BUS 365 Week 4 Quiz Strayer
Click on the Link Below to Purchase A+ Graded Course
Material
http://www.hwgala.com/BUS-365-Week-4-Quiz-Strayer-331.htm
Chapter 4 Network Management and Mobility
Multiple Choice
1. Connectivity and mobility are __________ issues.a) 4Gb)
networkc) Wi-Fid) social media
2. 4G networks are __________. a) owned by Sprintb) based on
satellite transmissionc) hybrid analog networksd) purely digital
networks
3. Why did the New Mexico Department of Transportation start
offering passengers free public 4G WiMAX Internet to make public
transportation more attractive to commuters? a) To assist with New
Mexicos goal to become a high-tech state.b) To improve traffic
congestion conditions.c) To reduce pollution and smog conditions
along the main traffic corridor in the state.d) To reduce the
populations dependence on gasoline.
4. What are the basic functions or needs supported by business
networks? a) competitive advantage, decision support, and
communicationb) analog and digitalc) mobility, collaboration,
relationships, searchd) circuit and packet switching
5. Networks transmit __________, which carry voice or data
between a sender and a receiver. a) nodesb) routersc) signalsd)
switches
6. Plain old telephone service (POTS) and most wired telephone
calls are transmitted, at least in part, over a __________.a)
dedicated circuit that is only used for that callb) dedicated
circuit that is shared by many callsc) packet circuit that is only
used for that calld) packet circuit that is shared by many
calls
7. When you send a file or e-mail message over a network, it is
broken into smaller blocks called __________ that follow different
paths from the source to the destination. a) circuitsb) nodesc)
packetsd) switches
8. __________ is the throughput capacity of a network, which is
a measure of the speed at which data is transmitted.a) Bandwidthb)
Protocolc) TCP/IPd) Broadband
9. A __________ is a set of rules that govern how devices on a
network exchange information and function in order to talk to each
other. a) bandwidthb) protocolc) TCP/IPd) broadband
10. __________ was created by the U.S. Department of Defense to
ensure data integrity and maintain communications in the event of
catastrophic war.a) Bandwidthb) Protocolc) TCP/IPd) Broadband
11. __________ is a general term that means fast transmission
speed.a) Bandwidthb) Protocolc) TCP/IPd) Broadband
12. 4G technologies represent the latest stage in the evolution
of __________ technologies.a) computer hardwareb) softwarec)
satellited) wireless data
13. What is significant about 4G networks is that they do not
have a __________, which both 2G and 3G networks do have.a)
packet-switched IP systemb) circuit-switched subsystemc) WiMAX
standardd) GSM-based LTE subsystem
14. High performance __________ provide fantastic opportunities
for mobility, mobile commerce, collaboration, supply chain
management, remote work, and other productivity gains.a) IP
networksb) Bluetooth devicesc) W-Fi hot spotsd) mobile handsets
15. When evaluating mobile network solutions, the factors to
consider include all of the following except:a) easy to deploy,
manage and use.b) always makes the best connection possible.c)
works separately from other systems.d) enables secure and reliable
communications.
16. All are factors contributing to mobility except:a) more
robust mobile OSs and applications.b) vendor competition.c)
multitasking mobile devices.d) overall increased speed of
business.
17. __________ is a technology that allows computers to share a
network or internet connection wirelessly without the need to
connect to a commercial network.a) RFIDb) LTEc) WiMAXd) Wi-Fi
18. All of the following describe WiMAX except:a) an
802.16-based broadband wireless metropolitan area network (MAN)
access standard.b) can deliver voice and data services without the
expense of cable.c) has shorter distance limitations than DSL and
cable.d) does not require a clear line of sight to function.
19. Which is not one of the general types of mobile networks?a)
Bluetoothb) wide area networks (WANs)c) WiMAXd) local area networks
(LANs)
20. __________ are built by attaching a wireless access point
(WAP) to the edge of the wired network.a) WLANsb) WiMAXc) Wi-Fi hot
spotsd) Base stations
21. __________ is key to success in everything from business
partnerships to personal and professional relationships.a) Access
to mobile networksb) Effective communicationc) Real-time decision
making capabilityd) The Internet
22. An enterprises network capability depends on all of the
following except:a) proper planning.b) upgrades.c) open culture.d)
bandwidth.
