IS 3003 UTSA Exam 4 Terms questions
n answers 2025/2026
Insiders - correct answer ✔✔Legitimate users who purposely or accidentally misuse their access
to information or resources and cause some kind of business-affecting event
Hacker - correct answer ✔✔A person who gains unauthorized access to a computer network for
profit, criminal mischief, or personal pleasure
Zero-day vulnerabilities - correct answer ✔✔Holes in SW that are unknown to the creator...so
hackers can exploit this flaw before the vendor becomes aware of the problem
Patches - correct answer ✔✔•Small pieces of software released by a SW vendor to repair flaws
•However, amount of software in use can mean exploits created faster than patches can be
released & implemented
Evidence for white collar crimes often found in digital form - correct answer ✔✔Data stored on
computer devices, e-mail, instant messages, e-commerce transactions
Computer forensics - correct answer ✔✔•Scientific collection, examination, authentication,
preservation, and analysis of data from computer storage media for use as evidence in court of
law
•Includes recovery of ambient and hidden data
General controls - correct answer ✔✔Govern design, security, and use of computer programs
and security of data files in general throughout organization's information technology
infrastructure.
,Application controls - correct answer ✔✔Specific controls unique to each computerized
application, such as payroll or order processing; ensure that only authorized data are completely
and accurately processed by that application
Risk assessment - correct answer ✔✔Determines level of risk to the firm if specific activity or
process is not properly controlled
Security policy - correct answer ✔✔•Ranks information risks, identifies acceptable security
goals, and identifies mechanisms for achieving these goals
•Drives other policies
Acceptable use policy (AUP) - correct answer ✔✔Defines acceptable uses of firm's information
resources and computing equipment
Authorization policies - correct answer ✔✔•Determine differing levels of user access to
information assets
•Incorporated in the firm's Identity Management Systems
Business continuity planning - correct answer ✔✔Focuses on restoring business operations
after a disaster
Disaster recovery planning - correct answer ✔✔Plans for restoration of disrupted services -
focuses primarily on the technical issues involved in keeping systems up and running
Backup - correct answer ✔✔Copies of critical systems and data, done on a regular basis
Hot Site - correct answer ✔✔Separate & fully equipped facility where the firm can move
immediately after a disaster and resume business
, Cold Site - correct answer ✔✔Separate facility without any computer equipment but is a place
employees can move after a disaster - provides a shell to get started - "computer ready"
Information Systems audit - correct answer ✔✔•Examines firm's overall security environment
as well as controls governing individual information systems
•Reviews technologies, procedures, documentation, training, and personnel
Identity Management Systems - correct answer ✔✔•Support the organization's Security and
Authorization policies
•Include business processes and technologies for identifying valid users of systems & what they
are allowed to access/change
Authentication - correct answer ✔✔The ability to know that a person is who he or she claims to
be; a method of confirming users' identities
Authorization - correct answer ✔✔Determines what actions, rights, or privileges the user has,
based on the verified identity
User ID - correct answer ✔✔Combination of numbers, characters, and symbols used to identify
a person as a legitimate user of a system
Password - correct answer ✔✔Combination of numbers, characters, and symbols used to
authenticate a user and allow access to specified system resources based on the verified
identity and user profile
Passphrase - correct answer ✔✔Series of characters that is longer than a password but is still
easy to memorize
Password management applications - correct answer ✔✔Allow user to store username and
password, along with other account details
n answers 2025/2026
Insiders - correct answer ✔✔Legitimate users who purposely or accidentally misuse their access
to information or resources and cause some kind of business-affecting event
Hacker - correct answer ✔✔A person who gains unauthorized access to a computer network for
profit, criminal mischief, or personal pleasure
Zero-day vulnerabilities - correct answer ✔✔Holes in SW that are unknown to the creator...so
hackers can exploit this flaw before the vendor becomes aware of the problem
Patches - correct answer ✔✔•Small pieces of software released by a SW vendor to repair flaws
•However, amount of software in use can mean exploits created faster than patches can be
released & implemented
Evidence for white collar crimes often found in digital form - correct answer ✔✔Data stored on
computer devices, e-mail, instant messages, e-commerce transactions
Computer forensics - correct answer ✔✔•Scientific collection, examination, authentication,
preservation, and analysis of data from computer storage media for use as evidence in court of
law
•Includes recovery of ambient and hidden data
General controls - correct answer ✔✔Govern design, security, and use of computer programs
and security of data files in general throughout organization's information technology
infrastructure.
,Application controls - correct answer ✔✔Specific controls unique to each computerized
application, such as payroll or order processing; ensure that only authorized data are completely
and accurately processed by that application
Risk assessment - correct answer ✔✔Determines level of risk to the firm if specific activity or
process is not properly controlled
Security policy - correct answer ✔✔•Ranks information risks, identifies acceptable security
goals, and identifies mechanisms for achieving these goals
•Drives other policies
Acceptable use policy (AUP) - correct answer ✔✔Defines acceptable uses of firm's information
resources and computing equipment
Authorization policies - correct answer ✔✔•Determine differing levels of user access to
information assets
•Incorporated in the firm's Identity Management Systems
Business continuity planning - correct answer ✔✔Focuses on restoring business operations
after a disaster
Disaster recovery planning - correct answer ✔✔Plans for restoration of disrupted services -
focuses primarily on the technical issues involved in keeping systems up and running
Backup - correct answer ✔✔Copies of critical systems and data, done on a regular basis
Hot Site - correct answer ✔✔Separate & fully equipped facility where the firm can move
immediately after a disaster and resume business
, Cold Site - correct answer ✔✔Separate facility without any computer equipment but is a place
employees can move after a disaster - provides a shell to get started - "computer ready"
Information Systems audit - correct answer ✔✔•Examines firm's overall security environment
as well as controls governing individual information systems
•Reviews technologies, procedures, documentation, training, and personnel
Identity Management Systems - correct answer ✔✔•Support the organization's Security and
Authorization policies
•Include business processes and technologies for identifying valid users of systems & what they
are allowed to access/change
Authentication - correct answer ✔✔The ability to know that a person is who he or she claims to
be; a method of confirming users' identities
Authorization - correct answer ✔✔Determines what actions, rights, or privileges the user has,
based on the verified identity
User ID - correct answer ✔✔Combination of numbers, characters, and symbols used to identify
a person as a legitimate user of a system
Password - correct answer ✔✔Combination of numbers, characters, and symbols used to
authenticate a user and allow access to specified system resources based on the verified
identity and user profile
Passphrase - correct answer ✔✔Series of characters that is longer than a password but is still
easy to memorize
Password management applications - correct answer ✔✔Allow user to store username and
password, along with other account details
