Homework answers / question archive / Chapter 14: Risks, Security, and Disaster Recovery   TRUE/FALSE        1)   Blackout units are a solution to extreme changes in voltage, and can provide several minutes to several hours of backup battery power

Chapter 14: Risks, Security, and Disaster Recovery   TRUE/FALSE        1)   Blackout units are a solution to extreme changes in voltage, and can provide several minutes to several hours of backup battery power

Management

Share With

---

 

TRUE/FALSE

 

     1)   Blackout units are a solution to extreme changes in voltage, and can provide several minutes to several hours of backup battery power.

 

 

     2.   In recent years, identity theft has been more prevalent as part of phishing.

 

 

     3.   Computer “infections” are so named because they act on programs and data in a fashion similar to the way viruses act on living tissue.

 

 

     4.   Intentional damage to software occurs because of poor training, lack of adherence to simple backup procedures, or simple human error.

 

 

     5.   Bots are implemented not only for access but also to implement policies and ensure that nonsensical data is not entered into corporate databases.

 

 

     6.   Controls translate business policies into system features.

 

     7.   IS managers encourage users to change their user IDs frequently.

 

     8.   Several manufacturers of computer equipment offer individual keyboard-embedded and mouse-embedded fingerprint devices.

 

     9.   Atomic transactions ensure encrypting of all appropriate files.

 

   10.   The best defense against unauthorized access to systems over the Internet is a firewall, which is hardware and software that blocks access to computing resources.

 

   11.   With encryption, the original message is called plaintext.

 

 

   12.   Symmetric encryption is also called “public-key” encryption.

 

 

   13.   A protocol called Transport Layer Security (TLS) is used for transactions on the Web.

 

 

   14.   A digital certificate contains its holder’s name, a serial number, expiration dates, and a copy of the certificate holder’s public key (used to encrypt messages and digital signatures).

 

 

   15.   The recipient of an encrypted message uses the certificate authority’s private key to decode the digital certificate attached to the message.

 

 

   16.   Encryption slows down communication because the software must encrypt and decrypt every message.

 

 

   17.   Companies that choose not to fully develop their own recovery plan can outsource it to companies that specialize in either disaster recovery planning or provision of alternative sites.

 

 

   18.   Copies of applications are usually kept in a safe place to replace those that get damaged.

 

 

   19.   Redundancies increase expected downtime.

 

 

   20.   The greater the number of interdependent systems, the greater the expected downtime.

 

 

MULTIPLE CHOICE

 

     1.   In ____, the voltage of the power decreases, or there are very short interruptions in the flow of power.

a.	brownouts	c.	keystroke logging
b.	blackouts	d.	UPSs

 

 

 

     2.   ____ software records individual keystrokes.

a.	Clickstream	c.	Virus
b.	Keystroke logging	d.	Remote access

 

 

 

     3.   Con artists use tricks known as ____.

a.	social pathology	c.	social engineering
b.	knowledge theft	d.	data mining

 

 

 

     4.   A ____ is a bogus record in a networked database that neither employees nor business partners would ever access for legitimate purposes.

a.	honeypot	c.	flame
b.	phish	d.	honeytoken

 

 

 

     5.   A ____ is a server that contains a mirrored copy of a production database (a database that is used for business operations), or one with invalid records.

a.	honeytoken	c.	bogus server
b.	phish	d.	honeypot

 

 

 

     6.   One way to protect against viruses is to use ____, which is readily available on the market from companies that specialize in developing this kind of software, such as Symantec and McAfee.

a.	antiphish software	c.	antivirus software
b.	security worms	d.	secure viruses

 

 

     7.   ____ are usually planted by insiders, that is, employees of the victimized organization.

a.	Spams	c.	Phishes
b.	Logic bombs	d.	Flames

 

 

 

     8.   ____ occurs when a Web site receives an overwhelming number of information requests, such as merely logging on to a site.

a.	Denial-of-service (DoS)	c.	Global attack
b.	Global denial-of-service (GDoS)	d.	Full denial-of-service (FDoS)

 

 

 

     9.   ____ a computer means using some or all of the resources of a computer linked to a public network without the consent of its owner.

a.	Hijacking	c.	Phishing
b.	Attacking	d.	Sequestering

 

 

 

   10.   Hijacking is carried out by surreptitiously installing a small program called a ____ on a computer.

a.	mine	c.	spot
b.	bot	d.	robot

 

 

 

   11.   ____ is a set of disks that is programmed to replicate stored data to provide a higher degree of reliability.

a.	SSP	c.	RAID
b.	RAI	d.	SAN

 

 

 

   12.   ____ are measures taken to ensure that only those who are authorized have access to a computer or network or to certain applications or data.

a.	Boarding keys	c.	Boarding passes
b.	Encrypted passes	d.	Access controls

 

 

 

   13.   A(n) ____ is a set of indivisible transactions that are either all executed or none are—never only some.

a.	biometric	c.	biometric measurement
b.	a-transaction	d.	atomic transaction

 

 

 

   14.   Sometimes a(n) ____ is automatically created using data, such as the date and time of a transaction or the name or password of the user updating the file.

a.	atomic transaction	c.	denial of service
b.	audit trail	d.	global transaction

 

 

 

   15.   To increase security, some companies implement the ____ approach.

a.	DMZ (demilitarized zone)	c.	atomic transaction
b.	denial of service (DoS)	d.	boarding key

 

 

 

