This preview has intentionally blurred parts. Sign up to view the full document

View Full Document

Unformatted Document Excerpt

11: Chapter Computer Security and Safety, Ethics, and Privacy MULTIPLE CHOICE 1. A computer ____ risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability. a. security c. terrorism b. liability d. network Register to View AnswerPTS: 1 REF: 556 2. A(n) ____ has the same intent as a cracker, but does not have the technical skills and knowledge. a. hacker c. cyberextortionist b. script kiddie d. cyberterrorist Register to View AnswerPTS: 1 REF: 556 3. A(n) ____ is someone who uses e-mail as a vehicle for extortion. a. hacker c. cyberextortionist b. script kiddie d. cyberterrorist Register to View AnswerPTS: 1 REF: 557 4. A(n) ____ is someone who uses the Internet or network to destroy or damage computers for political reasons. a. hacker c. cyberextortionist b. script kiddie d. cyberterrorist Register to View AnswerPTS: 1 REF: 557 5. Computer viruses, worms, Trojan horses, and rootkits are classified as ____, which are programs that act without a user's knowledge and deliberately alter the computer's operations. a. malware c. threats b. untrusted sources d. cybermals Register to View AnswerPTS: 1 REF: 558 6. A(n) ____source is a company or person a user believes will not send a virus-infected file knowingly. a. legitimate c. secure b. trusted d. backup Register to View AnswerPTS: 1 REF: 560 7. As shown in the accompanying figure, a(n) ____ program protects a computer against viruses by identifying and removing any computer viruses found in memory, on storage media, or on incoming files. a. hoax c. antivirus b. secure d. antispyware Register to View AnswerPTS: 1 REF: 560 8. A virus ____ is an e-mail message that warns users of a nonexistent virus, worm, or Trojan horse. a. myth c. DoS b. threat d. hoax Register to View AnswerPTS: 1 REF: 561 9. A particularly devastating type of DoS attack is the ____ DoS attack, in which multiple unsuspecting computers are used to attack multiple computer networks. a. distributed c. limited b. delayed d. staggered Register to View AnswerPTS: 1 REF: 562 10. ____ is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network. a. Rebuking c. Transmitting b. Spoofing d. Victimizing Register to View AnswerPTS: 1 REF: 563 11. ____ use is the use of a computer or its data for unapproved or possibly illegal activities. a. Unacceptable c. Unauthorized b. Illegitimate d. Unenforced Register to View AnswerPTS: 1 REF: 564 12. A personal ____ is a utility program that detects and protects a personal computer and its data from unauthorized access. a. access server c. secure site b. portal d. firewall Register to View AnswerPTS: 1 REF: 564 13. ____ detection software automatically analyzes all network traffic, assesses system vulnerabilities, identifies any unauthorized access (intrusions), and notifies a network administrator of suspicious behavior patterns or system breaches. a. Violation c. Intrusion b. Password d. Traffic Register to View AnswerPTS: 1 REF: 564 14. Many Web sites, like that in the accompanying figure, require a user to enter a user ____, which is a unique combination of characters, such as letters of the alphabet or numbers. a. term c. name b. link d. key Register to View AnswerPTS: 1 REF: 566 15. Many Web sites, like that in the accompanying figure, require a user to enter a(n) ____, which is a private combination of characters associated with a user name that allows access to certain computer resources. a. PIN c. secure key b. password Register to View AnswerPTS: 1 d. passterm REF: 566 16. A(n) ____ is a numeric password either assigned by a company or selected by a user. a. passkey c. PIN b. secure number d. secure key Register to View AnswerPTS: 1 REF: 568 17. Digital ____ is the discovery, collection, and analysis of evidence found on computers and networks. a. anthropology c. forensics b. epistemology d. reduction Register to View AnswerPTS: 1 REF: 569 c. law enforcement d. all of the above REF: 569 18. Digital forensics is used by ____. a. military intelligence b. insurance agencies Register to View AnswerPTS: 1 19. Software ____ occurs when someone steals software media, intentionally erases software programs, or illegally copies a software program. a. piracy c. theft b. pickpocketing d. capture Register to View AnswerPTS: 1 REF: 571 20. Software ____ is the unauthorized and illegal duplication of copyrighted software. a. theft c. piracy b. extortion d. terrorism Register to View AnswerPTS: 1 REF: 571 21. ____ occurs when someone steals personal or confidential