BUS 365 Week 4 Quiz 3 Chapter 4 and 5 – Strayer

BUS 365 E-Business Security and Controls Week 4 Quiz – Strayer (All Possible Questions With Answers)

Click on the Link Below to Purchase A+ Graded Course Material

http://budapp.net/BUS-365-Week-4-Quiz-Strayer-331.htm

 

Chapter 4 Network Management and Mobility

Multiple Choice

1. Connectivity and mobility are __________ issues.
a) 4G
b) network
c) Wi-Fi
d) social media

2. 4G networks are __________.
a) owned by Sprint
b) based on satellite transmission
c) hybrid analog networks
d) purely digital networks

3. Why did the New Mexico Department of Transportation start offering passengers free public 4G WiMAX Internet to make public transportation more attractive to commuters?
a) To assist with New Mexico’s goal to become a high-tech state.
b) To improve traffic congestion conditions.
c) To reduce pollution and smog conditions along the main traffic corridor in the state.
d) To reduce the population’s dependence on gasoline.

4. What are the basic functions or needs supported by business networks?
a) competitive advantage, decision support, and communication
b) analog and digital
c) mobility, collaboration, relationships, search
d) circuit and packet switching

5. Networks transmit __________, which carry voice or data between a sender and a receiver.
a) nodes
b) routers
c) signals
d) switches

6. Plain old telephone service (POTS) and most wired telephone calls are transmitted, at least in part, over a __________.
a) dedicated circuit that is only used for that call
b) dedicated circuit that is shared by many calls
c) packet circuit that is only used for that call
d) packet circuit that is shared by many calls

7. When you send a file or e-mail message over a network, it is broken into smaller blocks called __________ that follow different paths from the source to the destination.
a) circuits
b) nodes
c) packets
d) switches

8. __________ is the throughput capacity of a network, which is a measure of the speed at which data is transmitted.
a) Bandwidth
b) Protocol
c) TCP/IP
d) Broadband

9. A __________ is a set of rules that govern how devices on a network exchange information and function in order to “talk to each other.”
a) bandwidth
b) protocol
c) TCP/IP
d) broadband

10. __________ was created by the U.S. Department of Defense to ensure data integrity and maintain communications in the event of catastrophic war.
a) Bandwidth
b) Protocol
c) TCP/IP
d) Broadband

11. __________ is a general term that means fast transmission speed.
a) Bandwidth
b) Protocol
c) TCP/IP
d) Broadband

12. 4G technologies represent the latest stage in the evolution of __________ technologies.
a) computer hardware
b) software
c) satellite
d) wireless data

13. What is significant about 4G networks is that they do not have a __________, which both 2G and 3G networks do have.
a) packet-switched IP system
b) circuit-switched subsystem
c) WiMAX standard
d) GSM-based LTE subsystem

14. High performance __________ provide fantastic opportunities for mobility, mobile commerce, collaboration, supply chain management, remote work, and other productivity gains.
a) IP networks
b) Bluetooth devices
c) W-Fi hot spots
d) mobile handsets

15. When evaluating mobile network solutions, the factors to consider include all of the following except:
a) easy to deploy, manage and use.
b) always makes the best connection possible.
c) works separately from other systems.
d) enables secure and reliable communications.

16. All are factors contributing to mobility except:
a) more robust mobile OSs and applications.
b) vendor competition.
c) multitasking mobile devices.
d) overall increased speed of business.

17. __________ is a technology that allows computers to share a network or internet connection wirelessly without the need to connect to a commercial network.
a) RFID
b) LTE
c) WiMAX
d) Wi-Fi

18. All of the following describe WiMAX except:
a) an 802.16-based broadband wireless metropolitan area network (MAN) access standard.
b) can deliver voice and data services without the expense of cable.
c) has shorter distance limitations than DSL and cable.
d) does not require a clear line of sight to function.

