishing
the protection of data from unauthorized disclosure and expedition in which the
confirmation of data source authenticity emails are carefully
B) a technique to gain personal information for the designed to target a
purpose of identity theft, usually by means of fraudulent particular person or
emails that look as though they came from legitimate organization
businesses
C) a masquerading attack that combines spam with

342) What is phishing?

spoofing
A) reroutes requests for legitimate websites to false D) a phishing
websites expedition in which the
B) a technique to gain personal information for the emails are carefully
purpose of identity theft, usually by means of fraudulent designed to target a
emails that look as though they came from legitimate particular person or
businesses organization
C) a masquerading attack that combines spam with

343) What is a phishing expedition?

Version 1 89
spoofing
A) reroutes requests for legitimate websites to false D) a phishing
websites expedition in which the
B) a technique to gain personal information for the emails are carefully
purpose of identity theft, usually by means of fraudulent designed to target a
emails that look as though they came from legitimate particular person or
businesses organization
C) a masquerading attack that combines spam with

344) What is spear phishing?

345) What is vishing?

spoofing
A) reroutes requests for legitimate websites to false D) a phone scam
websites that attempts to defraud
B) a technique to gain personal information for the people by asking them to
purpose of identity theft, usually by means of fraudulent call a bogus telephone
emails that look as though they came from legitimate number to "confirm" their
businesses account information
C) a masquerading attack that combines spam with

346) What is pharming?

emails that look as though

A) reroutes requests for legitimate websites to false they came from legitimate
websites businesses
B) a technique to gain personal information for the C) a
purpose of identity theft, usually by means of fraudulent masquerading attack that

Version 1 90
combines spam with spoofing their account information
D) a phone scam that attempts to defraud people by
asking them to call a bogus telephone number to "confirm"

347) What reroutes requests for legitimate websites to false

websites?

D) pharming
A) zombie
B) zombie farm
C) pharming attack

348) What is a program that secretly takes over another

computer for the purpose of launching attacks on other
computers?

D) time bomb
A) zombie
B) zombie farm
C) pharming attack

349) What is a group of computers on which a hacker has

planted zombie programs?

D) time bomb
A) zombie
B) zombie farm
C) pharming attack

350) What uses a zombie farm, often by an organized crime

association, to launch a massive phishing attack?

D) time bomb
A) zombie
B) zombie farm
C) pharming attack

Version 1 91
351) What are computer viruses that wait for a specific date
before executing their instructions?

D) time bombs
A) zombies
B) zombie farms
C) pharming attacks

352) What is a data file that identifies individuals or

organizations online and is comparable to a digital signature?

C) decryption
A) digital certificate D) cryptography
B) encryption

353) What scrambles information into an alternative form

that requires a key or password to decrypt?

C) decryption
A) digital certificate D) cryptography
B) encryption

354) What decodes information?

C) decryption
A) digital certificate D) cryptography
B) encryption

355) What is the science that studies encryption, which is

the hiding of messages so that only the sender and receiver
can read them?

C) decryption
A) digital certificate D) cryptography
B) encryption

Version 1 92
ESSAY. Write your answer in the space provided or on a 356) Explain the ethical
separate sheet of paper. issues in the use of
information technology.

357) Identify the six epolicies organizations should

implement to protect themselves.

358) Describe the relationships and differences between

hackers and viruses.

359) Describe the relationship between information security

policies and an information security plan.

Version 1 93
360) Provide an example of each of the three primary
information security areas: (1) authentication and
authorization, (2) prevention and resistance, and (3) detection
and response.

Version 1 94
Answer Key

Test name: Chapter 4

1) TRUE
2) FALSE
3) TRUE
4) FALSE
5) TRUE
6) TRUE
7) FALSE
8) FALSE
9) FALSE
10) TRUE
11) FALSE
12) TRUE
13) TRUE
14) TRUE
15) TRUE
16) FALSE
17) TRUE
18) FALSE
19) TRUE

Version 1 95
20) TRUE
21) FALSE
22) TRUE
23) TRUE
24) TRUE
25) TRUE
26) TRUE
27) FALSE
28) TRUE
29) FALSE
30) FALSE
31) TRUE
32) FALSE
33) TRUE
34) FALSE
35) TRUE
36) TRUE
37) TRUE
38) TRUE
39) TRUE
40) TRUE

