《管理信息系统（第7版）》章节练习题及答案chapter 10

1、管理信息系统（第7版）章节练习题及答案chapter 10管理信息系统（第7版）章节练习题及答案chapter 10 Copyright 2017 Pearson Education, Inc.管理信息系统（第7版）章节练习题及答案chapter 10Experiencing MIS, 7e (Kroenke)Chapter 10 Information Systems Security1) A(n) _ is a measure that individuals or organizations take to block a threat from obtaining an asset.A

2、) denial of serviceB) safeguardC) information siloD) third-party cookieAnswer: BAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classification: Concept2) _ occurs whe

3、n a threat obtains data that is supposed to be protected.A) Unauthorized data disclosureB) Incorrect data modificationC) Faulty serviceD) Denial of serviceAnswer: AAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: Wha

4、t is the goal of information systems security?Classification: Concept3) A person calls the Stark residence and pretends to represent a credit card company. He asks Mrs. Stark to confirm her credit card number. This is an example of _.A) hackingB) data miningC) pretextingD) sniffingAnswer: CAACSB: Re

5、flective ThinkingDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classification: Application4) A _ pretends to be a legitimate company and sends emails requesting confidential data.A) hackerB) ph

6、isherC) wardriverD) snifferAnswer: BAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classification: Concept5) Mark receives an email from his bank asking him to updat

7、e and verify his credit card details. He replies to the email with all the requested details. Mark later learns that the email was not actually sent by his bank and that the information he had shared has been misused. Mark is a victim of _.A) hackingB) sniffingC) data miningD) phishingAnswer: DAACSB

8、: Reflective ThinkingDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classification: Application6) Which of the following is a synonym for phishing?A) pretextingB) email spoofingC) hardeningD) sy

9、stem hackingAnswer: BAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classification: Concept7) _ is a technique for intercepting computer communications.A) SpoofingB)

10、 PhishingC) PretextingD) SniffingAnswer: DAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classification: Concept8) _ take computers with wireless connections through

11、 an area and search for unprotected wireless networks.A) WardriversB) PretextersC) HackersD) PhishersAnswer: AAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classifi

12、cation: Concept9) Breaking into computers, servers, or networks to steal proprietary and confidential data is referred to as _.A) pretextingB) spoofingC) hackingD) phishingAnswer: CAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning

13、Obj: LO 10.1: What is the goal of information systems security?Classification: Concept10) Which of the following occurs when millions of bogus service requests flood a Web server and prevent it from servicing legitimate requests?A) spoofingB) incorrect data modificationC) usurpationD) denial of serv

14、iceAnswer: DAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classification: Concept11) _ occurs when computer criminals invade a computer system and replace legitimat

15、e programs with their own unauthorized ones.A) UsurpationB) Cyber stalkingC) SpoofingD) SniffingAnswer: AAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classificatio

16、n: Concept12) A(n) _ is a sophisticated, possibly long-running computer hack that is perpetrated by large, well-funded organizations like governments.A) advanced persistent threatB) identity threatC) copyright theftD) network sniffer attackAnswer: AAACSB: Information TechnologyDifficulty: 1: EasyCou

17、rse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classification: Concept13) A threat is a person or an organization that seeks to obtain or alter data illegally, without the owners permission or knowledge.Answer: TRUEA

18、ACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classification: Concept14) Pretexting occurs when someone deceives by pretending to be someone else.Answer: TRUEAACSB:

19、Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classification: Concept15) Spoofing is a technique for intercepting computer communications.Answer: FALSEAACSB: Information T

20、echnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classification: Concept16) IP spoofing occurs when an intruder uses another sites IP address to masquerade as that other site.Answer: TRUE

21、AACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classification: Concept17) Wardrivers are those who engage in phishing to obtain unauthorized access to data.Answer: F

22、ALSEAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classification: Concept18) Incorrectly increasing a customers discount is an example of incorrect data modificatio

23、n.Answer: TRUEAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classification: Concept19) Advanced persistent threats can be a means to engage in cyber warfare and cyb

24、er espionage.Answer: TRUEAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems security?Classification: Concept20) Explain the types of events that result in faulty service, a type

25、of security loss.Answer: Faulty service includes problems that result because of incorrect system operation. It could include incorrect data modification. It also could include systems that work incorrectly by sending wrong goods to a customer or the ordered goods to a wrong customer, inaccurately b

26、illing customers, or sending the wrong information to employees. Humans can inadvertently cause faulty service by making procedural mistakes. System developers can write programs incorrectly or make errors during installation of hardware, software programs, and data. Usurpation is also a type of fau

27、lty service. Faulty service can also result when a service is improperly restored during recovery from natural disasters.AACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.1: What is the goal of information systems securi

28、ty?Classification: Concept21) Explain the concept of denial of service (DOS) in information management.Answer: Human errors in a procedure or a lack of procedures in information management can result in denial of service (DOS). For example, humans can inadvertently shut down a Web server or corporat

29、e gateway router by starting a computationally intensive application. Denial-of-service attacks can be launched maliciously. A malicious hacker can flood a Web server, for example, with millions of bogus service requests that so occupy the server that it cannot service legitimate requests. Computer

30、worms can infiltrate a network with so much artificial traffic that legitimate traffic cannot get through. Natural disasters may also cause systems to fail, resulting in denial of service.AACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Le

31、arning Obj: LO 10.1: What is the goal of information systems security?Classification: Concept22) Which of the following statements is true of the financial losses due to computer crimes?A) All studies on the costs of computer crimes are based on surveys.B) There are several set standards for tallyin