19. Which is not one of the general types of mobile networks?
a) Bluetooth
b) wide area networks (WANs)
c) WiMAX
d) local area networks (LANs)

20. __________ are built by attaching a wireless access point (WAP) to the edge of the wired network.
a) WLANs
b) WiMAX
c) Wi-Fi hot spots
d) Base stations

21. __________ is key to success in everything from business partnerships to personal and professional relationships.
a) Access to mobile networks
b) Effective communication
c) Real-time decision making capability
d) The Internet

22. An enterprise’s network capability depends on all of the following except:
a) proper planning.
b) upgrades.
c) open culture.
d) bandwidth.

23. An enterprise’s collaboration capability depends on:
a) proper planning.
b) upgrades.
c) open culture.
d) bandwidth.

24. The __________ is critical because it provides the infrastructure for collaborative work within the company and with external partners and customers, regardless of their location.
a) network architecture
b) enterprise portal
c) social network
d) wireless access point

25. Within an enterprise, the capability and willingness to collaborate depends on:
a) a corporate culture that people trust.
b) information and tools.
c) authority to plan and make decisions.
d) all of the above

26. What was a cause of the U.S. Customs’ network crash at Los Angeles Airport (LAX) that stranded passengers for up to 11 hours?
a) A new cutting edge network that had not been tested sufficiently
b) A hacker attack
c) Equipment breakdown and human error
d) Power failure

27. Why had various information services—namely documents, voice, and video—functioned independently of each other?
a) They were transmitted using different protocols.
b) For information privacy and security reasons.
c) They were transmitted on circuit-switched networks.
d) To minimize network traffic congestion.

28. Multiple networks were needed to transmit documents, voice, and video because:
a) of limited bandwidth.
b) of the lack of interoperability between devices.
c) they used the same transmission protocol.
d) outdated IP networks.

29. __________ refers to the ability to provide services to and accept services from other systems or devices.
a) Protocol
b) Broadband
c) Interoperability
d) Multimedia

30. The Internet protocol suite consisting of __________ is the standard used with almost any network service.
a) HTTP
b) WAP
c) HTML
d) TCP/IP

31. _______ is the single most popular network protocol in the world, and provides the architecture that made convergence possible.
a) HTTP
b) IP
c) TCP
d) FTP

32. In preparation for transmission, data and documents are digitized into __________ based on the Internet Protocol.
a) bytes
b) packets
c) blocks
d) routers

33. __________ are networks that are capable of transmitting data at very fast rates, but operate in a limited area, such as an office building, campus, or home.
a) MANs
b) Hot spots
c) LANs
d) WANs

34. TCP performs error checking, which can cause packet delivery delays. Because of the error-checking process, TCP is not well-suited for what type of transmissions?
a) digital voice or video
b) data
c) documents
d) e-mail

35. __________ transmits voice and data in packets and has become one of the most cost effective ways to communicate.
a) TCP
b) UDP
c) VoIP
d) UM

36. __________ brings together all messaging media such as e-mail, voice, mobile text, SMS, and fax into a combined communications medium.
a) Unified messaging (UM)
b) TCP/IP
c) IP telephony
d) PBX

37. Which of the following is not a characteristic of wireless device software development?
a) Developing software for wireless devices had been challenging because there was no widely accepted standard for wireless devices.
b) Software applications have to be customized for each type of device with which the application communicates.
c) Different CPUs, operating systems, storage media, and mobile platform environments create time-consuming porting and testing issues.
d) Supporting different displays is simple because of the convergence of applications.

38. The Internet functions as the __________, and the Web (WWW) is __________ that runs on the Internet.
a) transport mechanism; an application
b) information architecture; a browser
c); protocol; a search engine
d) hardware; software

39. Which of the following is not a characteristic of intranets?
a) Portals (gateways) that provide easy and inexpensive browsing and search capabilities.
b) Company-owned networks that use IP technology to securely share part of a business’s information or operations with suppliers, vendors, partners, customers, or other businesses.
c) With screen sharing and other groupware tools, intranets can be used to facilitate collaboration.
d) Companies deliver policies, pay stub information for direct deposits, benefits, training materials, and news to their employers via their intranets.

