rainer5ce_ch04_testbank
docx
keyboard_arrow_up
School
University of Calgary *
*We aren’t endorsed by this school
Course
317
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
59
Uploaded by UltraDeer378
Rainer, Information System, Fifth Canadian Edition Testbank
Package Title: Chapter 4, Testbank
Course Title: Rainer, IS 5e
Chapter Number: 4
Question type: Multiple Choice
1) The 2017 Equifax data breach occurred because attackers _______.
a) exploited a vulnerability in some web application software
b) sent e-mails to consumers with links to websites with malicious software
c) used social engineering to get user IDs and passwords from employees
d) were able to access discarded equipment with sensitive information
Answer: A
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 1: Compare and contrast human mistakes and social engineering and provide
a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
2) Equifax hired _______ to help after they suffered two breaches in 2017.
a) Cylance
b) Mandiant
c) Praetorian
d) Zero Trust
Answer: B
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 1: Compare and contrast human mistakes and social engineering and provide
a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
3) Consumers ___ put a freeze on their credit with the three credit bureaus; this is ____ for consumers.
a) can; an appealing fix
Rainer, Information System, Fifth Canadian Edition Testbank
b) can; not an appealing fix
c) cannot; is a problem for
d)cannot; irrelevant
Answer: B
Difficulty: Medium
Section Reference 1: Opening Case
Learning Objective 1: Compare and contrast human mistakes and social engineering and provide
a specific example of each one.
Bloomcode: Analysis
Standard 1: AACSB || Technology
4) A(n) _________ to an information resource is any danger to which a system may be exposed.
a) exposure
b) risk
c) threat
d) vulnerability
Answer: c
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge Standard 1: AACSB || Technology
5) The _________ of an information resource is the harm, loss, or damage that can result if a threat compromises that resource.
a) exposure
b) risk
c) threat
d) vulnerability
Answer: a
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge Standard 1: AACSB || Technology
Rainer, Information System, Fifth Canadian Edition Testbank
6) An information resource’s _________ is the possibility that the system will be harmed by a threat.
a) exposure
b) risk
c) threat
d) vulnerability
Answer: d
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge Standard 1: AACSB || Technology
7) Which of the following does NOT contribute to the increasing vulnerability of organizational information resources?
a) Increasing skills necessary to be a computer hacker
b) International organized crime taking over cybercrime
c) Lack of management support
d) Smaller, faster, cheaper computers and storage devices
e) Today’s interconnected, interdependent, wirelessly networked business environment
Answer: a
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge Standard 1: AACSB || Technology
8) Which of the following does NOT contribute to the increasing vulnerability of organizational information resources?
a) Additional management support
b) Decreasing skills necessary to be a computer hacker
c) International organized crime taking over cybercrime
d) Smaller, faster, cheaper computers and storage devices
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
e) Today’s interconnected, interdependent, wirelessly networked business environment
Answer: a
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge Standard 1: AACSB || Technology
9) A(n) _________ network is any network within your organization; a(n) _________ network is
any network external to your organization.
a) trusted; trusted
b) trusted; untrusted
c) untrusted; trusted
d) untrusted; untrusted
Answer: b
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge Standard 1: AACSB || Technology
10) Computer crimes typically average _________ of dollars and cause businesses _________ of
dollars in damages.
a) hundreds; millions
b) hundreds; billions
c) hundreds of thousands; millions
d) hundreds of thousands; billions
Answer: d
Difficulty: Medium
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge Standard 1: AACSB || Technology
Rainer, Information System, Fifth Canadian Edition Testbank
11) Careless Internet surfing is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Answer: b
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
12) You leave your laptop at your desk while you go to the restroom. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Answer: b
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Application Standard 1: AACSB || Technology
13) You lose the company’s USB with your sales spreadsheets on it. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Answer: b
Rainer, Information System, Fifth Canadian Edition Testbank
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Application Standard 1: AACSB || Technology
14) You open an e-mail from your friend that looks a little odd, but you figure your friend would never send you anything bad. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Answer: b
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Application Standard 1: AACSB || Technology
15) You don’t lock your computer when you go to the restroom. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Answer: b
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Application Standard 1: AACSB || Technology
16) Carelessness using unmanaged devices is _________ and is an _________ mistake.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Answer: b
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
17) You get a new smartphone and throw your old one away without erasing all your data. This is
_________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Answer: b
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Application Standard 1: AACSB || Technology
18) You never wipe the dust off your computer. This is _________ and is an _________ mistake.