32、g computer crime costs and financial losses.C) Companies are legally required to calculate their financial losses due to computer crime every month.D) Knowledge about the cost of computer crimes is restricted to large companies.Answer: AAACSB: Information TechnologyDifficulty: 2: ModerateCourse LO:

33、Describe different methods of managing IS security.Learning Obj: LO 10.2: How big is the computer security problem?Classification: Concept23) Damages to security systems caused by natural disasters are minimal when compared to the damages due to human errors.Answer: FALSEAACSB: Information Technolog

34、yDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.2: How big is the computer security problem?Classification: Concept24) There are no standards for tallying costs of computer crime.Answer: TRUEAACSB: Information TechnologyDifficulty: 1: EasyCourse

35、LO: Describe different methods of managing IS security.Learning Obj: LO 10.2: How big is the computer security problem?Classification: Concept25) A(n) _ is a computer program that senses when another computer is attempting to scan a disk or access a computer.A) intrusion detection systemB) adwareC)

36、packet-filtering firewallD) network security systemAnswer: AAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.3: How should you respond to security threats?Classification: Concept26) Which of the following is considered

37、a personal security safeguard?A) creating backup of cookies and temporary filesB) removing high-value assets from computersC) using a single valid password for all accountsD) conducting transactions using http rather than httpsAnswer: BAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Descr

38、ibe different methods of managing IS security.Learning Obj: LO 10.3: How should you respond to security threats?Classification: Concept27) Davian, a professional hacker, tries every possible combination of characters to crack his victims email password. Using this technique, he can crack a six-chara

39、cter password of either upper- or lowercase letters in about ten minutes. Which of the following techniques is used by Davian to obtain access to his victims email?A) denial-of-service attackB) brute force attackC) pretextingD) spoofingAnswer: BAACSB: Reflective ThinkingDifficulty: 1: EasyCourse LO:

40、 Describe different methods of managing IS security.Learning Obj: LO 10.3: How should you respond to security threats?Classification: Application28) _ are small files that browsers store on users computers when they visit Web sites.A) CookiesB) HoneypotsC) MashupsD) Entity tagsAnswer: AAACSB: Inform

41、ation TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.3: How should you respond to security threats?Classification: Concept29) In a brute force attack, a password cracker tries every possible combination of characters.Answer: TRUEAACSB:

42、Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.3: How should you respond to security threats?Classification: Concept30) As one of the safeguards against security threats, a person should preferably use the same password for

43、different sites so as to avoid confusion.Answer: FALSEAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.3: How should you respond to security threats?Classification: Concept31) While making online purchases, a person sho

44、uld buy only from vendors who support https.Answer: TRUEAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.3: How should you respond to security threats?Classification: Concept32) What are some of the recommended personal

45、 security safeguards against security threats?Answer: Some of the recommended personal security safeguards against security threats include the following:1. Strong passwords should be created.2. Multiple passwords should be used.3. Valuable data must not be sent via email or IM.4. The https at trust

46、ed, reputable vendors should be used.5. High-value assets from computers must be removed.6. The browsing history, temporary files, and cookies must be cleared.7. The antivirus software should be updated.8. Security concern to fellow workers should be demonstrated.9. The organizational security direc

47、tives and guidelines must be followed.10. The security for all business initiatives should be considered.AACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.3: How should you respond to security threats?Classification: Con

48、cept33) Which of the following is a human safeguard against security threats?A) encryptionB) firewallC) physical securityD) procedure designAnswer: DAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.4: How should organiz

49、ations respond to security threats?Classification: Concept34) Which of the following is a technical safeguard against security threats?A) passwordB) accountabilityC) complianceD) firewallAnswer: DAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS sec

50、urity.Learning Obj: LO 10.4: How should organizations respond to security threats?Classification: Concept35) Which of the following is a data safeguard against security threats?A) application designB) accountabilityC) physical securityD) malware protectionAnswer: CAACSB: Information TechnologyDiffic

51、ulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.4: How should organizations respond to security threats?Classification: Concept36) Backup and recovery against computer security threats are _.A) technical safeguardsB) data safeguardsC) human safeguardsD)

52、 hardware safeguardsAnswer: BAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.4: How should organizations respond to security threats?Classification: Concept37) Risk management is a critical security function addressed

53、by an organizations senior management.Answer: TRUEAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.4: How should organizations respond to security threats?Classification: Concept38) Financial institutions must invest he

54、avily in security safeguards because they are obvious targets for theft.Answer: TRUEAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.4: How should organizations respond to security threats?Classification: Concept39) Mal

55、ware protection is an example of a technical safeguard.Answer: TRUEAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.4: How should organizations respond to security threats?Classification: Concept40) Hiring, training, an

56、d educating employees in an organization is a technical safeguard.Answer: FALSEAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.4: How should organizations respond to security threats?Classification: Concept41) Technica

57、l safeguards include encryption and usage of passwords.Answer: FALSEAACSB: Information TechnologyDifficulty: 1: EasyCourse LO: Describe different methods of managing IS security.Learning Obj: LO 10.4: How should organizations respond to security threats?Classification: Concept42) What are the two cr

58、itical security functions that an organizations senior management needs to address?Answer: Senior management in an organization needs to address two critical security functions: security policy and risk management. Considering the first, senior management must establish company-wide security policie

59、s. Take, for example, a data security policy that states the organizations posture regarding data it gathers about its customers, suppliers, partners, and employees. At a minimum, the policy should stipulate: what sensitive data the organization will store, how it will process that data, whether dat

60、a will be shared with other organizations, how employees and others can obtain copies of data stored about them, and how employees and others can request changes to inaccurate data. The specifics of a policy depend on whether the organization is governmental or nongovernmental, on whether it is publ