23. An enterprises collaboration capability depends on:a) proper
planning.b) upgrades.c) open culture.d) bandwidth.
24. The __________ is critical because it provides the
infrastructure for collaborative work within the company and with
external partners and customers, regardless of their location.a)
network architectureb) enterprise portalc) social networkd)
wireless access point
25. Within an enterprise, the capability and willingness to
collaborate depends on:a) a corporate culture that people trust.b)
information and tools.c) authority to plan and make decisions.d)
all of the above
26. What was a cause of the U.S. Customs network crash at Los
Angeles Airport (LAX) that stranded passengers for up to 11 hours?
a) A new cutting edge network that had not been tested
sufficientlyb) A hacker attackc) Equipment breakdown and human
errord) Power failure
27. Why had various information servicesnamely documents, voice,
and videofunctioned independently of each other?a) They were
transmitted using different protocols.b) For information privacy
and security reasons. c) They were transmitted on circuit-switched
networks.d) To minimize network traffic congestion.
28. Multiple networks were needed to transmit documents, voice,
and video because: a) of limited bandwidth.b) of the lack of
interoperability between devices.c) they used the same transmission
protocol.d) outdated IP networks.
29. __________ refers to the ability to provide services to and
accept services from other systems or devices.a) Protocolb)
Broadbandc) Interoperabilityd) Multimedia
30. The Internet protocol suite consisting of __________ is the
standard used with almost any network service.a) HTTPb) WAPc)
HTMLd) TCP/IP
31. _______ is the single most popular network protocol in the
world, and provides the architecture that made convergence
possible.a) HTTPb) IPc) TCPd) FTP
32. In preparation for transmission, data and documents are
digitized into __________ based on the Internet Protocol.a) bytesb)
packetsc) blocksd) routers
33. __________ are networks that are capable of transmitting
data at very fast rates, but operate in a limited area, such as an
office building, campus, or home.a) MANsb) Hot spotsc) LANsd)
WANs
34. TCP performs error checking, which can cause packet delivery
delays. Because of the error-checking process, TCP is not
well-suited for what type of transmissions?a) digital voice or
videob) datac) documentsd) e-mail
35. __________ transmits voice and data in packets and has
become one of the most cost effective ways to communicate.a) TCPb)
UDPc) VoIPd) UM
36. __________ brings together all messaging media such as
e-mail, voice, mobile text, SMS, and fax into a combined
communications medium. a) Unified messaging (UM)b) TCP/IPc) IP
telephonyd) PBX
37. Which of the following is not a characteristic of wireless
device software development?a) Developing software for wireless
devices had been challenging because there was no widely accepted
standard for wireless devices.b) Software applications have to be
customized for each type of device with which the application
communicates.c) Different CPUs, operating systems, storage media,
and mobile platform environments create time-consuming porting and
testing issues.d) Supporting different displays is simple because
of the convergence of applications.
38. The Internet functions as the __________, and the Web (WWW)
is __________ that runs on the Internet.a) transport mechanism; an
applicationb) information architecture; a browserc); protocol; a
search engined) hardware; software
39. Which of the following is not a characteristic of
intranets?a) Portals (gateways) that provide easy and inexpensive
browsing and search capabilities.b) Company-owned networks that use
IP technology to securely share part of a businesss information or
operations with suppliers, vendors, partners, customers, or other
businesses.c) With screen sharing and other groupware tools,
intranets can be used to facilitate collaboration.d) Companies
deliver policies, pay stub information for direct deposits,
benefits, training materials, and news to their employers via their
intranets.
