©THEBRIGHT EXAM STUDY SOLUTIONS 8/27/2024 12:01 PM
IDSC 3001 FINAL Exam Questions With
Correct Answers
Information Ethics - answer✔✔ethical issues associated with the development and application of
information technologies
Stakeholder Theory - answer✔✔A theory that holds that social responsibility is paying attention
to the interest of every affected stakeholder in every aspect of a firm's operation
· Anyone but the stockholder is a means to an end of profitability
· Executives can only spend funds in ways that have been approved by the stakeholders
· Through legal and ethical means, and with a long-term orientation
· Pursuing profits also promotes the interests of society
Stockholder Theory - answer✔✔managers are agents of the stockholders, and their only ethical
responsibility is to increase the profits of the business without violating the law or engaging in
fraudulent practices
· Everyone who has stake in the company should be considered when making decisions
· Customers, employees, stakeholders, executives, managers
· Respect all rights of each stakeholders, and give equal considerations to the legitimate interests
of all stakeholders and adapt corporate policies that produce the optimal balance among them
Collection and Storage of Personal Data - answer✔✔Data collected should only be what is
necessary, should be explained all uses of it, and there should be options for how much is
collected
Secondary Data Use - answer✔✔1. privacy policies need to outline how else the company uses
data; should adhere to any policies that are put in place; and should not stray from strictly
"affiliate sharing"
Data Accuracy - answer✔✔the extent to which data are free of identifiable errors; data are
correct (quality characteristic)
Some cases like the Fair Credit Reporting Act (FCRA) allow data subjects to sue
a credit bureau for damages if the bureau has been notified repeatedly about
, ©THEBRIGHT EXAM STUDY SOLUTIONS 8/27/2024 12:01 PM
errors but has not taken steps to correct
Authorized Access - answer✔✔a) Need technical controls to allow restricted access to sensitive
information
b) Create politics on a "need to know" basis and consider physical blocking
devices in clicks
Automated Judgement - answer✔✔a) Rise of expert systems (AI) in decision making
b) ex. College students and credit cards by major
Data Mining and Profiling - answer✔✔ex. Combination of data between online ads and mail ads.
Over generalization
Opt-In - answer✔✔unless data subjects have given an expressed permission to use their data, it
must be assumed that there is no consent for that use
Opt-Out - answer✔✔unless data subjects register an overt objection, it is assumed that the
additional use of the data is acceptable
Computer Virus - answer✔✔software that is capable of executing an unwanted action on the
victim's computer and has a mechanism for replicating itself inside other computers that come in
contact with the infected machine
Rootkit - answer✔✔Computer software that hides the presence and activity of intruders
-Used in combo with trojan software, hackers can change system settings and use the computer
without the user or monitoring software detecting it
Worms - answer✔✔A more dangerous evolution of viruses, worms are self-propagating
(meaning they do not need any intervention from the victim, such as clicking on infected
software attached to an email)
Trojan Horse - answer✔✔-It claims to do one thing or nothing harmful but instead does damage
when you run it
-Can be controlled remotely by hackers to extract passwords and other sensitive info
-Can also be used to create zombie, for forwarding advertising spam, phishing emails and Trojan
software to millions of other companies on the internet
Phishing - answer✔✔Software that tricks internet users into divulging their personal info for use
or resale by criminals who can profit from the info (Eg. fake emails and websites that look like
real and from legitimate sources)
, ©THEBRIGHT EXAM STUDY SOLUTIONS 8/27/2024 12:01 PM
Computer Intrusion/Hacking - answer✔✔Unauthorized access to a computer system, whether it
be a manual such as using a stolen password or automated through software to bypass network
security protection via the Internet
Denial-of-Service Attack - answer✔✔Inundating a computer, router or other networked device
with more packets of data than it can process, effectively blocking any legitimate requests to
access the system
Botnets - answer✔✔Networked groups of compromised computers or zombies that are
controlled by hackers, usually through Trojan software to deliver spam, phishing, and DoS
attacks
Man-in-the-Middle Attack - answer✔✔-Criminals create bogus sites that are capable of
communicating directly with legitimate sites in real time
-Victims access their actual accounts online or using hardware token, but do it through the man-
in-the-middle servers that capture all their information
-These servers can even force the legitimate site to keep secure sessions open after the victim has
logged off , allowing criminals to access the account and withdraw money
Social Engineering - answer✔✔In the context of information security, refers to psychological
manipulation of people into performing actions r divulging confidential information
-Kevin Mitnick
Null Routing - answer✔✔Aka Black Hole Route, is a network route or kernel routing table entry
that goes nowhere
-Matching packets are dropped (ignored) rather than forwarded
Firewalls - answer✔✔software to prevent unauthorized users
Data Encryption - answer✔✔the transformation of data into complex, scrambled digital codes
that can be de-crypted only by authorized users who possess unique decryption keys
Multi-factor Authentication - answer✔✔Security process in which the user provides two
different authentication factors to verify themselves to better protect both the user's credentials
and the resources the user can access (aka DUO)
Anti-phishing tips - answer✔✔
zero-day exploit - answer✔✔A vulnerability that is exploited before the software creator/vendor
is even aware of its existence.