a) a human error; intentional
b) a human error; unintentional
c) social engineering; intentional
d) social engineering; unintentional
Answer: b
Difficulty: Medium
Section Reference 1: 4.2
Rainer, Information System, Fifth Canadian Edition Testbank
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Application Standard 1: AACSB || Technology
19) _________ is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords.
a) Espionage
b) Malware
c) Profiling
d) Social engineering
Answer: d
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
20) You are a nice person, so you hold the door open for the person running in behind you. Since you needed to use your ID badge to open the door, the person running in behind you is __________; this is _________.
a) shoulder surfing; a good way to show kindness that causes no harm
b) shoulder surfing; an unintentional threat to your organization
c) tailgating; a good way to show kindness that causes no harm
d) tailgating; an unintentional threat to your organization
Answer: d
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
21) _________ is an unintentional threat.
a) Espionage
Rainer, Information System, Fifth Canadian Edition Testbank
b) Identity theft
c) Social engineering
d) Software attacks
Answer: c
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
22) _________ occurs when an unauthorized individual attempts to gain illegal access to organizational information.
a) Alien software
b) Espionage
c) Identity theft
d) Information extortion
Answer: b
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
23) _________ occur(s) when an attacker either threatens to steal, or actually steals, information from a company and then demands payment for not carrying out a particular act.
a) Alien software
b) Espionage
c) Information extortion
d) SCADA attacks
Answer: c
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
24) _________ is a deliberate act that involves defacing an organization’s website, potentially damaging the organization’s image and causing its customers to lose faith.
a) Espionage
b) Sabotage
c) SCADA attacks
d) Software attacks
Answer: b
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
25) If humans are careless with laptops, this is an _________ error which could cause theft of equipment or information (an _________ error) .
a) intentional; intentional
b) intentional; unintentional
c) unintentional; intentional
d) unintentional; unintentional
Answer: c
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
26) Intellectual property is NOT protected under _________ laws.
a) copyright
b) patent
c) privacy d) trade secret
Answer: c
Difficulty: Medium
Rainer, Information System, Fifth Canadian Edition Testbank
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
27) A _________ is an intellectual work that is not based on public information.
a) copyright
b) patent
c) trade secret
d) trademark
Answer: c
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
28) A _________ is an official document that grants the holder exclusive rights on an invention or a process for a specified period of time.
a) copyright
b) patent
c) trade secret
d) trademark
Answer: b
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
29) A _________ is a statutory grant that provides the creators or owners of intellectual property with ownership of the property for a designated period.
a) copyright
b) patent
c) trade secret
d) trademark
Rainer, Information System, Fifth Canadian Edition Testbank
Answer: a
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
30) Current US laws award patents for _________ years and copyright protection for _________
years.
a) 20; 20
b) 20; life+70
c) life+70; 20
d) life+70; life+70
Answer: b
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
31) You purchased a copy of Microsoft Office and give a copy to a friend so he/she doesn’t have to buy it too. This is _________ and is _________.
a) piracy; legal
b) piracy; illegal
c) social engineering; legal
d) social engineering; illegal
Answer: b
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
32) Piracy costs businesses _________ of dollars per year.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
a) hundreds
b) millions
c) billions
d) trillions
Answer: c
Difficulty: Hard
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
33) _________ is a remote attack requiring user action.
a) DoS
b) A logic bomb
c) A Trojan horse
d) Virus
Answer: d
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
34) _________ is a remote attack requiring no user action.
a) DoS
b) A logic bomb
c) A Trojan horse
d) Virus
Answer: a
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
Rainer, Information System, Fifth Canadian Edition Testbank
35) _________ is an attack by a programmer developing a system.
a) DoS
b) A phishing attack
c) A Trojan horse
d) Virus
Answer: c
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
36) Hackers would use a botnet to perform a _________.
a) DDoS
b) a logic bomb
c) a Trojan horse
d) virus
Answer: a
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
37) _________ causes pop-up advertisements to appear on your screen.
a) Adware
b) Marketware
c) Spamware
d) Spyware
Answer: a
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
Rainer, Information System, Fifth Canadian Edition Testbank
38) _________ collects personal information about users without their consent.
a) Adware
b) Marketware
c) Spamware
d) Spyware
Answer: d
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
39) Keystroke loggers and screen scrapers are examples of _________.
a) adware
b) marketware
c) spamware
d) spyware
Answer: d
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
40) _________ is pestware that users your computer as a launch pad for unsolicited e-mail, usually advertising for products and services.