40. Virtual private networks (VPN) are private tunnels in the
Internet that are created by __________. a) content indexingb)
usernames and passwordsc) biometricsd) encryption
41. Several factors are driving the need for messaging and
collaboration. All of the following are driving factors except: a)
people need to work together and share documents. b) groups make
most of the routine and easy decisions in organizations.c)
organizational decision making is difficult when team members are
geographically spread out and working in different time zones.d)
nearly 87 percent of employees around the world work in remote
offices.
42. Which of the following is a dysfunction of the group
process?a) Social pressures of conformity can lead to groupthink.b)
A group may produce synergy during problem solving.c) Group members
may have their egos embedded in the decision, and so they may be
committed to the solution.d) Groups are better than individuals at
understanding problems.
43. According to the Cellular Telecommunications Industry
Association, __________ is "a way of measuring the quantity of
radio frequency energy that is absorbed by the body."a) RF rateb)
carbon footprintc) radiation rated) specific absorption rate
(SAR)
44. __________ enable(s) anyone to call or share files for free,
increases the connections in our lives, and create forces whose
impacts are not yet known.a) VoIPb) Wikisc) WiMAXd) All of the
above
45. __________ shows the power of the individual in the
connected agea better research tool than major corporations had in
the 1990s.a) Facebookb) Googlec) Microsoftd) eBay
True/False
46. Transmission of a signal over a series of networks is made
possible by switches and routers, which are hardware devices, and
nodes on the network.
47. The distinguishing characteristic of packet switching is
that once a connection is made between the source and destination,
the path of the signal along the nodes is dedicated and
exclusive.
48. Wireless networks use packet switching and wireless routers
to forward packets from one network to another network.
49. Bandwidth is the throughput capacity, or speed, of a
network, which depends on what protocol is used.
50. TCP/IP was created by the U.S. Department of Defense to
ensure and preserve data security and control communications in the
event of catastrophic war.
51. Users can get 4G wireless connectivity through one of two
standards: WiMAX or LTE.
52. IP networks form the backbone of worldwide digital
networking and enable the convergence of voice, data, and
video.
53. Network performance is measured by its data transfer
capacity.
54. Apples first 4G phone, the HTC EVO 4G was released in summer
2010 with speeds 10 times greater than 3G phones.
55. Pressures to deliver secure service to customers and
business partners at reduced costs, to be environmentally
responsible, and to support the 24/7 data needs of mobile and
remote workers have all increased the demands on corporate
networks.
56. The 802.11b standard improves upon other 802.11 Wi-Fi
standards by adding multiple-input multiple-output (MIMO) and many
other newer features.
57. An enterprises network capability will be unreliable or
deteriorate without proper planning, maintenance, management,
upgrades, and bandwidth of the network to insure that it has
sufficient capacity and connectivity to link people, locations, and
data.
58. A centralized organization is more responsive to
opportunities and problems than a decentralized organization where
senior managers, who are less involved in daily operations than
lower-level managers, make decisions.
59. Messaging and collaboration tools include older
communications media such as e-mail, videoconferencing, fax, and
IMand Web 2.0 media such as blogs, podcasts, RSS, wikis, and
VoIP.
60. Businesses have learned effective strategies to cope with a
world that is far more competitive, dynamic, and connected; to
counteract the influence of Web 2.0 technologies; and to maintain
traditional business models.
Short Answer
61. __________ lose energy as they travel along a network from
source to destination, and need to be strengthened with
repeaters.
62. Wireless routers are actually wired routers with __________
built-in that provide both wired and wireless at the same time.
63. __________ are standards or a set of rules that govern how
devices on a network communicate and how they need to function in
order to talk to each other.
64. What is significant about 4G networks is that they do not
have a __________ subsystem, as do current 2G and 3G networks.
65. Mobile and other devices must be able to communicate with a
network and they do so based on __________.
66. __________ is an 802.16-based broadband wireless
metropolitan area network access standard that can deliver voice
and data services at distances of up to 30 miles, without the
expense of cable or the distance limitations of DSL.
67. Often overlooked is the fact that the capability and
willingness to collaborate depends on a __________ that people
trust.
68. __________ refers to the ability to provide services to and
accept services from other systems or devices.
69. With __________, voice and data transmissions travel over
telephone wires, but the content is sent as data packets.