40. Virtual private networks (VPN) are private tunnels in the Internet that are created by __________.
a) content indexing
b) usernames and passwords
c) biometrics
d) encryption

41. Several factors are driving the need for messaging and collaboration. All of the following are driving factors except:
a) people need to work together and share documents.
b) groups make most of the routine and easy decisions in organizations.
c) organizational decision making is difficult when team members are geographically spread out and working in different time zones.
d) nearly 87 percent of employees around the world work in remote offices.

42. Which of the following is a dysfunction of the group process?
a) Social pressures of conformity can lead to groupthink.
b) A group may produce synergy during problem solving.
c) Group members may have their egos embedded in the decision, and so they may be committed to the solution.
d) Groups are better than individuals at understanding problems.

43. According to the Cellular Telecommunications Industry Association, __________ is “a way of measuring the quantity of radio frequency energy that is absorbed by the body.”
a) RF rate
b) carbon footprint
c) radiation rate
d) specific absorption rate (SAR)

44. __________ enable(s) anyone to call or share files for free, increases the connections in our lives, and create forces whose impacts are not yet known.
a) VoIP
b) Wikis
c) WiMAX
d) All of the above

45. __________ shows the power of the individual in the connected age—a better research tool than major corporations had in the 1990s.
a) Facebook
b) Google
c) Microsoft
d) eBay

True/False

46. Transmission of a signal over a series of networks is made possible by switches and routers, which are hardware devices, and nodes on the network.

47. The distinguishing characteristic of packet switching is that once a connection is made between the source and destination, the path of the signal along the nodes is dedicated and exclusive.

48. Wireless networks use packet switching and wireless routers to forward packets from one network to another network.

49. Bandwidth is the throughput capacity, or speed, of a network, which depends on what protocol is used.

50. TCP/IP was created by the U.S. Department of Defense to ensure and preserve data security and control communications in the event of catastrophic war.

51. Users can get 4G wireless connectivity through one of two standards: WiMAX or LTE.

52. IP networks form the backbone of worldwide digital networking and enable the convergence of voice, data, and video.

53. Network performance is measured by its data transfer capacity.

54. Apple’s first 4G phone, the HTC EVO 4G was released in summer 2010 with speeds 10 times greater than 3G phones.

55. Pressures to deliver secure service to customers and business partners at reduced costs, to be environmentally responsible, and to support the 24/7 data needs of mobile and remote workers have all increased the demands on corporate networks.

56. The 802.11b standard improves upon other 802.11 Wi-Fi standards by adding multiple-input multiple-output (MIMO) and many other newer features.

57. An enterprise’s network capability will be unreliable or deteriorate without proper planning, maintenance, management, upgrades, and bandwidth of the network to insure that it has sufficient capacity and connectivity to link people, locations, and data.

58. A centralized organization is more responsive to opportunities and problems than a decentralized organization where senior managers, who are less involved in daily operations than lower-level managers, make decisions.

59. Messaging and collaboration tools include older communications media such as e-mail, videoconferencing, fax, and IM—and Web 2.0 media such as blogs, podcasts, RSS, wikis, and VoIP.

60. Businesses have learned effective strategies to cope with a world that is far more competitive, dynamic, and connected; to counteract the influence of Web 2.0 technologies; and to maintain traditional business models.

Short Answer

61. __________ lose energy as they travel along a network from source to destination, and need to be strengthened with repeaters.

62. Wireless routers are actually wired routers with __________ built-in that provide both wired and wireless at the same time.

63. __________ are standards or a set of rules that govern how devices on a network communicate and how they need to function in order to “talk to each other.”

64. What is significant about 4G networks is that they do not have a __________ subsystem, as do current 2G and 3G networks.

65. Mobile and other devices must be able to communicate with a network and they do so based on __________.

66. __________ is an 802.16-based broadband wireless metropolitan area network access standard that can deliver voice and data services at distances of up to 30 miles, without the expense of cable or the distance limitations of DSL.