a) Adware
b) Marketware
c) Spamware
d) Spyware
Answer: c
Difficulty: Easy
Section Reference 1: 4.3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
41) Spam costs US companies _________ of dollars per year.
a) hundreds
b) millions
c) billions
d) trillions
Answer: c
Difficulty: Hard
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
42) If a hacker takes control of equipment such as power grids or nuclear power plants, this is an example of a(n) _________ attack.
a) alien software
b) espionage
c) SCADA
d) virus
Answer: c
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
43) _________ refers to malicious acts in which attackers use a target’s computer systems to cause physical, real-world harm or severe disruption, often to carry out a political agenda.
a) A SCADA attack
b) Cyberterrorism
c) Espionage
d) Identity theft
Rainer, Information System, Fifth Canadian Edition Testbank
Answer: b
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
44) The U.S. government considers the Sony hack _________.
a) a SCADA attack
b) cyberterrorism
c) espionage
d) identity theft
Answer: b
Difficulty: Hard
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
45) Whaling attack is a targeted attempt to ____________
a) Bring down a company’s server
b) Steal sensitive information from a company such as financial data or personal details about employees
c) Break encryption keys d) Perform SQL injection attacks on a server
Answer: B
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
46) The DarkHotel Group has continually evolved its tactics and has integrated whaling and social engineering techniques into its malware in order to_______ ,_____________.
Rainer, Information System, Fifth Canadian Edition Testbank
a) Conduct espionage on corporate research and development.
.
b) To advertise products with its malware.
c) Sell private data to companies for marketing purposes
d) Identify your search engine searches for Google ads targeting. .
Answer: A
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Comprehension
Standard 1: AACSB || Technology
47) A ______ attack is a targeted attempt to steal sensitive information from a company, such as financial data or personal details about employees.
a) Phishing
b) Spear-phishing
c) Spear-whaling
d) Whaling
Answer: D
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
48) The goal of whaling is to trick a(n) _______ into revealing personal or corporate data.
a) executive
b) factory worker
c) janitor
d) salesperson
Answer: A
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
49) The entire basis of a whaling attack is to ___________.
a) appear as authentic as possible with actual logos, phone numbers, and various other details used in communications that come from fake email addresses.
b) be as ambiguous and broad as possible so that no one person is targeted; rather, a large division in a company is.
c) appeal to as many companies as possible at the same time, therefore increasing the likelihood that one will “take the bait.”
d) establish a line of communication with an entry-level employee or employees first to gain trust, and then gain access to larger systems.
Answer: A
Difficulty: Medium
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Technology
50) Which well-known company has NOT fallen victim to a whaling attack at present?
a) Snapchat
b) Yahoo!
c) Google
d) Facebook
Answer: B
Difficulty: Easy
Section Reference 1: IT’s About Business 4.2
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Comprehension
Standard 1: AACSB || Technology
51) What is TRUE of the DarkHotel Group attacks?
a) In 2017, they were able to extract over $100 million dollars from Facebook through whaling attacks.
b) Despite utilizing a variation of the same type of attack on intellectual property for over a decade, the group continues to perpetrate cybercrimes and elude arrest.
c) They have been specifically targeting political figures since sometime around 2007 by hacking
into donor lists.
Rainer, Information System, Fifth Canadian Edition Testbank
d) The group is effective largely because they continually evolve their tactics.
Answer: D
Difficulty: Medium
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Technology
52) Dyn is a cloud-based internet performance management company that provides DNS services for internet websites. It was attacked with _________ in 2016.
a) alien software
b) a DDoS
c) espionage
d) a SCADA attack
Answer: b
Difficulty: Easy
Section Reference 1: IT’s About Business 4.2
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
53) Dyn’s hackers formed a botnet from _________.
a) corporate servers
b) devices incorporating the Internet of Things
c) individuals willing to become part-time hackers
d) programmers within the company
Answer: b
Difficulty: Medium
Section Reference 1: IT’s About Business 4.2
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
54) Jim finds out that someone accessed his bank account pretending to be him and stole thousands of dollars. This is an example of ____________.
