Georgia State University

CIS 2010

Chapter 4

1)Backup and recovery procedures are recommended only to safeguard against hardware/software failures. True/False

2. An information system’s                is the likelihood that the system or resource will be compromised by a                                            that will result in its                 to further attacks.

1. 1. Vulnerability, threat, exposure
   2. Vulnerability, security, threat
   3. Threat, vulnerability, liability
   4. Threat, vulnerability, exposure

3. Which of the following factors that make information resources more vulnerable to attack can be most easily remedied?

1. 1. Interconnected/dependent business environments
   2. Larger and cheaper storage
   3. Organized cyber crime
   4. Decrease skill level of hackers
   5. Lack of management control
   6. None – all factors are exogenous

4. Which of the following can be classified as unintentional threats to information systems caused by human errors?

1. 1. Selecting a weak password
   2. Revealing your password
   3. Leaking company data to others
   4. Both (a) and (b)
   5. None of the above

5. An unintentional attack in which the perpetrator uses social skills to trick or manipulate a legitimate employee into providing confidential company information is known as:

1. 1. Trespass.
   2. Social engineering.
   3. Identity theft.
   4. Information extortion.

6. Making and distributing information goods to which you do not own the                    is referred to as

           .

1. 1. copyright, piracy
   2. intellectual property, piracy
   3. copyright, appropriation
   4. intellectual property, theft

7. Whereas phishing attacks are                , denial of service attacks are                .

1. 1. remote attacks requiring user action, remote attacks requiring no user action
   2. remote attacks requiring no user action, attacks by a programmer developing a system
   3. remote attacks requiring no user action, remote attacks requiring user action
   4. Distributed remote attacks requiring user action, attacks by a programmer developing a system

8. Computer programs like CAPTCHA are used to counter

1. 1. Hackers using key loggers.
   2. Malware.
   3. Hackers using screen scrappers.
   4. Websites leaving cookies on the local machine.

9. Buying health insurance is an example of risk                   , whereas going without is an example of risk .

1. 1. transference, limitation
   2. transference, acceptance
   3. limitation, acceptance
   4. limitation, transference

10. Implementing controls to prevent threats from occurring and developing a recovery plan should the threats occur are two broad functions of

1. Risk mitigation.
2. Risk acknowledgement.
3. Risk acceptance.
4. All of the above.

11. Access controls consist of                , which confirms user identity, and                , which determines user access levels.

1. access, privileges
2. authorization, privileges
3. authentication, authorization
4. passwords, privileges

12.                can be used to create strong passwords that are easy to remember.

1. Mnemonics
2. Passphrases
3. Birthdates
4. Numbers