Professional Documents
Culture Documents
Chapter 13
Information Security
1) Having one backup of your business data is sufficient for security purposes.
Answer: False
2) The security of each computer on the Internet is independent of the security of all other computers on the Internet.
Answer: False
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources,
providing an example for each.
Section Reference 1: 13.1 Introduction to Information Security
Difficulty: Easy
Answer: True
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources,
providing an example for each.
Section Reference 1: 13.1 Introduction to Information Security
Difficulty: Easy
4. Human errors cause more than half of the security-related problems in many organizations.
Answer: True
Learning Objective: Compare and contrast human mistakes and social engineering, providing an example for each.
Section Reference 1: 13.2 Unintentional Threats to Information Systems
Difficulty: Easy
5) The higher the level of an employee in organization, the greater the threat that he or she poses to the organization.
Answer: True
Learning Objective: Compare and contrast human mistakes and social engineering, providing an example for each.
Section Reference 1: 13.2 Unintentional Threats to Information Systems
Difficulty: Easy
Information System, Third Canadian Edition Rainer
Answer: False
Answer: True
8) Trojan horses are software programs that hide in other computer programs and reveal their designed behavior only
when they are activated.
Answer: True
Answer: False
10) In most cases, cookies track your path through Web sites and are therefore invasions of your privacy.
Answer: True
11) Cyberterrorism and cyberwarfare can attack supervisory control and data acquisition (SCADA) systems to cause
widespread physical damage.
Answer: True
Information System, Third Canadian Edition Rainer
12) Supervisory control and data acquisition (SCADA) systems require human data input.
Answer: False
Answer: False
Answer: True
Learning Objective: Define the three risk mitigation strategies, providing an example for each in the context of owning a
home.
Section Reference 1: 13.4 What Organizations Are Doing to Protect Information Resources
Difficulty: Easy
15) Risk analysis involves determining whether security programs are working.
Answer: False
Learning Objective: Define the three risk mitigation strategies, providing an example for each in the context of owning a
home.
Section Reference 1: 13.4 What Organizations Are Doing to Protect Information Resources
Difficulty: Medium
Answer: False
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Information System, Third Canadian Edition Rainer
Difficulty: Easy
17) Organizations utilize layers of controls because they face so many diverse threats to information security.
Answer: True
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Medium
18) Public-key encryption uses two different keys, one public and one private.
Answer: True
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Medium
Answer: True
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Medium
Answer: True
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Medium
21) The area located between two firewalls within an organization is called the demilitarized zone.
Answer: True
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Easy
Information System, Third Canadian Edition Rainer
Answer: False
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Easy
23) A URL that begins with https rather than http indicates that the site transmits using an extra layer of security called
transport layer security.
Answer: True
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Easy
Answer: False
Answer: True
Learning Objective: Compare and contrast human mistakes and social engineering, providing an example for each.
Section Reference: 13.2 Unintentional Threats to Information Systems
Difficulty: Easy
Answer: False
27) The University of Exeter had an excellent IT staff, so their systems were completely functional even after a virus
attack.
Information System, Third Canadian Edition Rainer
Answer: False
Answer: True
Answer: False
Learning Objective: Identify the three major types of controls that organizations can use to protect their information
resources, providing an example for each.
Section Reference: 13.6 Information Security Controls
Difficulty: Easy
30) Employees needing access to the Web was City National Bank and Trust’s most significant security problem.
Answer: True
Learning Objective: Identify the three major types of controls that organizations can use to protect their information
resources, providing an example for each.
Section Reference: 13.5 IT’s About Business: Information Security at City National Bank and Trust
Difficulty: Easy
31) You start a dog-walking service, and you store your client’s records on your cell phone. You don’t need to worry
about information security.
Answer: False
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources,
providing an example for each.
Section Reference 1: 13.1 Introduction to Information Security
Difficulty: Easy
32) Which of the following is not a consequence of poor information security practices?
a) Stolen information
b) Stolen identities
c) Financial loss
d) Loss of service
e) All of the above are consequences of poor information security practices.
Answer: e
33) In its study of various organizations, the Ponemon Institute found that the most common cause of data breaches
was:
a) Weak passwords.
b) Unattended computers.
c) Employee negligence.
d) Contract labor, such as consultants.
e) Poor antivirus software.
Answer: c
34) Which of the following factors is not increasing the threats to information security?
Answer: d
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources,
providing an example for each.