70. __________ refers to team members yielding to pressures to
conform to a certain way of thinking even if they conflict with
ones beliefs, or being intolerant of new or differing ideas.
Essay
71. List and explain the four factors to consider when
evaluating a mobile network.
72. List three factors that impact the quality of an enterprises
network and ultimately business performance. List two factors that
influence the quality of collaboration in an enterprise and
ultimately business performance.
73. Explain how data and documents are transferred over a
packet-switched network. In your explanation, identify the format,
protocol and transfer method. Compare and contrast how
data/documents are transferred to how voice is transferred over a
circuit-switched network.
74. Identify three benefits or process gains from working in
groups. Then identify three dysfunctions of the group process that
can lead to process losses.
75. Major companies face small but powerful challenges and
competitors that are undermining traditional business models.
Explain those challenges and competitors.
Chapter 5 IT Security, Crime, Compliance, and Continuity
Multiple Choice
1. IT risk management includes all of the following except:a)
keeping information security convenient for users and inexpensive.
b) securing corporate systems while ensuring their availability.c)
planning for disaster recovery and business continuity.d) complying
with government regulations and license agreements.
2. Managers have a legal and ethical obligation, which is called
__________, to protect the confidential data of the people and
partners that they collect, store, and share.a) security dutyb)
fiduciary responsibilityc) confidentiality contractd) secrecy
function
3. Which of the following is a characteristic of information
security in organizations?a) losses due to IT security breaches can
destroy a company financiallyb) disruptions due to IT security
breaches can seriously harm a company operationallyc) to comply
with international, federal, state, and foreign laws, companies
must invest in IT security to protect their data, other assets, the
ability to operate, and net incomed) All of the above
4. Who stole account data from HSBCs Private Bank in Switzerland
and how did HSBC learn about the data theft? a) Account data was
stolen by a former HSBC IT specialist; HSBC learned about the theft
from French Authorities several years after the theft.b) Account
data was stolen by a group of hackers who cracked passwords; HSBC
detected the data theft from their IT staff within a few days.c)
Malware was used to steal the account data; network intrusion
detection systems detected the theft as it was happening.d)
Competitors stole the account data; HSBC learned about the theft
months later when customers complained about identity theft.
5. Protecting data and business operations involves all of the
following efforts except:a) making data and documents available and
accessible 24x7 while also restricting access.b) implementing and
enforcing procedures and acceptable use policies for company-owned
data, hardware, software, and networks.c) storing and archiving all
databases and data warehouses on-site protected by firewalls. d)
recovering from business disasters and disruptions quickly.
6. Prior to 2002, what was the common perspective on infosec?a)
Infosec was mostly a financial issue assigned to the accounting
department.b) The focus was on preemptive approaches to protect
ahead of the threats.c) The biggest concerns were risks from
employees and malware.d) Infosec was viewed as a cost rather than
as a resource for preventing business disruptions.
7. A majority of data breaches involve: a) insider error or
action that is either intentional or unintentional.b) insider
action that is intentional.c) former employees and IT staff.d)
hackers.
8. Which of the following is not a characteristic of IT
security? a) IT security is so integral to business objectives that
it cannot be treated as a stand-alone function.b) Internal threats
are not a major challenge because firewalls prevent employee
malicious activity.c) Infosec failures have a direct impact on
business performance, customers, business partners, and
stakeholders.d) Infosec failures can lead to fines, legal action,
and steep declines in stock prices as investors react to the
crisis.
9. A(n) __________ is something or someone that may result in
harm to an asset. a) threatb) riskc) vulnerabilityd) exploit
10. A(n) __________ is the probability of a threat exploiting a
vulnerability. a) threatb) riskc) vulnerabilityd) exploit
11. __________ is the ability of an IS to continue to operate
when a failure occurs, usually operating for a limited time or at a
reduced level. a) Botnetb) Exposurec) Fault toleranced)
Spoofing
12. Facebook, YouTube, Twitter, LinkedIn, and other social
networks are making IT security dangers worse. Why? a) Users invite
in and build relationships with others. Cybercriminals hack into
these trusted relationships using stolen log-ins.b) E-mail viruses
and malware have been increasing for years even though e-mail
security has improved.c) Communication has shifted from social
networks to smartphones.d) Web filtering, user education, and
strict policies cannot help prevent IT security dangers on Facebook
and other social networks.
