KEY TERMS TO REVIEW

1. Which of the following is the appropriate explanation of LAN?

a. The protocol for transmitting and receiving e-mails on the internet
b. The network that provides “high speed” communication between the computers in a comparatively
narrow area, such as inside of the same building.
c. The network that connects geographically distant Base A and Base B using telephone lines or dedicated
lines to provide communication.
d. The standard protocol of the Internet used for network control

2. What is the convention and rules that both sides should observe about error detection, re transmission control,
and selection of communication pathways for data flowing through channels, in communication between
computers via a network?
a. Address b. interface c. domain d. protocol

3. Which of the following is indicated by URLs, which are used on the internet?
a. E-mail addresses for use in the internet
b. Information sources (resources) on the internet
c. IP addresses of servers connected to the internet
d. Owners of PCs connected to the internet

4. When Mr. A set an email to Mr. B. Mr. A specified Mr. C as “cc” and Mr. D and Mr. E as “bcc.” Which of
the following is an appropriate explanation at that time?
a. Mr. B understands that the email from Mr. A was sent to Mr. D and Mr. E.
b. Mr. C understands that the email from Mr. A was sent to Mr. D and Mr. E.
c. Mr. D understands that the email from Mr. A was sent to Mr. E.
d. Mr. E understands that the email from Mr. A was sent to Mr. C.

5. When you send broadcast mails to a large number of predetermined people, which of the following is used to
specify the destinations easily?
a. bcc b. Mailing list c. Mail transfer d. Mailbox

6. Which of the following describes social engineering?

a. It collects a user’s personal information via a questionnaire on a website.
b. It analyses the utilization history of on-line shopping to predict the product that the customer is likely to
buy.
c. It collects the e-mail addresses publicly available on the website to transmit the e-mails for advertisements
to many people.
d. It picks a piece of paper on which a password is written out of a trash can to obtain a user’s password,
and pretend to be the user when using a system.

7. Which of the following is the appropriate description concerning formulation of the information security
policies in a company?
a. They are common in each type of industry, so creating original policies in each company is not required.
b. They are created by a system administrator and care must be taken not to let anyone else known about
them.
c. The concepts and measures for information security in the company are clearly described in a document.
d. The configuration of a firewall is determined and documented.

8. Which of the following is the most appropriate description concerning management of the user IDs and
passwords in system operations?
a. Each business system uses a different user ID and password. The user must carry a list to prevent input
mistakes.
b. The company prompts all the employees to change their passwords periodically, and the users
themselves change their passwords.
c. A system distributes the word chosen from the dictionary at random to each user. The user uses it for a
password up to a periodic date of update.
d. The users are encouraged to use a numeric string that is easy to memorize and easy to use, such as their
birthdays and telephone numbers, as their passwords.

9. If a user at an enterprise forgets his/her own password, which of the following is appropriate way in which
a security administrator should inform the user of his/her passwords after confirming his/her identity?
a. A security administrator retrieves the password which is stored on his/her own computer, and then send
it to the user in the form of an internal document classified as confidential.
b. A security administrator informs the user of an initial value after initializing the user’s password, and
then the user changes it to a new password.
c. A security administrator makes a copy of the password, which is stored in an encrypted form, in the
common area, and then informs the user of the decryption key by telephone.
d. A security administrator decodes the password which is managed in an encrypted form, and then informs
the user of that password by e-mail.
10. Which of the following is the appropriate description of measures against computer viruses?
a. Virus checking is unnecessary while the PC is operating normally.
b. The virus definition file in antivirus software is updated to the latest one.
c. Virus checking is unnecessary if the digital signature is attached to the program.
d. Virus checking is unnecessary for the software that one of your friends gave you.

11. Which of the following is the appropriate description of information security policy?
a. Describes the procedures for implementing the security level determined by the organization.
b. Necessary to prevent information assets from various threats.
c. Establishes the order of potential risks in using information systems, starting with risks that have the
greatest probability and the greatest loss.
d. Upper management explains the organizational approach and initiatives for the information security to
the employees.