Section Reference 1: 13.1 Introduction to Information Security
Difficulty: Medium
35) The computing skills necessary to be a hacker are decreasing for which of the following reasons?
a) More information systems and computer science departments are teaching courses on hacking so that their
graduates can recognize attacks on information assets.
Information System, Third Canadian Edition Rainer
b) Computer attack programs, called scripts, are available for download from the Internet.
c) International organized crime is training hackers.
d) Cybercrime is much more lucrative than regular white-collar crime.
e) Almost anyone can buy or access a computer today.
Answer: b
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources,
providing an example for each.
Section Reference 1: 13.1 Introduction to Information Security
Difficulty: Hard
36) Rank the following in terms of dollar value of the crime, from highest to lowest.
Answer: c
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources,
providing an example for each.
Section Reference 1: 13.1 Introduction to Information Security
Difficulty: Medium
a) vulnerability
b) risk
c) control
d) threat
e) compromise
Answer: d
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources,
providing an example for each.
Section Reference 1: 13.1 Introduction to Information Security
Difficulty: Easy
38) An information system’s _____ is the possibility that the system will be harmed by a threat.
a) vulnerability
b) risk
c) control
d) danger
Information System, Third Canadian Edition Rainer
e) compromise
Answer: a
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources,
providing an example for each.
Section Reference 1: 13.1 Introduction to Information Security
Difficulty: Easy
Answer: d
Learning Objective: Compare and contrast human mistakes and social engineering, providing an example for each.
Section Reference 1: 13.2 Unintentional Threats to Information Systems
Difficulty: Easy
40) Employees in which functional areas of the organization pose particularly grave threats to information security?
Answer: b
Learning Objective: Compare and contrast human mistakes and social engineering, providing an example for each.
Section Reference 1: 13.2 Unintentional Threats to Information Systems
Difficulty: Easy
41) Unintentional threats to information systems include all of the following except:
a) Malicious software
b) Tailgating
c) Power outage
d) Lack of user experience
e) Tornados
Answer: a
Learning Objective: Compare and contrast human mistakes and social engineering, providing an example for each.
Information System, Third Canadian Edition Rainer
42) _____ involves building an inappropriate trust relationship with employees for the purpose of gaining sensitive
information or unauthorized access privileges.
a) Tailgating
b) Hacking
c) Spoofing
d) Social engineering
e) Spamming
Answer: d
Learning Objective: Compare and contrast human mistakes and social engineering, providing an example for each.
Section Reference 1: 13.2 Unintentional Threats to Information Systems
Difficulty: Easy
43) The cost of a stolen laptop includes all of the following except:
Answer: c
Answer: c
45) Cybercriminals can obtain the information they need in order to assume another person’s identity by:
Information System, Third Canadian Edition Rainer
Answer: e
46) A _____ is intellectual work that is known only to a company and is not based on public information.
a) copyright
b) patent
c) trade secret
d) knowledge base
e) private property
Answer: c
47) A pharmaceutical company’s research and development plan for a new class of drugs would be best described as
which of the following?
a) Copyrighted material
b) Patented material
c) A trade secret
d) A knowledge base
e) Public property
Answer: c
48) A _____ is a document that grants the holder exclusive rights on an invention for 20 years.
a) copyright
b) patent
c) trade secret
d) knowledge base
Information System, Third Canadian Edition Rainer
Answer: b
49) An organization’s e-mail policy has the least impact on which of the following software attacks?
a) Virus
b) Worm
c) Phishing
d) Denial-of-Service attack
e) Spear phishing
Answer: d
50) _____ are segments of computer code that attach to existing computer programs and perform malicious acts.
a) Viruses
b) Worms
c) Trojan horses
d) Back doors
e) Logic bombs
Answer: a
51) _____ are software programs that hide in other computer programs and reveal their designed behavior only when
they are activated.
a) Viruses
b) Worms
c) Trojan horses
d) Back doors
e) Logic bombs
Answer: e
52) _____ are segments of computer code embedded within an organization’s existing computer programs that activate
and perform a destructive action at a certain time or date.
a) Viruses
b) Worms
c) Trojan horses
d) Back doors
e) Logic bombs
Answer: e
53) A _____ attack uses deception to fraudulently acquire sensitive personal information by masquerading as an official
e-mail.
a) Virus
b) Denial-of-service
c) Distributed denial-of-service
d) Phishing
e) Brute force dictionary
Answer: d
54) In a _____ attack, a coordinated stream of requests is launched against a target system from many compromised
computers at the same time.
a) phishing
b) virus
c) worm
d) back door
e) distributed denial-of-service
Answer: e
55) The term _____ refers to clandestine software that is installed on your PC through duplicitous channels but is not
particularly malicious.
a) Alien software
b) Virus
c) Worm
d) Back door
e) Logic bomb
Answer: a
56) Which of the following is(are) designed to use your computer as a launch pad for sending unsolicited e-mail to other
computers?
a) Spyware
b) Spamware
c) Adware
d) Viruses
e) Worms
Answer: b
57) When companies attempt to counter _____ by requiring users to accurately select characters in turn from a series of
boxes, attackers respond by using _____.
