Chapter 5: Protecting Information Resources

MULTIPLE CHOICE
1. ____ is the process of capturing and recording network traffic.
a. Sniffing c. Spoofing
b. Phishing d. Pharming

2. A ____ is an inexperienced, usually young hacker who uses programs that others have developed to
attack computer and network systems.
a. script kiddie c. white hat
b. black hat d. hex editor

3. ____ are hackers who specialize in unauthorized penetration of information systems.

a. Script kiddies c. White hats
b. Black hats d. Hex editors

4. ____ are computer security experts who specialize in penetration testing and other testing methods
to ensure that a company’s information systems are secure.
a. Script kiddies c. White hats
b. Black hats d. Hex editors

5. ____ means that a system must prevent disclosing information to anyone who is not authorized to
access it.
a. Validity c. Integrity
b. Confidentiality d. Availability

6. ____ refers to the accuracy of information resources within an organization.

a. Validity c. Integrity
b. Confidentiality d. Availability

7. ____ means that computers and networks are operating and authorized users can access the
information they need.
a. Validity c. Integrity
b. Confidentiality d. Availability

8. Level 1 security involves ____.

a. back-end systems c. physical security
b. corporate networks d. front-end servers

9. Level 2 security involves ____.

a. back-end systems c. physical security
b. corporate networks d. front-end servers

10. Level 3 security involves ____.

a. back-end systems c. physical security
b. corporate networks d. front-end servers

11. Which of the following is considered an intentional threat?

a. Floods c. Social engineering
b. User’s accidental deletion of data d. Power outages
12. A ____ travels from computer to computer in a network, but it does not usually erase data.
a. Trojan program c. virus
b. worm d. backdoor

13. A logic bomb is a type of ____.

a. Trojan program c. virus
b. worm d. backdoor

14. A ____ is a programming routine built into a system by its designer or programmer.
a. logic bomb c. virus
b. worm d. backdoor

15. A ____ attack floods a network or server with service requests to prevent legitimate users’ access to
the system.
a. logic bomb c. backdoor
b. denial-of-service d. worm

16. A ____ attack typically targets Internet servers.

a. logic bomb c. backdoor
b. denial-of-service d. worm

17. ____ take advantage of the human element of security systems.

a. Denial-of-service attacks c. Blended threats
b. Trojan programs d. Social engineering attacks

18. ____ security measures use a physiological element to enhance security measures.
a. Physical c. Biofeedback
b. Social d. Biometric

19. Which of the following is a biometric security measure?

a. electronic trackers c. firewalls
b. passwords d. signature analysis

20. Which of the following is a nonbiometric security measure?

a. electronic trackers c. firewalls
b. passwords d. signature analysis

21. A(n) ____ is software that acts as an intermediary between two systems.
a. packet-filtering firewall c. proxy server
b. application-filtering firewall d. intrusion detection system

22. ____ are usually placed in front of a firewall and can identify attack signatures and trace patterns.
a. Intrusion detection systems c. Physical security measures
b. Proxy servers d. Biometric security measures

23. Which of the following is a physical security measure?

a. Electronic trackers c. Firewalls
b. Passwords d. Signature analysis
24. Which of the following is a type of access control?
a. Steel encasements c. Firewalls
b. Passwords d. Identification badges

25. A(n) ____ is often used so remote users have a secure connection to the organization’s network.
a. biometric security system c. virtual private network
b. intrusion detection system d. terminal resource network

26. Typically, an organization leases the media used for a VPN on a(n) ____ basis.
a. yearly c. as-needed
b. 10-year d. monthly

27. Data encryption transforms data into a scrambled form called ____.
a. plaintext c. codetext
b. cleartext d. ciphertext

28. ____ is a commonly used encryption protocol that manages transmission security on the Internet.
a. Transport Layer Security c. Transmission Control Protocol
b. Secure Sockets Layer d. User Datagram Protocol

29. ____ ensures data security and integrity over public networks, such as the Internet.
a. Transport Layer Security c. Transmission Control Protocol
b. Secure Sockets Layer d. User Datagram Protocol

30. ____ encryption uses a public key known to everyone and a private key known only to the recipient.
a. Symmetric c. SSL
b. Asymmetric d. TLS

31. In ____ encryption, the same key is used to encrypt and decrypt the message.
a. symmetric c. SSL
b. asymmetric d. TLS

32. Many organizations now follow the ____ model to form teams that can handle network intrusions
and attacks quickly and effectively.
a. CERT c. CIRC
b. Sarbanes-Oxley d. McCumber cube

33. The main function of the ____ model is to provide information on security incidents, including
information systems’ vulnerabilities, viruses, and malicious programs.
a. CERT c. CIRC
b. Sarbanes-Oxley d. McCumber cube

34. ____ outlines procedures for keeping an organization operational in the event of a natural disaster or
network attack.
a. Systems engineering c. Risk management
b. Business continuity planning d. Security analysis

35. A ____ plan lists the tasks that must be performed to restore damaged data and equipment.
a. risk assessment c. disaster recovery
b. systems engineering d. security compliance