12. Which of the following is the first step that should be taken when a personal computer connected to a
network is infected by a computer virus?
a. Disconnect the infected computer from the network.
b. Turn off the computer power.
c. Install antivirus software.
d. Report to the system administrator.

13. Which of the following is the appropriate description concerning e-mail?

a. MIME defines the data formats that can be sent using e-mail, such as images and sound in addition to
text.
b. POP3 is used when sending e-mail from a client to mail server.
c. If the e-mail address assigned by the current provider is abc@***.***.ne.jp. and the provider is to be
switched to other provider, the left part of the @ sign (“abc”) can no longer be used.
d. E-mail addresses are managed by DHCP.

14. In biometric authentication, which of the following is used for matching by feature extraction or pattern
matching, using images inputted from a small optical sensor or thin electronic sensor?
a. Iris b. Fingerprint c. Voiceprint d. Retina

15. Which of the following is installed at the point connecting both a company network and the Internet, to
block unauthorized access from the Internet by using functions such as packet filtering?
a. DNS b. NAT c. Gateway d. Firewall

16. Which of the following is the appropriate description of MIME used by the Internet?
a. A protocol for encrypting passwords.
b. A protocol with superior security functions for preventing e-mail interception, impersonation, and
falsification.
c. A common protocol that can be used by all networks.
d. A protocol that enables multimedia such as sound and static images to be handled in e-mail.

17. Which of the following is the most appropriate as a method for preventing insufficient capacity in the
mailbox of a mail server?
a. Place a limit on the capacity of users’ mailboxes.
b. Make it so that e-mails with high-volume images attached cannot be sent.
c. Make it so that the oldest e-mails are periodically deleted.
d. Send high-volume e-mails in bulk and in the early morning so that they do not hinder other mail
transmission.

18. Which of the following corresponds to the technique called phishing?

a. Causing a mail server to stop functioning by sending a huge quantity of e-mails to the mail server.
b. Attacking a server by using a computer with insufficient security as a cover.
c. Using dictionary files to analyse and steal user names and passwords.
d. Fraudulently obtaining personal information by sending e-mails under the guise of a real company.

19. Which of the following is not applicable as something that can be performed in a network environment but
not in a standalone environment using a single computer?
a. Exchanging data b. Sharing printers c. Editing data d. Sharing programs and data

20. Mr. A holds a digital certificate. When Mr. A orders a product from Store B by e-mail, he makes a digital
signature using his own private key. Store B then confirms the signature using Mr. A’s public key. Which
of the following can be confirmed using this method? Here, assume that only Mr. A can use Mr. A’s private
key.
a. The content of the order sent from Mr. A to Sore B is not leaked to a third partly.
b. The order sent by Mr. A reaches Store B.
c. The order that arrives at Store B is from Mr. A.
d. Store B obtains permission to sell a product to Mr. A.
21. Which of the following is the appropriate statement concerning information security policy?
a. The security policy of a corporation aims to define the content that must be set in each security system.
Therefore, the content varies depending on the security-related products that are introduced.
b. The security policy of a corporation forms the basis for actions and decisions to be complied with. It
does not include the corporation’s direction or position with regard to tackling security.
c. It is desirable that a corporation’s top management announces externally the vulnerabilities of the
information system that forms the primary reason for developing the security policy.
d. The perspective on actions and decisions to be compiled with in order to achieve the target security
level must be cleared.

22. A new employee, Mr. M was provided with a new PC, so he promptly started configuring his PC according
to “Rules for Initial Setting of New PCs.” Which of the following actions is not appropriate in consideration
of the four rules (1) through (4)?
a. After configuring the antivirus software, he ran a complete scan of the hard disks to check for viruses,
just in case.
b. He did not know how to configure the Web browser, so he asked the system administrator for
configuration instructions.
c. Since the new PC came bundled with a three-month trial version of antivirus software preinstalled, he
configured it for automatic updates and started using this software.
d. When he enabled automatic OS updates, an update started immediately, so he followed the instructions
displayed to complete the update.