Answer: a
58) _____ is the process in which an organization assesses the value of each asset being protected, estimates the
probability that it will be compromised, and compares the probable costs of an attack with the costs of protecting the
asset.
a) Risk management
b) Risk analysis
c) Risk mitigation
d) Risk acceptance
e) Risk transference
Answer: b
Learning Objective: Discuss the three risk mitigation strategies, providing an example for each in the context of owning a
home.
Section Reference 1: 13.4 What Organizations Are Doing to Protect Information Resources
Difficulty: Easy
a) Credit card companies usually block stolen credit cards rather than prosecute.
b) People tend to shortcut security procedures because the procedures are inconvenient.
c) It is easy to assess the value of a hypothetical attack.
d) The online commerce industry isn’t willing to install safeguards on credit card transactions.
e) The cost of preventing computer crimes can be very high.
Answer: c
Learning Objective: Discuss the three risk mitigation strategies, providing an example for each in the context of owning a
home.
Section Reference 1: 13.4 What Organizations Are Doing to Protect Information Resources
Difficulty: Easy
a) risk management
b) risk analysis
c) risk mitigation
d) risk acceptance
e) risk transference
Answer: c
Learning Objective: Discuss the three risk mitigation strategies, providing an example for each in the context of owning a
home.
Section Reference 1: 4.4 What Organizations Are Doing to Protect Information Resources
Difficulty: Easy
61) Which of the following is not a strategy for mitigating the risk of threats against information?
Information System, Third Canadian Edition Rainer
a) Continue operating with no controls and absorb any damages that occur
b) Transfer the risk by purchasing insurance.
c) Implement controls that minimize the impact of the threat
d) Install controls that block the risk.
e) All of the above are strategies for mitigating risk.
Answer: e
Learning Objective: Discuss the three risk mitigation strategies, providing an example for each in the context of owning a
home.
Section Reference 1: 13.4 What Organizations Are Doing to Protect Information Resources
Difficulty: Easy
62) In _____, the organization purchases insurance as a means to compensate for any loss.
a) risk management
b) risk analysis
c) risk mitigation
d) risk acceptance
e) risk transference
Answer: e
Learning Objective: Discuss the three risk mitigation strategies, providing an example for each in the context of owning a
home.
Section Reference 1: 13.4 What Organizations Are Doing to Protect Information Resources
Difficulty: Easy
63) Which of the following statements concerning the difficulties in protecting information resources is not correct?
Answer: c
Learning Objective: Discuss the three risk mitigation strategies, providing an example for each in the context of owning a
home.
Section Reference 1: 13.4 What Organizations Are Doing to Protect Information Resources
Difficulty: Medium
64) _____ controls are concerned with user identification, and they restrict unauthorized individuals from using
information resources.
a) Access
Information System, Third Canadian Edition Rainer
b) Physical
c) Data security
d) Administrative
e) Input
Answer: a
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Easy
Answer: b
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Easy
Answer: a
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Easy
Answer: e
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Easy
Answer: e
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Easy
Answer: e
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Medium
a) IloveIT
b) 08141990
c) 9AmGt/*
d) Rainer
e) InformationSecurity
Answer: c
Information System, Third Canadian Edition Rainer
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Medium
71) Bob is using public key encryption to send a message to Ted. Bob encrypts the message with Ted’s _____ key, and
Ted decrypts the message using his _____ key.
a) public, public
b) public, private
c) private, private
d) private, public
e) none of these
Answer: b
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Medium
Answer: d
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Medium
73) In a process called _____, a company allows nothing to run unless it is approved, whereas in a process called _____,
the company allows everything to run unless it is not approved.
a) whitelisting, blacklisting
b) whitelisting, encryption
c) encryption, whitelisting
d) encryption, blacklisting
e) blacklisting, whitelisting
Answer: a
Information System, Third Canadian Edition Rainer
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Medium
74) Organizations use hot sites, warm sites, and cold sites to insure business continuity. Which of the following
statements is not true?