67. Often overlooked is the fact that the capability and willingness to collaborate depends on a __________ that people trust.

68. __________ refers to the ability to provide services to and accept services from other systems or devices.

69. With __________, voice and data transmissions travel over telephone wires, but the content is sent as data packets.

70. __________ refers to team members yielding to pressures to conform to a certain way of thinking even if they conflict with one’s beliefs, or being intolerant of new or differing ideas.

Essay

71. List and explain the four factors to consider when evaluating a mobile network.

72. List three factors that impact the quality of an enterprise’s network and ultimately business performance. List two factors that influence the quality of collaboration in an enterprise and ultimately business performance.

73. Explain how data and documents are transferred over a packet-switched network. In your explanation, identify the format, protocol and transfer method. Compare and contrast how data/documents are transferred to how voice is transferred over a circuit-switched network.

74. Identify three benefits or process gains from working in groups. Then identify three dysfunctions of the group process that can lead to process losses.

75. Major companies face small but powerful challenges and competitors that are undermining traditional business models. Explain those challenges and competitors.

Chapter 5 IT Security, Crime, Compliance, and Continuity

Multiple Choice

1. IT risk management includes all of the following except:
a) keeping information security convenient for users and inexpensive.
b) securing corporate systems while ensuring their availability.
c) planning for disaster recovery and business continuity.
d) complying with government regulations and license agreements.

2. Managers have a legal and ethical obligation, which is called __________, to protect the confidential data of the people and partners that they collect, store, and share.
a) security duty
b) fiduciary responsibility
c) confidentiality contract
d) secrecy function

3. Which of the following is a characteristic of information security in organizations?
a) losses due to IT security breaches can destroy a company financially
b) disruptions due to IT security breaches can seriously harm a company operationally
c) to comply with international, federal, state, and foreign laws, companies must invest in IT security to protect their data, other assets, the ability to operate, and net income
d) All of the above

4. Who stole account data from HSBC’s Private Bank in Switzerland and how did HSBC learn about the data theft?
a) Account data was stolen by a former HSBC IT specialist; HSBC learned about the theft from French Authorities several years after the theft.
b) Account data was stolen by a group of hackers who cracked passwords; HSBC detected the data theft from their IT staff within a few days.
c) Malware was used to steal the account data; network intrusion detection systems detected the theft as it was happening.
d) Competitors stole the account data; HSBC learned about the theft months later when customers complained about identity theft.

5. Protecting data and business operations involves all of the following efforts except:
a) making data and documents available and accessible 24×7 while also restricting access.
b) implementing and enforcing procedures and acceptable use policies for company-owned data, hardware, software, and networks.
c) storing and archiving all databases and data warehouses on-site protected by firewalls.
d) recovering from business disasters and disruptions quickly.

6. Prior to 2002, what was the common perspective on infosec?
a) Infosec was mostly a financial issue assigned to the accounting department.
b) The focus was on preemptive approaches to protect ahead of the threats.
c) The biggest concerns were risks from employees and malware.
d) Infosec was viewed as a cost rather than as a resource for preventing business disruptions.

7. A majority of data breaches involve:
a) insider error or action that is either intentional or unintentional.
b) insider action that is intentional.
c) former employees and IT staff.
d) hackers.

8. Which of the following is not a characteristic of IT security?
a) IT security is so integral to business objectives that it cannot be treated as a stand-alone function.
b) Internal threats are not a major challenge because firewalls prevent employee malicious activity.
c) Infosec failures have a direct impact on business performance, customers, business partners, and stakeholders.
d) Infosec failures can lead to fines, legal action, and steep declines in stock prices as investors react to the crisis.