Rainer, Information System, Fifth Canadian Edition Testbank
a) sabotage
b) identity theft
c) intellectual property d) information extortion Answer: b
Difficulty: Medium
Section Reference 1: 4.3 Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Technology
55) Sarah received an email that claimed to be from her bank. The email asked her to provide her password. Sarah later found out that the email was not from her bank and that she had given sensitive information to someone who gained access to her accounts. This is an example of a ____________.
a) worm
b) trojan horse
c) phishing attack
d) denial of service attack
Answer: c
Difficulty: Medium
Section Reference 1: 4.3 Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Technology
56) An employee at ABC Inc. downloaded an email and opened the attachment contained within the message. Shortly afterwards all employees were blocked from accessing files on the company’s servers and the criminals told ABC Inc. they would have to pay a large amount of Bitcoin to regain access to their files. ABC Inc. was a victim of ____________. a) ransomware b) identity theft c) spyware
d) cyber warfare Answer: a
Difficulty: Medium
Section Reference 1: 4.3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Technology
57) If you accept the potential risk, continue operating with no controls, and absorb any damages
that occur, you have adopted a risk _________ strategy.
a) acceptance
b) avoidance
c) limitation
d) transference
Answer: a
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge Standard 1: AACSB || Technology
58) Your company decides not to implement security procedures because employees refuse to comply anyway. This is an example of risk _________.
a) acceptance
b) avoidance
c) limitation
d) transference
Answer: a
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Application Standard 1: AACSB || Technology
59) If you limit your risk by implementing controls that minimize the impact of the threat, you have implemented a risk _________ strategy.
a) acceptance
b) avoidance
c) limitation
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
d) transference
Answer: c
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge Standard 1: AACSB || Technology
60) Your company hires FireEye to install security software and monitor your systems. This is an
example of risk _________.
a) acceptance
b) avoidance
c) limitation
d) transference
Answer: c
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Application Standard 1: AACSB || Technology
61) If you shift your risk by using other means to compensate for the loss like purchasing insurance, you have implemented a risk _________ strategy.
a) acceptance
b) avoidance
c) limitation
d) transference
Answer: d
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Comprehension Standard 1: AACSB || Technology
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
62) Your company decides to purchase security insurance from Travelers Insurance in case your systems get hacked and employee information is stolen. This is an example of risk _________.
a) acceptance
b) avoidance
c) limitation
d) transference
Answer: d
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Application Standard 1: AACSB || Technology
63) _________ is a physical control.
a) A company gate
b) Encryption
c) A firewall
d) VPN
Answer: a
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
64) _________ is an access control.
a) A company gate
b) Encryption
c) A firewall
d) RFID
Answer: b
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
65) _________ is a communications control.
a) A company gate
b) Encryption
c) A firewall
d) RFID
Answer: c
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
66) _________ controls prevent unauthorized individuals from gaining access to a company’s facilities.
a) Access
b) Communications
c) Physical
d) Useful
Answer: c
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
67) _________ controls restrict unauthorized individuals from using information resources.
a) Access
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
b) Communications
c) Physical
d) Useful
Answer: a
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
68) _________ controls secure the movement of data across networks.
a) Access
b) Communications
c) Physical
d) Useful
Answer: b
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
69) Suppose your university automatically logs you off of a university computer after 15 minutes
of disuse. This is an example of a(n) _________ control.
a) access
b) communication
c) physical
d) useful
Answer: c
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Analysis
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Standard 1: AACSB || Technology
70) Biometrics is an example of something the user _________.
a) does
b) has
c) is
d) knows
Answer: c
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
71) Your student ID is an example of something the user _________.
a) does
b) has
c) is
d) knows
Answer: b
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Comprehension Standard 1: AACSB || Technology
72) If you have to speak into your phone to unlock it, this is an example of something the user _________.
a) does
b) has
c) is
d) knows
Answer: a
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Comprehension Standard 1: AACSB || Technology
73) Typing in your password to access a system is an example of something the user _________.
a) does
b) has
c) is
d) knows
Answer: d
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
74) A(n) _________ is a system that prevents a specific type of information from moving between untrusted networks and private networks.
a) anti-malware system
b) DMZ
c) ERP
d) firewall
Answer: d
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
75) A(n) _________ is a software package that attempts to identify and eliminate viruses and worms.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
a) anti-malware system
b) DMZ
c) ERP
d) firewall
Answer: a
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
76) A(n) _________ is located between two firewalls.
a) anti-malware system
b) DMZ
c) ERP
d) spamware detector
Answer: b
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
77) _________ is the process of converting an original message into a form that cannot be read by anyone except the intended receiver.
a) Authorization
b) Blacklisting
c) Encryption
d) Firewalling
Answer: c
Difficulty: Easy
Section Reference 1: 4.5
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
78) In public-key encryption, the _________ key is used for locking and the _________ key is used for unlocking.
a) private; private
b) private; public
c) public; private
d) public; public
Answer: c
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
79) _________ is a private network that uses a public network to connect users.