Answer: c
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Easy
75) Refer to IT’s About Business 13.2 – Virus Attack Hits the University of Exeter. Which of the following statements
about the virus attack is true?
Answer: c
76) Refer to IT’s About Business 13.3 – The Stuxnet Worm: Which of the following statements is true?
Answer: e
Difficulty: Medium
77) Refer to IT’s About Business 13.4 – Information Security at City National Bank and Trust: Using the M86 Security
software allowed City National Bank and Trust to do all of the following except:
Answer: d
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: IT’s About Business 13.4 Information Security at City National Bank and Trust
Difficulty: Medium
78) Refer to Opening Case – 13.1 Cybercriminals Use Social Networks for Targeted Attacks: Cybercriminals use Facebook
for all of the following reasons except:
Answer: a
79) Your company’s headquarters was just hit head on by a hurricane, and the building has lost power. The company
sends you to their hot site to minimize downtime from the disaster. Which of the following statements is true?
Answer: d
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Information System, Third Canadian Edition Rainer
Difficulty: Medium
80) You receive an e-mail from your bank informing you that they are updating their records and need your password.
Which of the following statements is true?
Answer: b
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Medium
81) You start a new job, and the first thing your new company wants you to do is create a user ID and a password. Which
of the following would be a strong password?
Answer: e
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Medium
82) You start a new job, and human resources gives you a ten-page document that outlines the employee
responsibilities for information security. Which of the following statements is most likely to be true?
a) The document recommends that login passwords be left on a piece of paper in the center desk drawer so that others
can use the laptop if necessary.
b) You are expected to read the document, and you could be reprimanded if you don’t follow its guidelines.
c) You can back up sensitive data to a thumb drive so you can take them home to work with.
d) The document indicates that you can leave your laptop unlocked if you leave your desk for less than an hour.
e) The document permits you to lend your laptop to your brother for the weekend.
Answer: b
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Information System, Third Canadian Edition Rainer
83) Which of the following is NOT a way you can protect yourself on-line?
Answer: b
84) In the “Thomas Tax Service” case, Dwight had to manually restore his data because __________.
Answer: c
Answer: d
a) Attack
b) Security failure
c) Threat
Information System, Third Canadian Edition Rainer
d) Vulnerability
Answer: c
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources,
providing an example for each.
Section Reference: 13. 1 Introduction to Information Security
Difficulty: Easy
87) Which of the following is NOT a factor increasing the vulnerability of information resources?
Answer: c
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources,
providing an example for each.
Section Reference: 13.1 Introduction to Information Security
Difficulty: Easy
a) trusted
b) untrusted
c) neutral
d) unbiased
Answer: b
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources,
providing an example for each.
Section Reference: 13. 1Introduction to Information Security
Difficulty: Medium
89) The employees who pose the biggest risk to information security work in _____________.
a) customer service
b) IT
c) marketing
d) sales
Answer: b
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources,
providing an example for each.
Information System, Third Canadian Edition Rainer
a) a deliberate threat
b) a human error
c) an intentional threat
d) social engineering
Answer: b
Learning Objective: Compare and contrast human mistakes and social engineering, providing an example for each.
Section Reference: 13.2 Unintentional Threats to Information Systems
Difficulty: Easy
91) Not logging off the company network when gone from the office for any extended period of time is an example of
which type of human mistake?
Answer: c
Learning Objective: Compare and contrast human mistakes and social engineering, providing an example for each.
Section Reference: 13.2 Unintentional Threats to Information Systems
Difficulty: Easy
92) Social engineering is typically _____________ human error on the part of an employee, but it is _____________ on
the part of the attacker.
a) intentional, unintentional
b) intentional, intentional
c) unintentional, intentional
d) unintentional, unintentional
Answer: c
Learning Objective: Compare and contrast human mistakes and social engineering, providing an example for each.
Section Reference: 13.2 Unintentional Threats to Information Systems
Difficulty: Easy
93)____________ is an intellectual work, such as a business plan, that is a company secret and is not based on public
information.