9. A(n) __________ is something or someone that may result in harm to an asset.
a) threat
b) risk
c) vulnerability
d) exploit

10. A(n) __________ is the probability of a threat exploiting a vulnerability.
a) threat
b) risk
c) vulnerability
d) exploit

11. __________ is the ability of an IS to continue to operate when a failure occurs, usually operating for a limited time or at a reduced level.
a) Botnet
b) Exposure
c) Fault tolerance
d) Spoofing

12. Facebook, YouTube, Twitter, LinkedIn, and other social networks are making IT security dangers worse. Why?
a) Users invite in and build relationships with others. Cybercriminals hack into these trusted relationships using stolen log-ins.
b) E-mail viruses and malware have been increasing for years even though e-mail security has improved.
c) Communication has shifted from social networks to smartphones.
d) Web filtering, user education, and strict policies cannot help prevent IT security dangers on Facebook and other social networks.

13. __________ is the elapsed time between when vulnerability is discovered and when it’s exploited and has shrunk from months to __________.
a) Time-to-exploitation; weeks
b) Time-to-exploitation; minutes
c) Denial of service; days
d) Denial of service; seconds

14. When new vulnerabilities are found in operating systems, applications, or wired and wireless networks, vendors of those products release __________ or __________ to fix the vulnerabilities.
a) patches; service packs
b) patches; downloads
c) firewalls; spyware
d) service packs; firewalls

15. Which of the following is not a characteristic of money laundering and terrorist financing?
a) Transnational organized crime groups use money laundering to fund their operations, which creates international and national security threats.
b) Cybercrime is safer and easier than selling drugs, dealing in black market diamonds, or robbing banks.
c) Funds used to finance terrorist operations are easy to track, which provides evidence to identify and locate leaders of terrorist organizations and cells.
d) Online gambling offers easy fronts for international money-laundering operations.

16. Hackers involve unsuspecting insiders in their crimes using tactics called __________ that trick insiders into revealing access codes that outsiders should not have.
a) social engineering
b) phishing
c) spoofing
d) botnets

17. A(n) __________ occurs when a server or Web site receives a flood of traffic—much more traffic or requests for service than it can handle, causing it to crash.
a) advanced persistent threat (APT)
b) spoofing attack
c) malware intrusion
d) denial of service (DoS) attack

18. Which of the following is not one of the essential defenses against botnets and malware?
a) Anti-malware tools and anti-virus software
b) Intrusion detection systems (IDS)
c) Spyware and warez software
d) Intrusion prevention systems (IPS)

19. Internal fraud prevention and detection measures are based on __________ and __________.
a) a detailed recovery plan; containment, including a fault-tolerant system
b) perimeter defense technologies, such as e-mail scanners; human resource procedures, such as recruitment screening
c) general controls; application controls
d) physical controls, including authorization; authentication systems

20. Crime can be divided into two categories depending on the tactics used to carry out the crime. What are those two categories?
a) personal and non-personal
b) felonies and misdemeanors
c) insider and outsider
d) violent and nonviolent

21. Fraud is nonviolent crime that is carried out using __________.
a) a gun, knife, or other small weapon
b) deception, confidence, and trickery
c) embezzlement and electronic transfers of money
d) bribery and threats

22. __________ refers to the deliberate misuse of the assets of one’s employer for personal gain.
a) Corruption
b) Conflict of interest
c) Occupational fraud
d) Earnings management

23. Bernard Madoff is in jail after pleading guilty in 2009 to the biggest fraud in Wall Street history. Madoff carried out his fraud over four decades by relying on __________.
a) financial expertise and human error
b) social engineering and the predictability of human nature
c) red flags and accounting loopholes
d) unbelievable returns that defied the market

24. What is the most cost-effective approach to managing fraud?
a) prevention
b) detection
c) prosecution
d) compliance

25. Fraud management starts with corporate governance culture and ethics __________.
a) in the accounting department
b) in the IT department
c) at the top levels of the organization
d) at the lowest levels of the organization

26. One of the worst and most prevalent crimes is __________.
a) stolen computers
b) identity theft
c) network intrusion
d) malware

27. The objective of IT security management practices is to defend __________.
a) data and data processing capabilities
b) hardware and software applications and wireless devices
c) data and networks
d) data, hardware, software applications, and networks