IDSC 3001 FINAL Exam Questions With
Correct Answers
Information Ethics - answer✔✔ethical issues associated with the development and application of
information technologies
Stakeholder Theory - answer✔✔A theory that holds that social responsibility is paying attention
to the interest of every affected stakeholder in every aspect of a firm's operation
· Anyone but the stockholder is a means to an end of profitability
· Executives can only spend funds in ways that have been approved by the stakeholders
· Through legal and ethical means, and with a long-term orientation
· Pursuing profits also promotes the interests of society
Stockholder Theory - answer✔✔managers are agents of the stockholders, and their only ethical
responsibility is to increase the profits of the business without violating the law or engaging in
fraudulent practices
· Everyone who has stake in the company should be considered when making decisions
· Customers, employees, stakeholders, executives, managers
· Respect all rights of each stakeholders, and give equal considerations to the legitimate interests
of all stakeholders and adapt corporate policies that produce the optimal balance among them
Collection and Storage of Personal Data - answer✔✔Data collected should only be what is
necessary, should be explained all uses of it, and there should be options for how much is
collected
Secondary Data Use - answer✔✔1. privacy policies need to outline how else the company uses
data; should adhere to any policies that are put in place; and should not stray from strictly
"affiliate sharing"
Data Accuracy - answer✔✔the extent to which data are free of identifiable errors; data are
correct (quality characteristic)
Some cases like the Fair Credit Reporting Act (FCRA) allow data subjects to sue
a credit bureau for damages if the bureau has been notified repeatedly about
, ©THEBRIGHT EXAM STUDY SOLUTIONS 8/27/2024 12:01 PM
errors but has not taken steps to correct
Authorized Access - answer✔✔a) Need technical controls to allow restricted access to sensitive
information
b) Create politics on a "need to know" basis and consider physical blocking
devices in clicks
Automated Judgement - answer✔✔a) Rise of expert systems (AI) in decision making
b) ex. College students and credit cards by major
Data Mining and Profiling - answer✔✔ex. Combination of data between online ads and mail ads.
Over generalization
Opt-In - answer✔✔unless data subjects have given an expressed permission to use their data, it
must be assumed that there is no consent for that use
Opt-Out - answer✔✔unless data subjects register an overt objection, it is assumed that the
additional use of the data is acceptable
Computer Virus - answer✔✔software that is capable of executing an unwanted action on the
victim's computer and has a mechanism for replicating itself inside other computers that come in
contact with the infected machine
Rootkit - answer✔✔Computer software that hides the presence and activity of intruders
-Used in combo with trojan software, hackers can change system settings and use the computer
without the user or monitoring software detecting it
Worms - answer✔✔A more dangerous evolution of viruses, worms are self-propagating
(meaning they do not need any intervention from the victim, such as clicking on infected
software attached to an email)
Trojan Horse - answer✔✔-It claims to do one thing or nothing harmful but instead does damage
when you run it
-Can be controlled remotely by hackers to extract passwords and other sensitive info
-Can also be used to create zombie, for forwarding advertising spam, phishing emails and Trojan
software to millions of other companies on the internet
Phishing - answer✔✔Software that tricks internet users into divulging their personal info for use
or resale by criminals who can profit from the info (Eg. fake emails and websites that look like
real and from legitimate sources)
, ©THEBRIGHT EXAM STUDY SOLUTIONS 8/27/2024 12:01 PM
Computer Intrusion/Hacking - answer✔✔Unauthorized access to a computer system, whether it
be a manual such as using a stolen password or automated through software to bypass network
security protection via the Internet
Denial-of-Service Attack - answer✔✔Inundating a computer, router or other networked device
with more packets of data than it can process, effectively blocking any legitimate requests to
access the system
Botnets - answer✔✔Networked groups of compromised computers or zombies that are
controlled by hackers, usually through Trojan software to deliver spam, phishing, and DoS
attacks
Man-in-the-Middle Attack - answer✔✔-Criminals create bogus sites that are capable of
communicating directly with legitimate sites in real time
-Victims access their actual accounts online or using hardware token, but do it through the man-
in-the-middle servers that capture all their information
-These servers can even force the legitimate site to keep secure sessions open after the victim has
logged off , allowing criminals to access the account and withdraw money
Social Engineering - answer✔✔In the context of information security, refers to psychological
manipulation of people into performing actions r divulging confidential information
-Kevin Mitnick
Null Routing - answer✔✔Aka Black Hole Route, is a network route or kernel routing table entry
that goes nowhere
-Matching packets are dropped (ignored) rather than forwarded
Firewalls - answer✔✔software to prevent unauthorized users
Data Encryption - answer✔✔the transformation of data into complex, scrambled digital codes
that can be de-crypted only by authorized users who possess unique decryption keys
Multi-factor Authentication - answer✔✔Security process in which the user provides two
different authentication factors to verify themselves to better protect both the user's credentials
and the resources the user can access (aka DUO)
Anti-phishing tips - answer✔✔
zero-day exploit - answer✔✔A vulnerability that is exploited before the software creator/vendor
is even aware of its existence.