Information System, Third Canadian Edition Rainer
a) Copyright
b) Intellectual property
c) Patent
d) Trade secret
Answer: d
a) espionage
b) identity theft
c) sabotage
d) cyberterrorism
Answer: b
95) A copyright provides creators of intellectual property with ownership of the property for the life of the creator plus
_________ years.
a) 20
b) 50
c) 70
d) 100
Answer: c
96) A segment of computer code that performs malicious actions and will spread by itself without requiring another
computer program.
a)Logic bomb
b) Trojan horse
c) Virus
d) Worm
Answer: d
Information System, Third Canadian Edition Rainer
a) Adware programs
b) Keystroke loggers
c) Screen scrapers
d) Spamware
Answer: c
a) The appropriate patches for the security software had not been applied in a timely fashion.
b) The students and faculty didn’t log off the system, so an intruder was able to get onto the system very easily.
c) The university did not have a good spam policy, so the intruder was able to send the virus via e-mail.
d) The university did not run background checks on employees and hired the hacker without knowing about his past
actions.
Answer: a
a) Virus, SCADA
b) Worm, SCADA
c) Virus, ERP
d) Worm, ERP
Answer: b
100) _______________ assesses the value of each asset being protected, estimates the probability it might be
compromised, and compares the probable costs of it being compromised with the cost of protecting it.
Information System, Third Canadian Edition Rainer
a) Risk analysis
b) Risk determination
c) Risk management
d) Risk mitigation
Answer: a
Learning Objective: Discuss the three risk mitigation strategies, providing an example for each in the context of owning a
home.
Section Reference: What Organizations are Doing to Protect Information Resources
Difficulty: Easy
a) acceptance
b) diversion
c) limitation
d) transference
Answer: c
Learning Objective: Discuss the three risk mitigation strategies, providing an example for each in the context of owning a
home.
Section Reference: What Organizations are Doing to Protect Information Resources
Difficulty: Easy
102) Which of the following is NOT a reason it is difficult to protect information resources?
Answer: b
Learning Objective: Discuss the three risk mitigation strategies, providing an example for each in the context of owning a
home.
Section Reference: What Organizations are Doing to Protect Information Resources
Difficulty: Medium
a) acceptance
b) diversion
c) limitation
d) transference
Answer: d
Information System, Third Canadian Edition Rainer
Learning Objective: Discuss the three risk mitigation strategies, providing an example for each in the context of owning a
home.
Section Reference: 13. 4 What Organizations are Doing to Protect Information Resources
Difficulty: Easy
a) access
b) communications
c) network
d) physical
Answer: d
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference: 13.5 Information Security Controls
Difficulty: Easy
a) does
b) has
c) is
d) knows
Answer: c
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference: 13.5 Information Security Controls
Difficulty: Easy
106) ______________ is a process in which a company allows all software to run unless it is on the list.
a) Blacklisting
b) Graylisting
c) Hitlisting
d) Whitelisting
Answer: A
Learning Objective: Identify the three major types of controls that organizations can use to protect their information
resources, providing an example for each.
Section Reference: 13.5 Information Security Controls
Difficulty: Easy
Information System, Third Canadian Edition Rainer
107) ______________ is a private network that uses a public network to connect users securely to the organization’s
internal systems.
a) SSL
b) VPN
c) URL
d) A firewall
Answer: b
Learning Objective: Identify the three major types of controls that organizations can use to protect their information
resources, providing an example for each.
Section Reference: 13.5 Information Security Controls
Difficulty: Easy
Answer: c
Learning Objective: Identify the three major types of controls that organizations can use to protect their information
resources, providing an example for each.
Section Reference: 13.5 Information Security Controls
Difficulty: Medium
109) A ___________ site does not include the actual applications the company runs.
a) cold
b) hot
c) warm
d) neutral
Answer: c
Learning Objective: Identify the three major types of controls that organizations can use to protect their information
resources, providing an example for each.
Section Reference: 13.5 Information Security Controls
Difficulty: Easy
110) Auditing _____________ the computer means inputs, outputs, and processing are checked.
a) around
b) through
Information System, Third Canadian Edition Rainer
c) using
d) with
Answer: b
Learning Objective: Identify the three major types of controls that organizations can use to protect their information
resources, providing an example for each.
Section Reference: 13,5 Information Security Controls
Difficulty: Easy
111) City National Bank and Trust’s policies are an example of _____________.
a) blacklisting
b) graylisting
c) whitelisting
d) paranoia
Answer: a
Learning Objective: Identify the three major types of controls that organizations can use to protect their information
resources, providing an example for each.
Section Reference: 13.5 IT’s About Business: Information Security at City National Bank and Trust
Difficulty: Medium
112) Compare trade secrets, patents, and copyrights as forms of intellectual property.
113) Contrast unintentional and deliberate threats to an information resource. Provide examples of both.
Learning Objective: Compare and contrast human mistakes and social engineering, providing an example for each.