Version 1 96
41) TRUE
42) FALSE
43) FALSE
44) TRUE
45) TRUE
46) FALSE
47) FALSE
48) FALSE
49) FALSE
50) TRUE
51) TRUE
52) FALSE
53) TRUE
54) TRUE
55) TRUE
56) TRUE
57) TRUE
58) FALSE
59) FALSE
60) TRUE
61) TRUE

Version 1 97
62) FALSE
63) TRUE
64) FALSE
65) TRUE
66) FALSE
67) TRUE
68) TRUE
69) FALSE
70) TRUE
71) TRUE
72) TRUE
73) FALSE
74) FALSE
75) FALSE
76) TRUE
77) TRUE
78) FALSE
79) TRUE
80) FALSE
81) FALSE
82) TRUE

Version 1 98
83) TRUE
84) FALSE
85) TRUE
86) TRUE
87) FALSE
88) TRUE
89) FALSE
90) TRUE
91) TRUE
92) FALSE
93) FALSE
94) TRUE
95) TRUE
96) TRUE
97) FALSE
98) TRUE
99) TRUE
100) TRUE
101) FALSE
102) FALSE
103) TRUE

Version 1 99
104) TRUE
105) TRUE
106) TRUE
107) FALSE
108) FALSE
109) FALSE
110) TRUE
111) C
112) D
113) B
114) A
115) C
116) A
117) B
118) D
119) C
120) B
121) A
122) C
123) B
124) C

Version 1 100
125) C
126) A
127) B
128) C
129) D
130) A
131) A
132) B
133) C
134) D
135) C
136) D
137) B
138) C
139) D
140) A
141) A
142) B
143) C
144) C
145) A

Version 1 101
146) C
147) D
148) B
149) C
150) D
151) A
152) B
153) D
154) C
155) A
156) B
157) C
158) C
159) A
160) D
161) A
162) B
163) A
164) D
165) B
166) B

Version 1 102
167) C
168) D
169) C
170) D
171) A
172) B
173) D
174) A
175) B
176) C
177) B
178) B
179) C
180) D
181) D
182) C
183) B
184) A
185) B
186) D
187) A

Version 1 103
188) C
189) A
190) B
191) A
192) B
193) B
194) D
195) D
196) A
197) B
198) A
199) B
200) C
201) C
202) D
203) B
204) A
205) B
206) C
207) D
208) A

Version 1 104
209) B
210) C
211) D
212) A
213) A
214) B
215) C
216) D
217) D
218) C
219) B
220) A
221) C
222) D
223) A
224) C
225) B
226) D
227) C
228) B
229) A

Version 1 105
230) D
231) A
232) B
233) C
234) A
235) C
236) B
237) D
238) D
239) A
240) B
241) C
242) D
243) C
244) A
245) D
246) C
247) B
248) A
249) C
250) B

Version 1 106
251) A
252) C
253) B
254) A
255) B
256) C
257) A
258) D
259) A
260) D
261) C
262) B
263) A
264) A
265) B
266) C
267) D
268) A
269) B
270) C
271) D

Version 1 107
272) D
273) A
274) B
275) A
276) B
277) D
278) A
279) B
280) C
281) D
282) A
283) D
284) D
285) A
286) B
287) D
288) B
289) D
290) A
291) B
292) C

Version 1 108
293) C
294) B
295) A
296) D
297) C
298) A
299) D
300) C
301) B
302) D
303) D
304) C
305) B
306) C
307) A
308) B
309) A
310) D
311) C
312) C
313) B

Version 1 109
314) A
315) D
316) C
317) B
318) D
319) C
320) C
321) D
322) A
323) A
324) C
325) B
326) A
327) B
328) D
329) C
330) A
331) C
332) B
333) D
334) D

Version 1 110
335) D
336) A
337) B
338) C
339) D
340) A
341) A
342) B
343) C
344) D
345) D
346) A
347) D
348) A
349) B
350) C
351) D
352) A
353) B
354) C
355) D