   16.   A ____ “represents” another server for all information requests from resources inside the trusted network.

a.	proxy server	c.	DNS server
b.	honeypot server	d.	secure server

 

 

 

   17.   Coding a message into a form unreadable to an interceptor is called ____.

a.	classification	c.	modulation
b.	encryption	d.	demodulation

 

 

 

   18.   With encryption, the coded message is called ____.

a.	plaintext	c.	ciphertext
b.	privatetext	d.	publictext

 

 

 

   19.   ____ encryption comprises two keys: one is public, and the other is private.

a.	Parallel	c.	Symmetric
b.	Asymmetric	d.	Double

 

 

 

   20.   ____ is the secure version of HTTP.

a.	SHTTP	c.	HTTPS
b.	HTMLSec	d.	HTMLS

 

 

 

   21.   An issuer of digital certificates is called a ____.

a.	certificate dealer (CD)	c.	certificate authority (CA)
b.	certificate bank (CB)	d.	certificate warehouse (CW)

 

 

 

   22.   Employees are especially annoyed when they have to remember a different password for every system they use, a simpler solution is an approach called ____.

a.	one-ID	c.	multiple encryption
b.	SP (single password)	d.	SSO (single sign-on)

 

 

 

   23.   CIOs often cite ____ as an effective way to bring down the amount of work their subordinates must do.

a.	SSL	c.	DoS
b.	SDLC	d.	SSO

 

 

 

   24.   The ____, as it is popularly known, gives law enforcement agencies surveillance and wiretapping rights they did not have before 2001.

a.	PATRIOT Act	c.	9/11 Act
b.	9/11 Decree	d.	PATRIOT Manifesto

 

 

 

   25.   When tapping communications, law enforcement agencies need the cooperation of a third party, such as a telephone company or a(n) ____.

a.	ISP	c.	Web site
b.	SSP	d.	systems developer

 

 

 

   26.   ____, those without which the business cannot conduct its operations, are given the highest priority by the disaster recovery coordinator.

a.	Backup applications	c.	Mission-critical applications
b.	Up applications	d.	Recovery applications

 

 

 

   27.   CIOs often find the tasks of earmarking funds for ____ difficult because they cannot show the return on investment (ROI) of such planning.

a.	backup programs	c.	archival programs
b.	disaster recovery programs	d.	database security programs

 

 

 

   28.   Experts are usually employed to estimate the cost and ____ of damages, as well as the cost of security measures.

a.	impact	c.	effect
b.	probabilities	d.	causes

 

 

 

   29.   Managers should focus on the asset they must protect, which in most cases is ____, not applications.

a.	hardware	c.	information
b.	software	d.	systems

 

 

 

   30.   Experience in ____ certain systems, such as ERP and SCM systems, can teach the IT staff for how many minutes or seconds per year the system is likely to fail.

a.	operating	c.	maintaining
b.	developing	d.	archiving

 

 

 

COMPLETION

 

     1.   ____________________, the time during which ISs or data are not available in the course of conducting business, has become a dreaded situation for almost every business worldwide.

 

 

     2.   ____________________ are total losses of electrical power.

 

 

     3.   To ensure against interruptions in power supply, organizations use ____________________ systems, which provide an alternative power supply for a short time, as soon as a power network fails.

 

     4.   Once criminals have a person’s identifying details, such as a Social Security number, driver’s license number, or credit-card number, they can pretend to be this person, which is a crime called ____________________.

 

 

     5.   Some viruses are called ____________________, analogous to the destructive gift given to the ancient Trojans.

 

     6.   A(n) ____________________ is software that is programmed to cause damage at a specified time to specific applications and data files.

 

     7.   ____________________ occurs when a Web site receives an overwhelming number of information requests, such as merely logging on to a site.

 

 

     8.   ____________________ are constraints and other restrictions imposed on a user or a system, and they can be used to secure systems against risks or to reduce damage caused to systems, applications, and data.

 

     9.   Probably the easiest way to protect against loss of data is to automatically duplicate all data periodically, a process referred to as data ____________________.

 

 

   10.   A(n) ____________________ characteristic is a unique physical, measurable characteristic of a human being that is used to identify a person.

 

 

   11.   One popular tracking tool is the ____________________: a series of documented facts that help detect who recorded which transactions, at what time, and under whose approval.

 

   12.   The audit trail is the most important tool of the ____________________, the professional whose job it is to find erroneous or fraudulent cases and investigate them.

 

   13.   ____________________ is the process of ensuring that the person who sends a message to or receives a message from you is indeed that person.

 

   14.   When both the sender and recipient use the same secret key, the technique is called ____________________.

 

   15.   A(n) ____________________ is a way to authenticate online messages, analogous to a physical signature on a piece of paper, but implemented with public-key cryptography.

 

   16.   ____________________ are computer files that serve as the equivalent of ID cards by associating one’s identity with one’s public key.

 

   17.   To prepare for mishaps, either natural or malicious, many organizations have well-planned programs in place, called ____________________.

 

   18.   ____________________ provide backup and operation facilities to which a client’s employees can move and continue operations in case of a disaster.

 

   19.   The cost of damage is the aggregate of all the potential damages multiplied by their respective ____________________.

 

 

   20.   There might be no point in spending much money to increase the “____________________” of uptime for every system.

 

 

ESSAY

 

     1.   What are the main goals of information security?

 

 

     2.   Discuss natural disasters that pose a risk to ISs.

 

 

     3.   What are honeytokens?

 

     4.   What is a Trojan horse?

 

 

     5.   List common controls to protect systems from risks.