Learning Objective: Discuss the ten types of deliberate attacks.
Section Reference 1: 13.2 Unintentional Threats to Information Systems
Section Reference 2: 13.3 Deliberate Threats to Information Systems
Difficulty: Medium
114) Contrast the following types of remote attacks: virus, worm, phishing, and spear phishing.
115) Contrast the following types of attacks created by programmers: Trojan horse, back door, and logic bomb
Learning Objective: Discuss the three risk mitigation strategies, providing an example for each in the context of owning a
home.
Section Reference 1: 13.4 What Organizations Are Doing to Protect Information Resources
Difficulty: Medium
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Medium
119) Compare a hot site, a warm site, and a cold site as strategies for business continuity.
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Medium
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Medium
121) Identify and discuss the factors that are contributing to the increasing vulnerability of organizational information
assets.
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources,
providing an example for each.
Information System, Third Canadian Edition Rainer
122) Define identity theft, and explain the types of problems that it creates for the victims.
123) Discuss the possible consequences of a terrorist attack on a supervisory control and data acquisition (SCADA)
system.
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Hard
124) Define the principle of least privilege, and consider how an organization’s senior executives might view the
application of this principle.
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Hard
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Hard
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Hard
127) Tim ventured out into the world of retail by renting a cart at a local mall. His product is personalized coffee mugs.
He uses his laptop to track sales and to process credit card sales. He has a customer mailing list that is updated by
customers on the laptop as well. At the end of each day, Tim backs up all of his data to a thumb drive and puts the drive
into the laptop case with the laptop. Discuss Tim’s information security strategy.
Information System, Third Canadian Edition Rainer
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference 1: 13.5 Information Security Controls
Difficulty: Medium
128) Security is the _____________ against criminal activity, danger, damage, and/or loss.
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources,
providing an example for each.
Section Reference: 13. 1 Introduction to Information Security
Difficulty: Easy
129) Social engineering is where the attacker uses _____________ to trick a legitimate employee into providing
confidential company information such as passwords.
Learning Objective: Compare and contrast human mistakes and social engineering, providing an example for each.
Section Reference: 13.2 Unintentional Threats to Information Systems
Difficulty: Easy
130) Risk is the ___________ that a threat will impact information resources.
Answer: probability
Learning Objective: Discuss the three risk mitigation strategies, providing an example for each in the context of owning a
home.
Section Reference: 13.4 What Organizations are Doing to Protect Information Resources
Difficulty: Easy
131) ______________ is when permission is issued to individuals and groups to do certain activities that can be
performed by users of the system.
Answer: Authorization
Learning Objective: Identify the three major types of controls that organizations can use to protect their information
resources, providing an example for each.
Section Reference: 13.5 Information Security Controls
Difficulty: Easy
132) Security is the _____________ against criminal activity, danger, damage, and/or loss.
Information System, Third Canadian Edition Rainer
Learning Objective: Identify the five factors that contribute to the increasing vulnerability of information resources,
providing an example for each.
Section Reference: 13,1 Introduction to Information Security
Difficulty: Easy
133) Social engineering is where the attacker uses _____________ to trick a legitimate employee into providing
confidential company information such as passwords.
Learning Objective: Compare and contrast human mistakes and social engineering, providing an example for each.
Section Reference: 13.2 Unintentional Threats to Information Systems
Difficulty: Easy
134) Risk is the ___________ that a threat will impact information resources.
Answer: probability
Learning Objective: Discuss the three risk mitigation strategies, providing an example for each in the context of owning a
home.
Section Reference: 13.4 What Organizations are Doing to Protect Information Resources
Difficulty: Easy
135) _______________ is when permission is issued to individuals and groups to do certain activities that can be
performed by users of the system.
Answer: Authorization
Learning Objective: Identify the types of controls that organizations can use to protect their information resources,
providing an example for each.
Section Reference: 13.5 Information Security Controls
Difficulty: Easy
Information System, Third Canadian Edition Rainer
Legal Notice
Copyright © 2014 by John Wiley & Sons Canada, Ltd. or related companies. All rights reserved.
The data contained in these files are protected by copyright. This manual is furnished under licence and may be used only in
accordance with the terms of such licence.
The material provided herein may not be downloaded, reproduced, stored in a retrieval system, modified, made available on a
network, used to create derivative works, or transmitted in any form or by any means, electronic, mechanical, photocopying,
recording, scanning, or otherwise without the prior written permission of John Wiley & Sons Canada, Ltd.