a) DoS
b) ERP
c) RFID
d) VPN
Answer: d
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
80) Which of the following is NOT an advantage of VPN?
a) Cost
b) Flexibility
c) Remote access
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
d) Security
Answer: a
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
81) A URL that begins with https uses _________.
a) DMZ
b) ERP
c) TLS
d) VPN
Answer: c
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
82) A _________ site is a fully configured computer facility with all of the company’s services, communication links, and physical plant operations.
a) cold
b) hot
c) medium
d) warm
Answer: b
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
83) A _________ site typically does not include the actual application the company needs to get the business back up and running immediately.
a) cold
b) hot
c) medium
d) warm
Answer: d
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
84) A _________ site provides only rudimentary services and facilities.
a) cold
b) hot
c) medium
d) warm
Answer: a
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
85) A _________ site is the most expensive option.
a) cold
b) hot
c) medium
d) warm
Answer: b
Difficulty: Medium
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
86) A _________ site is the least expensive option.
a) cold
b) hot
c) medium
d) warm
Answer: a
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
87) Suppose you have a primary location in New York City where you main corporate servers are located. Just in case something happens in New York City, you have backup servers that are updated every minute in Chicago. This is an example of a _________ site.
a) cold
b) hot
c) medium
d) warm
Answer: b
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Application Standard 1: AACSB || Technology
88) Auditing _________ the computer means verifying processing by checking for known outputs using specific inputs.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
a) around
b) into
c) through
d) with
Answer: a
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
89) Auditing _________ the computer means auditors check inputs, outputs, and processing.
a) around
b) into
c) through
d) with
Answer: c
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
90) Auditing _________ the computer means using a combination of client data, auditor software, and client and auditor hardware.
a) around
b) into
c) through
d) with
Answer: d
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Bloomcode: Knowledge Standard 1: AACSB || Technology
91) Dave and Darla are worried about their home’s security as there have been a lot of robberies in the neighborhood lately. To ease their concern, they purchase insurance for their home and possessions. This is an example of __________. a) risk analysis
b) risk acceptance
c) risk transference d) controls
Answer: c
Difficulty: Medium
Section Reference 1: 4.4 Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Application
Standard 1: AACSB || Technology
92) XYZ Inc. scanned the fingerprints of all of their employees and now uses these fingerprints to authenticate their employees and grant them access to different areas of the company’s facilities. XYZ Inc. is utilizing which type of technology?
a) Cookies
b) Intellectual Property
c) Biometrics
d) Malware
Answer: c
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
93) Judith works from home. In order to access her corporate email and other computer systems she logs into a virtual private network (VPN). The VPN is an example of _____________.
a) a communications control
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
b) a passphrase
c) a digital certificate
d) an audit
Answer: a
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
94) Triple Z Travelsite allows customers to reserve discount hotel rooms and airline tickets with certain companies they have relationships with. In order to secure the credit card information used by customers, which of the following controls would you recommend Triple Z use? a) Biometrics
b) Transport layer security
c) Whitelisting d) Audits
Answer: a
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Application
Standard 1: AACSB || Technology
95) Ransomware negatively affected the city of Atlanta in many ways. Which vulnerability was the main cause of the problems?
a) Today’s interconnected, interdependent, wirelessly networked business environment
b) Smaller, faster, cheaper computers and storage devices
c) Decreasing skills necessary to be a computer hacker
d) International organized crime taking over cybercrime
e) Lack of management support
Answer: E
Difficulty: Hard
Section Reference 1: Closing Case
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Evaluation
Standard 1: AACSB || Technology
96) _______ is designed to erase information permanently, not to hold it ransom.
a) Petya
b) RobbinHood
c) SamSam
d) WannaCry
Answer: A
Difficulty: Easy
Section Reference 1: Closing Case
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
Question type: True/False
97) The 2017 Equifax data breach was more damaging to lenders than to consumers.
Answer: False
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
98) Equifax’s CIO, CTO, and CEO lost their jobs due to the 2017 data breach.
Answer: True
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 1: Compare and contrast human mistakes and social engineering and provide
a specific example of each one.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
99) Equifax could have upgraded and patched the software that was the cause of the breach.
Answer: True
Difficulty: Easy
Section Reference 1: Opening Case
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
100) An intranet is a trusted network.
Answer: True
Difficulty: Hard
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Synthesis Standard 1: AACSB || Technology
101) VPN is a trusted network.
Answer: True
Difficulty: Hard
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Synthesis Standard 1: AACSB || Technology
102) The internet is an untrusted network.
