IST 462 Test 1 Part 2NAME

IST 462 Test 1 Part 2NAME:

True/False

Indicate whether the statement is true or false.

___T_1.Although it is sometimes thought to be immune to attacks, Apple has shown that it too can be the victim of attackers and encourages its users to be more secure.

_T___2.In a general sense, security is defined as a state of freedom from danger or risk.

__F__3.The loss of employee productivity is the single largest cause of financial loss due to a security breach.

__F__4.As a reaction to a rash of corporate fraud, the Gramm-Leach-Bliley Act (GLBA) is an attempt to fight corporate corruption.

__T__5.Utility companies, telecommunications, and financial services are considered prime targets of cyberterrorists because they can significantly disrupt business and personal activities by destroying a few targets.

__F__6.Like a virus, a worm needs the user to perform an action such as starting a program or opening an e-mail attachment to start the infection.

__T__7.Removing a rootkit from an infected computer is extremely difficult.

__T__8.Software keyloggers are programs that silently capture all keystrokes, including passwords and sensitive information.

___T9.SAN can be shared between servers but cannot be extended over geographical distances.

__F__10.Because NAS operates at the file system level, NAS security cannot be implemented through the standard operating system security features.

__T__11.One of the most important steps in hardening an operating system to resist attacks is to apply updates.

__F__12.The “return address” of a program is the only element that can be altered through a buffer overflow attack.

___T_13.JavaScript residesinside HTML documents.

__T__14.Signed Java applets by default run in the sandbox and are restricted regarding what they can do.

__T__15.Like Java applets, ActiveX controls also run in a sandbox.

Multiple Choice

Identify the choice that best completes the statement or answers the question.

_B___16.According to the 2007 FBI Computer Crime and Security Survey, the loss due to the theft of confidential data for 494 respondents was approximately ____.

a. / $1 million / c. / $50 million
b. / $10 million / d. / $100 million

__A__17.The _____ act is designed to broaden the surveillance of law enforcement agencies so they can detect and suppress terrorism.

a. / Gramm-Leach-Bliley
b. / Sarbanes-Oxley
c. / California Database Security Breach
d. / USA Patriot

__C__18.Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____.

a. / spam / c. / cybercrime
b. / phishing / d. / cyberterrorism

_A___19.A security ____ focuses on the administration and management of plans, policies, and people.

a. / manager / c. / auditor
b. / engineer / d. / inspector

___D_20.A study by Foote Partners showed that security certifications earn employees ____ percent more pay than their uncertified counterparts.

a. / 10 to 14 / c. / 13 to 14
b. / 12 to 15 / d. / 14 to 16

__B__21.A ____ virus can interrupt almost any function executed by the computer operating system and alter it for its own malicious purposes.

a. / companion / c. / resident
b. / file infector / d. / Boot

___D_22.A ____ virus infects the Master Boot Record of a hard disk drive.

a. / file infector / c. / resident
b. / companion / d. / Boot

__C__23.A ____ is a program advertised as performing one activity but actually does something else.

a. / script / c. / Trojan
b. / virus / d. / Worm

___B_24.A ____ is a computer program or a part of a program that lies dormant until it is triggered by a specific logical event.

a. / Trojan / c. / macro virus
b. / logic bomb / d. / metamorphic virus

__A__25.____ involves horizontally separating words, although it is still readable by the human eye.

a. / Word splitting / c. / Geometric variance
b. / GIF layering / d. / Layer variance

___A_26.____ uses “speckling” and different colors so that no two spam e-mails appear to be the same.

a. / GIF layering / c. / Word splitting
b. / Geometric variance / d. / Layer variance

_B___27.____ is a means of managing and presenting computer resources by function without regard to their physical layout or location.

a. / Expansion / c. / Load balancing
b. / Virtualization / d. / Distribution

__D__28.One type of virtualization in which an entire operating system environment is simulated is known as ____ virtualization.

a. / NOS / c. / operating system
b. / guest / d. / Host

_A___29.____ technology enables a virtual machine to be moved to a different physical computer with no impact to the users.

a. / Live migration / c. / Operating system virtualization
b. / Load balancing / d. / Server virtualization

__A__30.Instead of the Web server asking the user for the same information each time she visits that site, the server can store that user-specific information in a file on the user’s local computer and then retrieve it later. This file is called a(n) ____.

a. / cookie / c. / ActiveX control
b. / bug / d. / Script

_D___31.A(n) ____ is a computer programming language that is typically interpreted into a language the computer can understand.

a. / ActiveX control / c. / Shell
b. / cookie / d. / scripting language

___A_32.SMTP servers can forward e-mail sent from an e-mail client to a remote domain. This is known as ____.

a. / SMTP relay / c. / Spam
b. / IMAP / d. / Spam relay

__B__33.If SMTP relay is not controlled, an attacker can use it to forward thousands of spam e-mail messages. An uncontrolled SMTP relay is known as a(n) ____.

a. / IMAP open relay / c. / open POP
b. / SMTP open relay / d. / open IMAP