MIS FINAL EXAM Multiple Choice Correct 100%MIS FINAL EXAM Multiple Choice Correct

C) user should inform the IS about software upgrades D) user will never face a network problem - ANSWER a Which of the following is a right of users of information systems? A) right to install programs and applications of their choice B) right to make hardware modifications when desired C) right to receive effective training D) right to obtain the configuration of their choice - ANSWER c Which of the following is generally a responsibility of users of information systems (IS)? A) reporting trivial problems B) replacing legacy systems with improved ones C) installing unauthorized hardware and programs D) following security and backup procedures - ANSWER d Which of the following statements is true about users of information systems? A) They have a responsibility to protect their computers from viruses by installing their choice of antivirus software. B) They can avoid security and backup procedures. C) They should learn standard techniques and procedures for the applications they use. D) They should learn to install hardware and software on their own. - ANSWER c SFA Inc. has a team of ten information systems (IS) personnel. The personnel are kept busy throughout the day as they help employees solve even the most trivial issues. In which of the following ways can the employees assist the IS personnel in this scenario? A) by learning basic computer skills B) by sharing their passwords with others to use their help in solving those trivial issues C) by installing security programs by themselves D) by making hardware modifications - ANSWER a A ________ is a person or an organization that seeks to obtain or alter data or other IS assets illegally, without the owner's permission and often without the owner's knowledge. - ANSWER threat Which of the following is considered a threat caused by human error? A) an employee inadvertently installing an old database on top of the current one B) an employee intentionally destroying data and system components C) a virus and worm writer infecting computer systems D) a hacker breaking into a system to steal for financial gain - ANSWER an employee inadvertently installing an old database on top of the current one Which of the following is considered a computer crime? A) deletion of records by an employee who is unaware of operating procedures B) poorly written programs resulting in data losses C) loss of data as a result of flooding D) hacking of information systems - ANSWER hacking of information systems ________ occurs when someone deceives by pretending to be someone else. - ANSWER Pretexting In the context of security threats, pretexting, sniffing, spoofing, and phishing are all examples of ________. - ANSWER unauthorized data disclosure A ________ pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, Social Security numbers, account passwords, - ANSWER phisher Email spoofing is a synonym for ________. - ANSWER phishing ________ is a technique for intercepting computer communications through a physical connection to a network or without a physical connection in the case of wireless - ANSWER Sniffing ________ take computers with wireless connections through an area and search for unprotected wireless networks, and then monitor and intercept wireless traffic on unsecured wireless networks. - ANSWER Drive-by sniffers Which of the following is a sniffing technique? A) IP spoofing B) caches C) denial of service D) adware - ANSWER adware ________ involves breaking into a network to steal data such as customer lists, product inventory data, employee data, and other proprietary and confidential data. A) Pretexting B) Phishing C) Hacking D) Spoofing - ANSWER Hacking Which of the following is most likely to be a result of hacking? A) certain Web sites being censored for hurting sentiments B) small amounts of spam in a user's inbox C) an unauthorized transaction from a user's credit card D) pop-up ads appearing frequently - ANSWER an unauthorized transaction from a user's credit card ________ occurs through human error when employees do not follow proper procedures or when procedures have not been well designed. - ANSWER Incorrect data modification ________ occurs when computer criminals invade a computer system and replace legitimate programs with their own, unauthorized ones that shut down legitimate applications. - ANSWER Usurpation Which of the following usually happens in a malicious denial-of-service attack? A) a hacker monitoring and intercepts wireless traffic at will B) a hacker floods a Web server with millions of bogus service requests C) an intruder using another site's IP address to masquerade as that other site D) a phisher pretending to be a legitimate company and requesting confidential data - ANSWER a hacker floods a Web server with millions of bogus service requests ________ present(s) the largest risk for an organization's infrastructure loss. - ANSWER Natural disasters Which of the following statements is true about losses to computer security threats? A) Surveys on computer crimes provide accurate results since they use standard parameters to measure and tally computer crime costs. B) Surveys suggest that some organizations do not report all their computer crime losses, and some will not report such losses at all. C) Losses due to natural disasters can be measured accurately. D) Losses due to human error are insignificant. - ANSWER Surveys suggest that some organizations do not report all their computer crime losses, and some will not report such losses at all. Which of the following is a personal security safeguard? A) sending valuable data only via email or IM B) using single password for all the sites C) removing high-value assets from computers D) storing browsing history, temporary files, and cookies - ANSWER removing high-value assets from computers Nonword passwords are vulnerable to a ________ attack in which the password cracker tries every possible combination of characters. - ANSWER brute force ________ are small files that enables a browser to access Web sites without having to sign in every time. - ANSWER Cookies Removing and disabling ________ that may contain sensitive security data presents an excellent example of the trade-off between improved security and cost. - ANSWER cookies Which of the following is a critical security function that should be addressed by the senior management of an organization? A) sharing the private key with all systems connected to the network B) creating IS security software programs C) establishing the security policy D) avoiding the use of perimeter firewalls - ANSWER establishing the security policy In information security, which of the following is true about managing risk? A) All organizations except financial institutions should invest heavily in security safeguards. B) Organizations should implement safeguards that balance the trade-off between risk and cost. C) Passwords are classified as technical safeguards. D) Physical security is classified as human safeguards. - ANSWER Organizations should implement safeguards that balance the trade-off between risk and cost. Which of the following was passed to give individuals the right to access their own health data created by doctors and other healthcare providers? A) the Privacy Act of 1974 B) the Sarbanes-Oxley Act C) the HIPAA of 1996 D) the Gramm-Leach-Bliley Act - ANSWER the HIPAA of 1996 Which of the following is classified as a technical safeguard? A) cookies B) firewalls C) key escrow D) passwords - ANSWER firewalls A(n) ________ has a microchip in it to hold data. - ANSWER smart card Users of smart cards are required to enter a ________ to be authenticated. - ANSWER personal identification number Which of the following is used for biometric authentication? A) smart cards B) facial features C) passwords D) personal identification numbers - ANSWER facial features Which of the following statements is true about biometric identification? A) It involves the use of a personal identification number (PIN) for authentication. B) It provides weak authentication. C) It is a relatively inexpensive mode of authentication. D) It often faces resistance from users for its invasive nature. - ANSWER It often faces resistance from users for its invasive nature. A ________ is a number used to encrypt data. - ANSWER key In asymmetric encryption, each site has a ________ for encoding messages. - ANSWER public key