Answer: True
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge Standard 1: AACSB || Technology
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
103) The recent trend indicates that CEOs lose their jobs after data breaches. In theory, this should impact the “lack of management support” factor that increases the vulnerability of organizational information resources.
Answer: True
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge Standard 1: AACSB || Technology
104) Cybercrime is typically nonviolent but lucrative.
Answer: True
Difficulty: Medium
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge Standard 1: AACSB || Technology
105) It is always safe to open e-mails and click on links from your friends.
Answer: False
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Application Standard 1: AACSB || Technology
106) If a hacker enters a building with an official-looking ID badge. This is considered social engineering.
Answer: True
Difficulty: Medium
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
107) Social engineers will often pose as real employees or contractors such as exterminators or fire marshals.
Answer: True
Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
108) Social engineering is an unintentional threat on the part of the employee.
Answer: True
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
109) You are a nice person, so you hold the door open for the person running in behind you. Since you needed to use your ID badge to open the door, the person running in behind you is tailgating.
Answer: True
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
110) You need to be particularly careful of tailgating at airport terminals.
Answer: False
Difficulty: Easy
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
111) Competitive intelligence and espionage are similar except that competitive intelligence crosses the legal boundary.
Answer: False
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
112) Competitive intelligence is legal while espionage is illegal even though both involve collecting information about competitors.
Answer: True
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
113) Dumpster diving is always theft and is always illegal.
Answer: False
Difficulty: Hard
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
114) Once a copyright and patent is established, it applies to all countries in the world.
Answer: False
Difficulty: Hard
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
115) You purchased a copy of Microsoft Office and give a copy to a friend so he/she doesn’t have to buy it too. This is piracy and is illegal.
Answer: True
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
116) You are a computer programmer who feels short-changed by your organization. To get back at them, you would most likely use a Trojan horse, back door, or logic bomb.
Answer: True
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
117) Cyberterrorism is typically carried out by individuals or groups whereas cyberwarfare is carried out by nation states or nonstate actors such as terrorists.
Answer: True
Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
118) DarkHotel’s attacks begin with high-level viruses individually designed to be interesting and convincing to the target victim.
Answer: False
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
119) In early 2017, reports confirmed that Google and Facebook had lost $100 million through whaling attacks. Answer: True
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
120) Whaling attacks are easier to detect than typical phishing attacks because they are so highly personalized and targeted.
Answer: False
Difficulty: Easy
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
121) Whaling attacks have the biggest impact on financial institutions due to the nature of their business; it is not a true concern for other types of organizations.
Answer: False
Difficulty: Medium
Section Reference 1: IT’s About Business 4.1
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Application
Standard 1: AACSB || Technology
122) The Dyn DDoS hack illustrates the vulnerability of the Internet of Things.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Answer: True
Difficulty: Medium
Section Reference 1: IT’s About Business 4.2
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Analysis Standard 1: AACSB || Technology
123) The SCADA attacks on Dyn were so severe that they eventually blocked or significantly slowed user access to dozens of other websites like Twitter, Netflix, and CNN.
Answer: False
Difficulty: Medium
Section Reference 1: IT’s About Business 4.2
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
124) Dyn is a cloud-based internet performance management company that provides virtual private networks for internet websites. Answer: False
Difficulty: Easy
Section Reference 1: IT’s About Business 4.2
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
125) IT security is the business of everyone in an organization.
Answer: True
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge Standard 1: AACSB || Technology
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
126) People tend to violate security procedures because the procedures are inconvenient.
Answer: True
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge Standard 1: AACSB || Technology
127) If you choose not to protect your information systems, you have adopted a risk acceptance strategy.
Answer: True
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Analysis Standard 1: AACSB || Technology
128) If you choose to spend as much as you can to protect your information systems, you have adopted a risk transference strategy.
Answer: False
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Analysis Standard 1: AACSB || Technology
129) If you choose limit your risk by implementing firewalls and other security measures, you have adopted a risk limitation strategy.
Answer: True
Difficulty: Medium
Section Reference 1: 4.4
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Analysis Standard 1: AACSB || Technology
130) ID cards address physical and access controls.
Answer: True
Difficulty: Hard
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Evaluation Standard 1: AACSB || Technology
131) Authentication occurs after authorization.
Answer: False
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
132) Passwords are a huge information security problem for all organizations.
Answer: True
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
133) Weak passwords can be addressed through multi-factor authentication.
Answer: True
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
134) Authorization means someone has privileges to do certain things on a system.
Answer: True
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Comprehension Standard 1: AACSB || Technology
135) Anti-malware systems are generally reactive.