13. __________ is the elapsed time between when vulnerability is
discovered and when its exploited and has shrunk from months to
__________. a) Time-to-exploitation; weeksb) Time-to-exploitation;
minutesc) Denial of service; daysd) Denial of service; seconds
14. When new vulnerabilities are found in operating systems,
applications, or wired and wireless networks, vendors of those
products release __________ or __________ to fix the
vulnerabilities. a) patches; service packsb) patches; downloadsc)
firewalls; spywared) service packs; firewalls
15. Which of the following is not a characteristic of money
laundering and terrorist financing? a) Transnational organized
crime groups use money laundering to fund their operations, which
creates international and national security threats.b) Cybercrime
is safer and easier than selling drugs, dealing in black market
diamonds, or robbing banks.c) Funds used to finance terrorist
operations are easy to track, which provides evidence to identify
and locate leaders of terrorist organizations and cells.d) Online
gambling offers easy fronts for international money-laundering
operations.
16. Hackers involve unsuspecting insiders in their crimes using
tactics called __________ that trick insiders into revealing access
codes that outsiders should not have.a) social engineeringb)
phishingc) spoofingd) botnets
17. A(n) __________ occurs when a server or Web site receives a
flood of trafficmuch more traffic or requests for service than it
can handle, causing it to crash.a) advanced persistent threat
(APT)b) spoofing attackc) malware intrusiond) denial of service
(DoS) attack
18. Which of the following is not one of the essential defenses
against botnets and malware? a) Anti-malware tools and anti-virus
software b) Intrusion detection systems (IDS)c) Spyware and warez
softwared) Intrusion prevention systems (IPS)
19. Internal fraud prevention and detection measures are based
on __________ and __________. a) a detailed recovery plan;
containment, including a fault-tolerant system b) perimeter defense
technologies, such as e-mail scanners; human resource procedures,
such as recruitment screening c) general controls; application
controlsd) physical controls, including authorization;
authentication systems
20. Crime can be divided into two categories depending on the
tactics used to carry out the crime. What are those two categories?