Version 1 111
356) Information ethics govern the ethical and loyalties. Inevitably,
moral issues arising from the development and there will be more
use of information technologies, as well as the than one socially
creation, collection, duplication, distribution, acceptable or
and processing of information itself (with or "correct" decision.
without the aid of computer technologies). For this reason,
Ethical dilemmas in this area usually arise not acting ethically and
as simple, clear-cut situations but as clashes legally are not
between competing goals, responsibilities, and always the same.
357) An ethical computer use policy contains or principles
general principles to guide computer user governing employee
behavior. For example, it might explicitly online
state that users should refrain from playing communications.
computer games during working hours. An An employee
information privacy policy contains general monitoring policy
principles regarding information privacy. An states explicitly
acceptable use policy is a policy that a user how, when, and
must agree to follow in order to be provided where the company
access to corporate email, information monitors its
systems, and the Internet. An email privacy employees.
policy details the extent to which email
messages may be read by others. A social
media policy outlines the corporate guidelines
358) Hackers are experts in technology who and leave viruses,
use their knowledge to break into computers causing massive
and computer networks, either for profit or computer damage.
just for the challenge. A virus is software
written with malicious intent to cause
annoyance or damage. Some hackers create

Version 1 112
359) Information security policies identify the The best way a
rules required to maintain information company can
security, such as requiring users to log off safeguard itself is
before leaving for lunch or meetings, never by implementing
sharing passwords with anyone, and changing and communicating
passwords every 30 days. An information its information
security plan details how an organization will security plan.
implement the information security policies.
360) Authentication and authorization: and/or software that
Authentication is a method of confirming guards a private
users’ identities. Once a system determines the network by
authentication of a user, it can then determine analyzing incoming
the access privileges (or authorization) for that and outgoing
user. Authorization is the process of providing information for the
a user with permission, including access levels correct markings.
and abilities such as file access, hours of Detection and
access, and amount of allocated storage space. intrusion detection
Prevention and resistance: Content filtering software features
occurs when organizations use software that full-time monitoring
filters content, such as emails, to prevent the tools that search for
accidental or malicious transmission of patterns in network
unauthorized information. Encryption traffic to identify
scrambles information into an alternative form intruders.
that requires a key or password to decrypt. In
a security breach, a thief is unable to read
encrypted information. A firewall is hardware

