IST 462 Test 1 Part 2 NAME

IST 462 Test 1 Part 2 NAME:

True/False Indicate whether the statement is true or false.

____ 1. Although it is sometimes thought to be immune to attacks, Apple has shown that it too can be the victim of attackers and encourages its users to be more secure.

____ 2. In a general sense, security is defined as a state of freedom from danger or risk.

____ 3. The loss of employee productivity is the single largest cause of financial loss due to a security breach.

____ 4. As a reaction to a rash of corporate fraud, the Gramm-Leach-Bliley Act (GLBA) is an attempt to fight corporate corruption.

____ 5. Utility companies, telecommunications, and financial services are considered prime targets of cyberterrorists because they can significantly disrupt business and personal activities by destroying a few targets.

____ 6. Like a virus, a worm needs the user to perform an action such as starting a program or opening an e-mail attachment to start the infection.

____ 7. Removing a rootkit from an infected computer is extremely difficult.

____ 8. Software keyloggers are programs that silently capture all keystrokes, including passwords and sensitive information.

____ 9. SAN can be shared between servers but cannot be extended over geographical distances.

____ 10. Because NAS operates at the file system level, NAS security cannot be implemented through the standard operating system security features.

____ 11. One of the most important steps in hardening an operating system to resist attacks is to apply updates.

____ 12. The “return address” of a program is the only element that can be altered through a buffer overflow attack.

____ 13. JavaScript resides inside HTML documents.

____ 14. Signed Java applets by default run in the sandbox and are restricted regarding what they can do.

____ 15. Like Java applets, ActiveX controls also run in a sandbox. Multiple Choice Identify the choice that best completes the statement or answers the question.

____ 16. According to the 2007 FBI Computer Crime and Security Survey, the loss due to the theft of confidential data for 494 respondents was approximately ____. a. $1 million c. $50 million b. $10 million d. $100 million ____ 17. The _____ act is designed to broaden the surveillance of law enforcement agencies so they can detect and suppress terrorism. a. Gramm-Leach-Bliley b. Sarbanes-Oxley c. California Database Security Breach d. USA Patriot ____ 18. Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information is sometimes known as ____. a. spam c. cybercrime b. phishing d. cyberterrorism ____ 19. A security ____ focuses on the administration and management of plans, policies, and people. a. manager c. auditor b. engineer d. inspector ____ 20. A study by Foote Partners showed that security certifications earn employees ____ percent more pay than their uncertified counterparts. a. 10 to 14 c. 13 to 14 b. 12 to 15 d. 14 to 16 ____ 21. A ____ virus can interrupt almost any function executed by the computer operating system and alter it for its own malicious purposes. a. companion c. resident b. file infector d. Boot ____ 22. A ____ virus infects the Master Boot Record of a hard disk drive. a. file infector c. resident b. companion d. Boot ____ 23. A ____ is a program advertised as performing one activity but actually does something else. a. script c. Trojan b. virus d. Worm ____ 24. A ____ is a computer program or a part of a program that lies dormant until it is triggered by a specific logical event. a. Trojan c. macro virus b. logic bomb d. metamorphic virus ____ 25. ____ involves horizontally separating words, although it is still readable by the human eye. a. Word splitting c. Geometric variance b. GIF layering d. Layer variance ____ 26. ____ uses “speckling” and different colors so that no two spam e-mails appear to be the same. a. GIF layering c. Word splitting b. Geometric variance d. Layer variance ____ 27. ____ is a means of managing and presenting computer resources by function without regard to their physical layout or location. a. Expansion c. Load balancing b. Virtualization d. Distribution ____ 28. One type of virtualization in which an entire operating system environment is simulated is known as ____ virtualization. a. NOS c. operating system b. guest d. Host ____ 29. ____ technology enables a virtual machine to be moved to a different physical computer with no impact to the users. a. Live migration c. Operating system virtualization b. Load balancing d. Server virtualization ____ 30. Instead of the Web server asking the user for the same information each time she visits that site, the server can store that user-specific information in a file on the user’s local computer and then retrieve it later. This file is called a(n) ____. a. cookie c. ActiveX control b. bug d. Script ____ 31. A(n) ____ is a computer programming language that is typically interpreted into a language the computer can understand. a. ActiveX control c. Shell b. cookie d. scripting language ____ 32. SMTP servers can forward e-mail sent from an e-mail client to a remote domain. This is known as ____. a. SMTP relay c. Spam b. IMAP d. Spam relay ____ 33. If SMTP relay is not controlled, an attacker can use it to forward thousands of spam e-mail messages. An uncontrolled SMTP relay is known as a(n) ____. a. IMAP open relay c. open POP b. SMTP open relay d. open IMAP