a) personal and non-personalb) felonies and misdemeanorsc) insider
and outsiderd) violent and nonviolent
21. Fraud is nonviolent crime that is carried out using
__________. a) a gun, knife, or other small weaponb) deception,
confidence, and trickeryc) embezzlement and electronic transfers of
moneyd) bribery and threats
22. __________ refers to the deliberate misuse of the assets of
ones employer for personal gain.a) Corruptionb) Conflict of
interestc) Occupational fraudd) Earnings management
23. Bernard Madoff is in jail after pleading guilty in 2009 to
the biggest fraud in Wall Street history. Madoff carried out his
fraud over four decades by relying on __________. a) financial
expertise and human errorb) social engineering and the
predictability of human naturec) red flags and accounting
loopholesd) unbelievable returns that defied the market
24. What is the most cost-effective approach to managing fraud?
a) preventionb) detectionc) prosecutiond) compliance
25. Fraud management starts with corporate governance culture
and ethics __________.a) in the accounting departmentb) in the IT
departmentc) at the top levels of the organizationd) at the lowest
levels of the organization
26. One of the worst and most prevalent crimes is __________. a)
stolen computersb) identity theftc) network intrusiond) malware
27. The objective of IT security management practices is to
defend __________.a) data and data processing capabilitiesb)
hardware and software applications and wireless devicesc) data and
networksd) data, hardware, software applications, and networks
28. Before the people who are responsible for security make any
decisions about infosec defenses, they must understand
__________.a) the requirements and operations of the businessb) how
firewalls, anti-virus software, and other technology functionc)
tactics of hackers, fraudsters, botnets, and identity thievesd) how
much to invest in risk management
29. Fingerprints, retinal scans, and voice scans for user
identification are examples of __________ controls.a) accessb)
biometricc) applicationd) physical
30. Physical security includes several controls. Which of the
following is not a type of physical control? a) Security bonds or
malfeasance insurance for key employeesb) Emergency power shutoff
and backup batteriesc) Shielding against electromagnetic fieldsd)
Properly designed and maintained air-conditioning systems
31. Which of the following is not a type of administrative
control for information assurance and risk management?a) Fostering
company loyaltyb) Immediately revoking access privileges of
dismissed, resigned, or transferred employeesc) Instituting
separation of duties by dividing sensitive computer duties among as
many employees as economically feasibled) Performing authorization
and authentication
32. Locking a Blackberry does not provide strong data
protection. Why?
a) Security company IronKey reported that password cracking
software can quickly copy the contents of a BlackBerry's SD card
and crack a 4-digit PIN in 30 seconds. b) Password cracking
software can crack security on a handheld device without alerting
the owner that the devices security has been compromised.c)
password cracking software can store log-in information for the
cracked handheld, allowing a hacker to access the hacked device
again, unless the user changes the password.d) All of the
above.
33. Network security involves three types of defenses, which are
referred to as layers. Those layers consist of each of the
following except:a) perimeter security layer to control access to
the network.b) authentication layer to verify the identity of the
person requesting access to the network.c) biometrics layer to
monitor network usage.d) authorization layer to control what
authenticated users can do once they are given access to the
network.
34. A __________ is a system, or group of systems, that enforces
an access-control policy between two networks.a) firewallb)
switchc) routerd) gateway
35. The major objective of __________ is proof of identity to
identify the legitimate user and determine the action he or she is
allowed to perform.a) authorizationb) authenticationc) endpoint
securityd) information assurance
36. When dealing with consumer-facing applications, such as
online banking and e-commerce, strong authentication must be
balanced with __________.a) convenienceb) encryptionc)
authorizationd) all of the above
37. Sensitive data that are encrypted with wired equivalent
privacy (WEP) and transmitted between two wireless devices
__________.a) is fully securedb) cannot be authenticatedc) has a
moderate level of securityd) may be intercepted and disclosed
38. All of the following are characteristics of firewalls
except: a) Firewalls are a barrier between a corporate intranet or
other internal networks and the Internet.b) Firewalls function by
deciding what traffic to allow into and out of the network and what
traffic to block.c) Firewalls must be configured to enforce the
companys security procedures and policies.d) Network firewalls stop
all viruses and most other types of malware.
39. __________, such as AirSnort and WEPcrack, are readily
available tools that can be used to gain unauthorized access to
networks putting them at great risk.a) Wireless packet analyzersb)
Password crackersc) Firewall sniffersd) Intrusion detectors
40. __________ is a security technology for wireless networks
that improves on the authentication and encryption features of
WEP.a) Network access control (NAC)b) Security exchange commission
(SEC)c) Wi-Fi protected access (WPA)d) Intrusion detection system
(IDS)
41. The Sarbanes-Oxley Act (SOX): a) is an antifraud law.b)
forces more accurate business reporting and disclosure of GAAP
(generally accepted accounting principles) violations.c) makes it
necessary to find and root out fraud.d) All of the above
42. Symptoms of fraud that can be detected by internal controls
include all of the following except: a) missing documents.b)
delayed bank deposits.c) employees who do not take vacations or go
out of their way to work overtime.d) large increase in network
traffic.
43. An estimated __________ of companies that suffer a
significant data loss often go out of business within five years.a)
23%b) 43%c) 73%d) 93%
44. __________ is the chain of events linking the business
continuity plan to protection and to recovery.a) Disaster
recoveryb) Auditingc) Date recoveryd) Internal control
45. According to a Workplace E-Mail and Instant Messaging Survey
of 840 U.S. companies, approximately__________ have had employee
e-mail or text messages subpoenaed as part of a lawsuit or
regulatory investigation.a) 5%b) 10%c) 20%d) 33%
True/False
46. A fiduciary responsibility is both a legal and an ethical
obligation.