Version 1 113

Kisi-Kisi CSCU
100% (3)
Kisi-Kisi CSCU
6 pages
Internship Report Format
No ratings yet
Internship Report Format
4 pages
Toastmaster Clubs FreeToastHost (FTH) Website Manual
No ratings yet
Toastmaster Clubs FreeToastHost (FTH) Website Manual
20 pages
Cryptography and Network Security Principles and Practice, Chapter 1 To CHpater 6 Tests
100% (1)
Cryptography and Network Security Principles and Practice, Chapter 1 To CHpater 6 Tests
34 pages
12.CEH Module 3 Assignment 3.1
No ratings yet
12.CEH Module 3 Assignment 3.1
7 pages
Ujian Pertama F4 09
No ratings yet
Ujian Pertama F4 09
7 pages
It101 CH5 TF
No ratings yet
It101 CH5 TF
2 pages
Group 4 Sex and Technology Multiple Choice: D. Child Pornography
No ratings yet
Group 4 Sex and Technology Multiple Choice: D. Child Pornography
12 pages
Chapter 4: Personal, Legal, Ethical, and Organizational Issues of Information Systems Multiple Choice
No ratings yet
Chapter 4: Personal, Legal, Ethical, and Organizational Issues of Information Systems Multiple Choice
2 pages
Time
No ratings yet
Time
110 pages
Online Safety & Ethics Quiz
No ratings yet
Online Safety & Ethics Quiz
12 pages
TIBCO BW 5x Deployment Process
No ratings yet
TIBCO BW 5x Deployment Process
47 pages
Week9 Quiz
No ratings yet
Week9 Quiz
5 pages
IT Tools in Business Quizess
No ratings yet
IT Tools in Business Quizess
7 pages
Information Security Essentials
No ratings yet
Information Security Essentials
9 pages
Grade 12 Mid Exam
No ratings yet
Grade 12 Mid Exam
3 pages
Business Information Systems Quiz
No ratings yet
Business Information Systems Quiz
18 pages
Info. Assurance and Security1
100% (3)
Info. Assurance and Security1
9 pages
Final Information System
No ratings yet
Final Information System
7 pages
Chapter 4
No ratings yet
Chapter 4
4 pages
Unit 3 - Question Bank - Civics
No ratings yet
Unit 3 - Question Bank - Civics
8 pages
Chapter 9 Privacy, Crime, & Security: Computers Are Your Future, 10e (Coyle)
No ratings yet
Chapter 9 Privacy, Crime, & Security: Computers Are Your Future, 10e (Coyle)
27 pages
Cayf12e - Testbank - 09 - Security
100% (1)
Cayf12e - Testbank - 09 - Security
17 pages
Group 4 Sex and Technology Multiple Choice: D. Child Pornography
No ratings yet
Group 4 Sex and Technology Multiple Choice: D. Child Pornography
12 pages
SOCIETAL IMAPCT-MCQs
No ratings yet
SOCIETAL IMAPCT-MCQs
2 pages
43y3y SDGFSD
No ratings yet
43y3y SDGFSD
3 pages
AIS General
No ratings yet
AIS General
28 pages
Ecvsdfvasd
No ratings yet
Ecvsdfvasd
3 pages
Quiz 4 - ISA235 YB
No ratings yet
Quiz 4 - ISA235 YB
10 pages
Unit-3&4 Constitution ISA-2 Key
No ratings yet
Unit-3&4 Constitution ISA-2 Key
21 pages
Key Answer
No ratings yet
Key Answer
4 pages
Data (EIT - Full)
0% (1)
Data (EIT - Full)
40 pages
Att Usxbomucfs19zjfievw94uvobljuvxecrchbuhs8938
No ratings yet
Att Usxbomucfs19zjfievw94uvobljuvxecrchbuhs8938
15 pages
Finalstudymaterial CSXITerm
No ratings yet
Finalstudymaterial CSXITerm
26 pages
Cyber Security
No ratings yet
Cyber Security
7 pages
Firewall Audit Checklist WEB
No ratings yet
Firewall Audit Checklist WEB
10 pages
Texts and Hypertexts
No ratings yet
Texts and Hypertexts
11 pages
Social and Ethical Issues of The Internet-Definition-Quality of Information-Value of Information
No ratings yet
Social and Ethical Issues of The Internet-Definition-Quality of Information-Value of Information
39 pages
IT Security Basics for Students
No ratings yet
IT Security Basics for Students
8 pages
Cyber Law MCQ
No ratings yet
Cyber Law MCQ
20 pages
CTC 311 Questions and Answers
No ratings yet
CTC 311 Questions and Answers
9 pages
!!! TOTAL MERGED PG SIA CH 11,12,13
No ratings yet
!!! TOTAL MERGED PG SIA CH 11,12,13
88 pages
CLASS 11 CS - Society, Law and Ethics - Soaring High
No ratings yet
CLASS 11 CS - Society, Law and Ethics - Soaring High
12 pages
Ethical Hacking & Network Defense PDF
No ratings yet
Ethical Hacking & Network Defense PDF
2 pages
Unit - 3: Cyber Ethics - Chapter 9 Objective Type Questions
No ratings yet
Unit - 3: Cyber Ethics - Chapter 9 Objective Type Questions
14 pages
CIS 4365 Corporate Security Policy Mid-Term - Answer - Key
No ratings yet
CIS 4365 Corporate Security Policy Mid-Term - Answer - Key
8 pages
Information Systems 1 Ext Y2 Test 1 - 2024
No ratings yet
Information Systems 1 Ext Y2 Test 1 - 2024