28. Before the people who are responsible for security make any decisions about infosec defenses, they must understand __________.
a) the requirements and operations of the business
b) how firewalls, anti-virus software, and other technology function
c) tactics of hackers, fraudsters, botnets, and identity thieves
d) how much to invest in risk management

29. Fingerprints, retinal scans, and voice scans for user identification are examples of __________ controls.
a) access
b) biometric
c) application
d) physical

30. Physical security includes several controls. Which of the following is not a type of physical control?
a) Security bonds or malfeasance insurance for key employees
b) Emergency power shutoff and backup batteries
c) Shielding against electromagnetic fields
d) Properly designed and maintained air-conditioning systems

31. Which of the following is not a type of administrative control for information assurance and risk management?
a) Fostering company loyalty
b) Immediately revoking access privileges of dismissed, resigned, or transferred employees
c) Instituting separation of duties by dividing sensitive computer duties among as many employees as economically feasible
d) Performing authorization and authentication

32. Locking a Blackberry does not provide strong data protection. Why?

a) Security company IronKey reported that password cracking software can quickly copy the contents of a BlackBerry’s SD card and crack a 4-digit PIN in 30 seconds.
b) Password cracking software can crack security on a handheld device without alerting the owner that the device’s security has been compromised.
c) password cracking software can store log-in information for the cracked handheld, allowing a hacker to access the hacked device again, unless the user changes the password.
d) All of the above.

33. Network security involves three types of defenses, which are referred to as layers. Those layers consist of each of the following except:
a) perimeter security layer to control access to the network.
b) authentication layer to verify the identity of the person requesting access to the network.
c) biometrics layer to monitor network usage.
d) authorization layer to control what authenticated users can do once they are given access to the network.

34. A __________ is a system, or group of systems, that enforces an access-control policy between two networks.
a) firewall
b) switch
c) router
d) gateway

35. The major objective of __________ is proof of identity to identify the legitimate user and determine the action he or she is allowed to perform.
a) authorization
b) authentication
c) endpoint security
d) information assurance

36. When dealing with consumer-facing applications, such as online banking and e-commerce, strong authentication must be balanced with __________.
a) convenience
b) encryption
c) authorization
d) all of the above

37. Sensitive data that are encrypted with wired equivalent privacy (WEP) and transmitted between two wireless devices __________.
a) is fully secured
b) cannot be authenticated
c) has a moderate level of security
d) may be intercepted and disclosed

38. All of the following are characteristics of firewalls except:
a) Firewalls are a barrier between a corporate intranet or other internal networks and the Internet.
b) Firewalls function by deciding what traffic to allow into and out of the network and what traffic to block.
c) Firewalls must be configured to enforce the company’s security procedures and policies.
d) Network firewalls stop all viruses and most other types of malware.

39. __________, such as AirSnort and WEPcrack, are readily available tools that can be used to gain unauthorized access to networks putting them at great risk.
a) Wireless packet analyzers
b) Password crackers
c) Firewall sniffers
d) Intrusion detectors

40. __________ is a security technology for wireless networks that improves on the authentication and encryption features of WEP.
a) Network access control (NAC)
b) Security exchange commission (SEC)
c) Wi-Fi protected access (WPA)
d) Intrusion detection system (IDS)

41. The Sarbanes-Oxley Act (SOX):
a) is an antifraud law.
b) forces more accurate business reporting and disclosure of GAAP (generally accepted accounting principles) violations.
c) makes it necessary to find and root out fraud.
d) All of the above

42. Symptoms of fraud that can be detected by internal controls include all of the following except:
a) missing documents.
b) delayed bank deposits.
c) employees who do not take vacations or go out of their way to work overtime.
d) large increase in network traffic.

43. An estimated __________ of companies that suffer a significant data loss often go out of business within five years.
a) 23%
b) 43%
c) 73%
d) 93%

44. __________ is the chain of events linking the business continuity plan to protection and to recovery.
a) Disaster recovery
b) Auditing
c) Date recovery
d) Internal control

45. According to a Workplace E-Mail and Instant Messaging Survey of 840 U.S. companies, approximately__________ have had employee e-mail or text messages subpoenaed as part of a lawsuit or regulatory investigation.
a) 5%
b) 10%
c) 20%
d) 33%

True/False

46. A fiduciary responsibility is both a legal and an ethical obligation.

47. In general, risk management is expensive to the organization, but convenient for users.

48. The theft of confidential account data from HSBC Private Bank in Switzerland in 2007 had been done by hackers because of inadequate security controls.