23. Which of the following are the virus that infect files created with word processing and spreadsheet software?
a. Boot sector viruses
b. Program viruses
c. Stealth viruses
d. Macro viruses

24. Which of the following is the most appropriate as a description of a bridge, a component of LANs?
a. It amplifies a cable’s electrical signal to extend the cable.
b. It connects multiple LANs that use the same data link control protocol.
c. It connects multiple LANs and WANs.
d. It converts the protocols of LANs and WANs of different protocols and connects them.

25. Which of the following is an appropriate statement concerning an Internet Services?

a. FTP is a service for transferring files.
b. Telnet is an information sharing service where people that register for a newsgroup receive messages
from other group members.
c. WWW is a service for exchanging messages.
d. Net news is a service that allows computers to be operated remotely over a network.

26. Which of the following is the act of fraudulently obtaining passwords and other confidential information
from individuals within an organization by pretending there is an emergency situation?
a. Social engineering
b. Trojan horse
c. Password cracking
d. Springboard attack

27. Which of the following is a measure designed to detect leaks of confidential data?
a. Limit the number of users that can access confidential data and familiarize them with password
management.
b. Keep user access logs for confidential data and check them regularly.
c. Prepare a manual for handling confidential data and educate the users.
d. Prepare backups of confidential data and store them in a safe place.

28. Which of the following is appropriate as a precaution that should be taken when designing a server room?
a. Install a vibration-free floor
b. Install many doors
c. Run water pipes through attic
d. Make sure it gets a lot of sunshine

Read the following paragraph on computer security and answer questions 33 through 36.

The company where Mr. B. works is infected by a computer virus. Following the instructions of his
supervisor, Mr. B. who is incharge of security in the information systems department, reviews the computer
security rules. Some of the rules are as follows:
Excerpt from computer security rules:
(1) Run a virus scan daily.
(2) Disconnect the network cable immediately in the event of a virus infection.
(3) Use the firewall’s packet filtering function.
(4) Manage internal security according to the stipulations for physical safety management measures in the
“Guidelines for Personal Information Protection Laws Concerning Fields of Economy and Industry:.
29. Mr. B decides that something else is needed in addition to the daily virus scans in order to use the anti-virus
software effectively. Which of the following is appropriate as an additional item?
a. Do not perform Windows update since anti-virus software has been installed.
b. Always open and check the contents of attachments sent by e-mail from unfamiliar senders.
c. Turn the anti-virus software’s auto update function on and keep the pattern files up to date.
d. Save files brought in from outside and e-mail attachments to high security computers.

30. Mr. B is told by his supervisor to add stipulations concerning what to do after the network cable is
disconnected to Rule (2) of the computer security rules. Which of the following is the appropriate action to
take by computer users?
a. Tell the other users to shut down their computers.
b. Access the internal server and check to see whether the same virus has infected computers in the past.
c. Make a call to the person in charge at the information systems department.
d. Send an e-mail to the person in charge at the information systems department to notify them of the
situation.

31. In accordance with Rule (3) of the computer security rules, Mr. B decides to use the firewall’s packet
filtering function. Which of the following is appropriate as a description of the packet filtering functions?
a. A function that looks up IP addresses, TCP port numbers, UDP Port numbers, and other information,
and allows only pre-approved packets through.
b. A function that blocks access to non-work-related websites.
c. A function that restricts server access to allow only a certain number of packets.
d. A function that checks for virus infections and removes any that are detected.

32. Which of the following is not specifically addressed in the stipulations for physical safety management
measures in the “Guidelines for Personal Information Protection Laws Concerning Fields of Economy and
Industry”?
a. Entrance access control
b. Disclosure of other people’s personal information
c. Prevention of theft
d. Physical protection of devices and equipment.