47. In general, risk management is expensive to the
organization, but convenient for users.
48. The theft of confidential account data from HSBC Private
Bank in Switzerland in 2007 had been done by hackers because of
inadequate security controls.
49. Firewalls and intrusion detection systems are placed
throughout networks to monitor and control traffic into and out of
a network.
50. Today, infosec is mostly a technology issue assigned to the
IT department. Incidents are handled on a case-by-case cleanup
basis rather than by taking a preemptive approach to protect ahead
of the threats.
51. There has been a steep increase in malware because of the
availability of free, easy to use, powerful toolkits that even
novice cyber criminals can use to develop malware.
52. A majority of data breaches involve some sort of insider
error or action either intentional or unintentional. That is, the
greatest infosec risks are employees and managers.
53. IT security is so integral to business objectives that it
needs to be treated as a stand-alone function.
54. Despite the challenges organizations face trying to protect
against threats from employees, insider incidents can be minimized
with a layered defense strategy consisting of security procedures,
acceptable use policies, and technology controls.
55. Types of unintentional threats that organizations must
defend against as part of their IT security measures are human
errors, sabotage, environmental hazards, and computer system
failures.
56. Corporate and government secrets are currently being stolen
by a serious threat called advanced persistent threat (APT), which
are designed for long-term espionage. Once installed on a network,
ATPs transmit copies of documents, such as Microsoft Office files
and PDFs, in stealth mode.
57. Financial institutions, data processing firms, and retail
businesses do not have to notify potential victims or reveal data
breaches in which customers personal financial information may have
been stolen, lost, or compromised.
58. The infosec defense strategies and controls depend on what
needs to be protected and the cost-benefit analysis. That is,
companies should neither under-invest nor over-invest.
59. Newly released viruses with unidentified signatures or that
are hidden in an e-mail attachment are blocked by firewalls and
antivirus software from entering a companys network.
60. Sarbanes-Oxley Act is an antifraud law. It forces more
accurate business reporting and disclosure of GAAP (generally
accepted accounting principles) violations, thus making it
necessary to find and root out fraud.
Short Answer
61. __________ is the word that refers to viruses, worms, trojan
horses, spyware, and all other types of disruptive, destructive, or
unwanted programs.
62. __________ is the supervision, monitoring, and control of
the organizations IT assets. COBIT is a guide to best practices in
this area.
63. The purpose of the PCI DSS is to improve customers__________
in e-commerce, especially when it comes to online payments, and to
increase the Web security of online merchants.
64. From an infosec perspective, __________ has been used by
criminals or corporate spies to trick insiders into revealing
information or access codes that outsiders should not have
65. A __________ attack occurs when a server or Web site
receives a flood of trafficmuch more traffic or requests for
service than it can handle, causing it to crash.
66. A __________ control is an automated method of verifying the
identity of a person, based on physical or behavioral
characteristics, such as a fingerprint or voice scan.
67. All Internet traffic, which travels as packets, should have
to pass through a(n) __________ , but that is rarely the case for
instant messages and wireless traffic.
68. The __________ environment is the work atmosphere that a
company sets for its employees in order to achieve reliable
financial reporting and compliance with laws, regulations, and
policies.
69. An important element in any security system is the
__________ plan, also known as the disaster recovery plan, which
outlines the process by which businesses should recover from a
major disaster.
70. Under the doctrine of __________ , senior managers and
directors have a fiduciary obligation to use reasonable care to
protect the companys business operations. When they fail to meet
the companys legal and regulatory duties, they can face lawsuits or
other legal action.
Essay
71. Why are internal threats a major challenge for
organizations? How can internal threats be minimized?
72. Why do social networks and cloud computing increase IT
security risks? How can those risks be reduced?
73. Identify and explain four of the major objectives of IT
security defense strategies:
74. Why do fraud prevention and detection require an effective
monitoring system?
75. Implementing security programs raises many ethical issues.
Identify two of these ethical issues.