Answer: True
Difficulty: Hard
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
136) Whitelisting allows nothing to run unless it is on the whitelist.
Answer: True
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
137) Blacklisting allows everything to run unless it is on the list.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Answer: True
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
138) People, devices, software, and websites can be blacklisted and whitelisted.
Answer: True
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
139) Employee monitoring systems are illegal and unethical.
Answer: False
Difficulty: Hard
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Synthesis Standard 1: AACSB || Technology
140) The external audit of information systems is frequently a part of the overall external auditing performed by a CPA firm.
Answer: True
Difficulty: Hard
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
141) People are not liable for fraudulent use of their credit cards.
Answer: True
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
142) A CPA firm typically performs an internal business audit. Answer: False
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
143) Government systems typically lack resources and IT expertise and operate on outdated hardware and software. This makes them particularly vulnerable to ransomware attacks.
Answer: True
Difficulty: Easy
Section Reference 1: Closing Case
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
144) RobbinHood was a DDoS attack on the city of Atlanta.
Answer: False
Difficulty: Easy
Section Reference 1: Closing Case
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge
Standard 1: AACSB || Technology
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Question type: Text Entry
145) ___ refers to all the processes and policies designed to protect an organization’s information
and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Answer: Information security
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge Standard 1: AACSB || Technology
146) A(n) ___ to an information resource is any danger to which a system may be exposed.
Answer: threat
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge Standard 1: AACSB || Technology
147) The ___ of an information resource is the harm, loss, or damage that can result if a threat compromises that resource.
Answer: exposure
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge Standard 1: AACSB || Technology
148) An information resource’s ___ is the possibility that the system will be harmed by a threat.
Answer: vulnerability
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge Standard 1: AACSB || Technology
149) ___ refers to illegal activities conducted over computer networks, particularly the internet.
Answer: cybercrime
Difficulty: Easy
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Knowledge Standard 1: AACSB || Technology
150) ___ involves rummaging through commercial or residential trash to find discarded information.
Answer: Dumpster diving
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
151) ___ is the deliberate assumption of another person’s identity, usually to gain access to his or
her financial information or to frame him or her for a crime.
Answer: Identity theft
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
152) A ___ is an intellectual work that is not based on public information.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Answer: trade secret
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
153) A ___ is an official document that grants the holder exclusive rights on an invention or a process for a specified period of time.
Answer: patent
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
154) A ___ is a statutory grant that provides the creators or owners of intellectual property with ownership of the property for a designated period.
Answer: copyright
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
155) ___ are small amounts of information that websites store on your computer, temporarily or more or less permanently.
Answer: Cookies
Difficulty: Easy
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Knowledge Standard 1: AACSB || Technology
156) A ___ is the probability that a threat will impact an information resource.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Answer: risk
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge Standard 1: AACSB || Technology
157) In risk ___, the organization takes concrete actions against risks.
Answer: mitigation
Difficulty: Easy
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Knowledge Standard 1: AACSB || Technology
158) Information security controls are also called ___.
Answer: defense mechanisms or countermeasures
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
159) ___ controls prevent unauthorized individuals from gaining access to a company’s facilities.
Answer: Physical
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
160) ___ controls restrict unauthorized individuals from using information resources.
Answer: Access
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
161) ___ controls secure the movement of data across networks.
Answer: Communications
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
162) Access controls involve two major functions: ___ and ___.
Answer 1: authentication
Answer 2: authorization
Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
163) ___ posits that users be granted the privilege for an activity only if there is a justifiable need
for them to perform that activity.
Answer: Least privilege
Difficulty: Easy
Section Reference 1: 4.5
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
164) ___ is a process in which a company identifies the software that it will allow to run on its computers.
Answer: Whitelisting
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
165) ___ allows everything to run unless it is on the list.
Answer: Blacklisting
Difficulty: Easy
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Knowledge Standard 1: AACSB || Technology
Question type: Essay
166) What are the five factors that contribute to the increasing vulnerability of organizational information resources? Consider a current data breach (e.g., Target’s credit card breach in 2013, Sony’s data breach in 2014, the Democratic National Committee breach in 2015) and how each of these factors contributed to that breach.
Answer: Difficulty: Hard
Section Reference 1: 4.1
Learning Objective 1: Identify the five factors that contribute to the increasing vulnerability of information resources and specific examples of each factor.