5 pages
Tif 9780273761389 14
No ratings yet
Tif 9780273761389 14
50 pages
Operational Security Is The Underlying Technical Features and Functions That Relate Collectively To The Achievement and Preservation of Security
No ratings yet
Operational Security Is The Underlying Technical Features and Functions That Relate Collectively To The Achievement and Preservation of Security
28 pages
Cat Exams Out of 70
No ratings yet
Cat Exams Out of 70
20 pages
945 Raspberry Pi Projects List
100% (2)
945 Raspberry Pi Projects List
20 pages
Assignment 2
No ratings yet
Assignment 2
4 pages
Ict 407 - Professional Computing Ethics 21 22
No ratings yet
Ict 407 - Professional Computing Ethics 21 22
16 pages
It100 Finals Accumulated Quiz Questions
No ratings yet
It100 Finals Accumulated Quiz Questions
25 pages
AIS 7 Finals
No ratings yet
AIS 7 Finals
151 pages
WinPE 10-8 Strelec Boot Disk Tools
No ratings yet
WinPE 10-8 Strelec Boot Disk Tools
6 pages
Society Law - Worksheet
No ratings yet
Society Law - Worksheet
4 pages
Technology Now Your Companion To Sam Computer Concepts 1st Edition Corinne Hoisington Test Bank
100% (34)
Technology Now Your Companion To Sam Computer Concepts 1st Edition Corinne Hoisington Test Bank
7 pages
DHL Emailship Userguide en
No ratings yet
DHL Emailship Userguide en
20 pages
XAMPP Virtual Hosts Setup Guide
No ratings yet
XAMPP Virtual Hosts Setup Guide
2 pages
Embedding Pentaho Reporting Engine
No ratings yet
Embedding Pentaho Reporting Engine
39 pages
Syllabus EDTECH 552: Introduction To Network Administration (Fall 2014)
No ratings yet
Syllabus EDTECH 552: Introduction To Network Administration (Fall 2014)
8 pages
Central OnLite System Zumtobel
No ratings yet
Central OnLite System Zumtobel
64 pages
CS625 Final Current Papers by MK Online Academy
No ratings yet
CS625 Final Current Papers by MK Online Academy
10 pages
Chapter 4
No ratings yet
Chapter 4
47 pages
Cisco Unified Intelligence Center Report Customization Guide, Release 10.5
No ratings yet
Cisco Unified Intelligence Center Report Customization Guide, Release 10.5
68 pages
Module 4
No ratings yet
Module 4
77 pages
Splunk Enterprise Security Use Splunk Enterprise Security 5.3.1
No ratings yet
Splunk Enterprise Security Use Splunk Enterprise Security 5.3.1
92 pages
Dayananda Sagar University: Special Topic-1 Report
No ratings yet
Dayananda Sagar University: Special Topic-1 Report
20 pages
Societal Impact Notes
No ratings yet
Societal Impact Notes
12 pages
Visual Basic 6 Web Programming
No ratings yet
Visual Basic 6 Web Programming
1,117 pages
SIAE ALS PDH Radio Family Manual PDF
No ratings yet
SIAE ALS PDH Radio Family Manual PDF
324 pages
FIR Against Porn Website For Animal Abuse: Ban in India, Complaint Lodged by Naresh Kadyan
No ratings yet
FIR Against Porn Website For Animal Abuse: Ban in India, Complaint Lodged by Naresh Kadyan
2 pages
Business Ethics Now 4th Edition Andrew Ghillyer Test Bank
100% (43)
Business Ethics Now 4th Edition Andrew Ghillyer Test Bank
42 pages
OA1000 Pro Series User Manual: OA1000 Pro OA1000Mercury Pro OA1000 URU Pro
No ratings yet
OA1000 Pro Series User Manual: OA1000 Pro OA1000Mercury Pro OA1000 URU Pro
102 pages
Ready Project (Mobile Banking)
100% (1)
Ready Project (Mobile Banking)
72 pages
Derayah Global
No ratings yet
Derayah Global
12 pages
Ott Technolgy
No ratings yet
Ott Technolgy
21 pages
Summary of Exams
No ratings yet
Summary of Exams
19 pages
Key Management & Certification: Dr. Risala Tasin Khan Professor Iit, Ju
No ratings yet
Key Management & Certification: Dr. Risala Tasin Khan Professor Iit, Ju
36 pages
CSDD L6
No ratings yet
CSDD L6
22 pages
EXAM AA1-EV01. Questionnaire On Cybersecurity Concepts and Information Security.
No ratings yet
EXAM AA1-EV01. Questionnaire On Cybersecurity Concepts and Information Security.
10 pages
Virtual Numbers From United States Receive SMS Online
No ratings yet
Virtual Numbers From United States Receive SMS Online
1 page
!M1-M6 FAs
No ratings yet
!M1-M6 FAs
9 pages
ANSWER Assignment, 03
No ratings yet
ANSWER Assignment, 03
11 pages
Mod.4 Cybersecurity
No ratings yet
Mod.4 Cybersecurity
6 pages
Societal Impacts
No ratings yet
Societal Impacts
4 pages
Final DCCN Driems - Docx1
No ratings yet
Final DCCN Driems - Docx1
66 pages
ACI Contract
No ratings yet
ACI Contract
226 pages