49. Firewalls and intrusion detection systems are placed throughout networks to monitor and control traffic into and out of a network.

50. Today, infosec is mostly a technology issue assigned to the IT department. Incidents are handled on a case-by-case “cleanup” basis rather than by taking a preemptive approach to protect ahead of the threats.

51. There has been a steep increase in malware because of the availability of free, easy to use, powerful toolkits that even novice cyber criminals can use to develop malware.

52. A majority of data breaches involve some sort of insider error or action either intentional or unintentional. That is, the greatest infosec risks are employees and managers.

53. IT security is so integral to business objectives that it needs to be treated as a stand-alone function.

54. Despite the challenges organizations face trying to protect against threats from employees, insider incidents can be minimized with a layered defense strategy consisting of security procedures, acceptable use policies, and technology controls.

55. Types of unintentional threats that organizations must defend against as part of their IT security measures are human errors, sabotage, environmental hazards, and computer system failures.

56. Corporate and government secrets are currently being stolen by a serious threat called advanced persistent threat (APT), which are designed for long-term espionage. Once installed on a network, ATPs transmit copies of documents, such as Microsoft Office files and PDFs, in stealth mode.

57. Financial institutions, data processing firms, and retail businesses do not have to notify potential victims or reveal data breaches in which customers’ personal financial information may have been stolen, lost, or compromised.

58. The infosec defense strategies and controls depend on what needs to be protected and the cost-benefit analysis. That is, companies should neither under-invest nor over-invest.

59. Newly released viruses with unidentified signatures or that are hidden in an e-mail attachment are blocked by firewalls and antivirus software from entering a company’s network.

60. Sarbanes-Oxley Act is an antifraud law. It forces more accurate business reporting and disclosure of GAAP (generally accepted accounting principles) violations, thus making it necessary to find and root out fraud.

Short Answer

61. __________ is the word that refers to viruses, worms, trojan horses, spyware, and all other types of disruptive, destructive, or unwanted programs.

62. __________ is the supervision, monitoring, and control of the organization’s IT assets. COBIT is a guide to best practices in this area.

63. The purpose of the PCI DSS is to improve customers’__________ in e-commerce, especially when it comes to online payments, and to increase the Web security of online merchants.

64. From an infosec perspective, __________ has been used by criminals or corporate spies to trick insiders into revealing information or access codes that outsiders should not have

65. A __________ attack occurs when a server or Web site receives a flood of traffic—much more traffic or requests for service than it can handle, causing it to crash.

66. A __________ control is an automated method of verifying the identity of a person, based on physical or behavioral characteristics, such as a fingerprint or voice scan.

67. All Internet traffic, which travels as packets, should have to pass through a(n) __________ , but that is rarely the case for instant messages and wireless traffic.

68. The __________ environment is the work atmosphere that a company sets for its employees in order to achieve reliable financial reporting and compliance with laws, regulations, and policies.

69. An important element in any security system is the __________ plan, also known as the disaster recovery plan, which outlines the process by which businesses should recover from a major disaster.

70. Under the doctrine of __________ , senior managers and directors have a fiduciary obligation to use reasonable care to protect the company’s business operations. When they fail to meet the company’s legal and regulatory duties, they can face lawsuits or other legal action.

Essay

71. Why are internal threats a major challenge for organizations? How can internal threats be minimized?

72. Why do social networks and cloud computing increase IT security risks? How can those risks be reduced?

73. Identify and explain four of the major objectives of IT security defense strategies:

74. Why do fraud prevention and detection require an effective monitoring system?

75. Implementing security programs raises many ethical issues. Identify two of these ethical issues.