Bloomcode: Synthesis
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
Standard 1: AACSB || Communication
Standard 2 : AACSB || Analytic
Standard 3 : AACSB || Technology
Solution: 1) Today’s interconnected, interdependent, wirelessly networked business environment
Target – the Fazio connection, letting them have access; while the sensitive information was “walled off,” there were still “holes”
Sony – able to get access to a system via the Internet (not enough security)
DNC – Russians able to get into US systems during their office hours (employees made the internal network untrusted)
2) Smaller, faster, cheaper computers and storage devices
Target – it was easy for Target to store lots of customer information
Sony – everything was electronic (able to leak movies before officially released)
DNC – everything was electronic
3) Decreasing skills necessary to be a computer hacker
Target – the phishing attack on Fazio
Sony – used malware (a common tool was used)
DNC – used spear-phishing
4) International organized crime taking over cybercrime
Target – not in the US, stole lots of credit card numbers to sell them
Sony – conducted by North Korea (possibly to stop a controversial film)
DNC – Russia supposedly wanted to affect the election
5) Lack of management support
Target – while they installed FireEye, they didn’t work hard enough to use it properly
Sony – ignored threatening e-mails, hired the FBI and FireEye to protect employees
DNC – ignored FBI’s warnings; only one guy knew about it; they didn’t have secure systems
167) Why are employees the biggest threats to an organization? What can you do to protect your future company’s assets?
Answer: Difficulty: Medium
Section Reference 1: 4.2
Learning Objective 1: Compare and contrast human mistakes and social engineering, and provide a specific example of each one.
Bloomcode: Application
Standard 1: AACSB || Communication
Standard 2 : AACSB || Technology
Standard 3 : AACSB || Reflective Thinking
Solution: We tend to be careless with our devices and generally in our behavior (see Table 4.1)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
168) Identity theft is a deliberate threat to information systems and is one of the largest concerns of consumers and businesses today. What are the four techniques the book mentions for illegally obtaining information? How can you protect yourself from each of these threats?
Answer: Difficulty: Medium
Section Reference 1: 4.3
Learning Objective 1: Discuss the 10 types of deliberate attacks.
Bloomcode: Application Standard 1: AACSB || Communication
Standard 2 : AACSB || Technology
Standard 3 : AACSB || Reflective Thinking
Solution: 1) Dumpster diving – shred your sensitive information
2) Stealing personal information in computer databases – have strong passwords, encrypt the data
3) Infiltrating organizations (data aggregators) that store large amounts of personal information -
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
have strong passwords, encrypt the data
4) Phishing – never provide a user ID and password; always ensure the person/site is legitimate
169) Organizations spend a great deal of time and money protecting their information resources. To figure out what needs to be protected and how they are going to protect it, they need to perform risk management. What is the goal of risk management? List and describe the three processes of risk management. How can organizations mitigate risk? Describe a company that has adopted each risk mitigation strategy.
Answer:
Difficulty: Medium
Section Reference 1: 4.4
Learning Objective 1: Describe the three risk mitigation strategies, and provide an example of each one in the context of owning a home.
Bloomcode: Application Standard 1: AACSB || Technology
Solution: goal = identify, control, and minimize the impact of threats; processes = analysis (with three steps: assess value of assets, estimate probability of attack, compare costs of protecting versus not protecting), mitigation (three types as noted next), and controls evaluation (cost versus
benefit); mitigate = acceptance (no controls, absorb damage), limitation (try to minimize threat), transference (get insurance); examples: acceptance = Democratic National Committee, limitation
(Target installed FireEye software; although they didn’t implement all the functionality), transference (see Travelers Insurance options) 170) What are the six basic guidelines for creating strong passwords? Without divulging your passwords, how do your passwords “add up” and why? HINT: You should specifically address each of the six guidelines for your passwords. Now suppose you are a manager and you know employees won’t have strong passwords, how do you address this issue?
Answer: Difficulty: Medium
Section Reference 1: 4.5
Learning Objective 1: Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one.
Bloomcode: Comprehension, Analysis Standard 1: AACSB || Communication
Standard 2 : AACSB || Technology
Standard 3 : AACSB || Reflective Thinking
Solution: First question: 1) They should be difficult to guess.
2) They should be long rather than short.
3) They should have uppercase letters, lowercase letters, numbers, and special characters.
4) They should not be recognizable words.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Rainer, Information System, Fifth Canadian Edition Testbank
5) They should not be the name of anything or anyone familiar, such as family names or names of pets.
6) They should not be a recognizable string of numbers, such as a social security number or a birthday.
Second question: Require password resets every 60–90 days and set limitations on characters, capitalizations, numbers, letters, etc.; since they may then write these passwords down, require multi-factor authentication
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help