information. a. Plagiarism c. Information theft b. Decryption d. Cyberpiracy Register to View AnswerPTS: 1 REF: 572 22. To read encrypted data, the recipient must ____, or decipher, it into a readable form. a. secure c. secure b. decrypt d. digitize Register to View AnswerPTS: 1 REF: 573 23. A(n) ____ certificate is a notice that guarantees a user or Web site is legitimate. a. assigned c. protected b. secure d. digital Register to View AnswerPTS: 1 REF: 574 24. A certificate ____ is an authorized person or company that issues and verifies digital certificates. a. authority c. office b. agency d. bureau Register to View Answer PTS: 1 REF: 574 25. When a mobile user connects to a main office using a standard Internet connection, a ____ provides the mobile user with a secure connection to the company network server. a. value added network (VAN) c. virtual private network (VPN) b. local area network (LAN) d. wide area network (WAN) Register to View AnswerPTS: 1 REF: 575 26. One of the more common causes of ____ is an electrical power variation. a. hardware vandalism c. unauthorized access b. system failure d. software theft Register to View AnswerPTS: 1 REF: 575 27. A momentary overvoltage, called a ____, occurs when the increase in power lasts for less than one millisecond (one thousandth of a second). a. Joule c. hash b. spike d. macro Register to View AnswerPTS: 1 REF: 575 28. ____, which provides encryption of all data that passes between a client and an Internet server, requires only that the client has a digital certificate. a. Transport Layer Security (TLS) b. Secure HTTP (S-HTTP) c. Secure Electronics Transactions (SET) Specifications d. Pretty Good Privacy (PGP) Register to View AnswerPTS: 1 REF: 575 29. ____, which allows users to choose an encryption scheme that passes between a client and a server, requires that both the client and server have digital certificates. a. Secure Sockets Layer (SSL) b. Secure HTTP (S-HTTP) c. Secure Electronics Transactions (SET) Specifications d. Pretty Good Privacy (PGP) Register to View AnswerPTS: 1 REF: 575 30. A system ____ is the prolonged malfunction of a computer. a. collapse c. spike b. hash d. failure Register to View AnswerPTS: 1 REF: 575 31. ____ is any unwanted signal, usually varying quickly, that is mixed with the normal voltage entering a computer. a. Undervoltage c. Overvoltage b. Noise d. A spike Register to View AnswerPTS: 1 REF: 575 32. A(n) ____ occurs when the electrical supply drops. a. overvoltage c. spike b. undervoltage d. unstable flow Register to View Answer PTS: 1 REF: 575 33. A(n) ____ occurs when the incoming electrical power increases significantly above the normal 120 volts. a. overvoltage c. spike b. undervoltage d. unstable flow Register to View AnswerPTS: 1 REF: 575 34. A(n) ____ suppressor uses special electrical components to smooth out minor noise, provide a stable current flow, and keep an overvoltage from reaching a computer and other electronic equipment. a. Joule c. surge b. spike d. hash Register to View AnswerPTS: 1 REF: 576 35. A ____ is the unit of energy a surge protection device can absorb before it can be damaged. a. Joule c. hash b. spike d. macro Register to View AnswerPTS: 1 REF: 576 36. A UPS connects between a computer and a ____. a. peripheral device c. communications device b. disk drive d. power source Register to View AnswerPTS: 1 REF: 576 37. A(n) ____ is a device that contains surge protection circuits and one or more batteries that can provide power during a temporary or permanent loss of power. a. PGP c. UPS b. DoS d. DDos Register to View AnswerPTS: 1 REF: 576 c. concatenate d. decipher REF: 577 38. To ____ a file means to make a copy of it. a. restore b. back up Register to View AnswerPTS: 1 39. In the case of system failure or the discovery of corrupted files, users ____ the files by copying the backed up files to their original location on a computer. a. reset c. restore b. index d. resource Register to View AnswerPTS: 1 REF: 577 40. ____ means in a location separate from the computer site. a. Offscope c. Offline b. Offshore d. Offsite Register to View AnswerPTS: 1 REF: 577 41. A(n) ____ is a duplicate of a file, program, or disk that can be used if the original is lost, damaged, or destroyed. a. restored file b. bot Register to View AnswerPTS: 1 c. IP file d. backup REF: 577 42. A(n) ____ copies all of the files in a computer. a. full backup c. differential backup b. incremental backup d. selective backup Register to View AnswerPTS: 1 REF: 577 43. With a(n) ____, users choose which folders and files to include in a backup. a. full backup c. differential backup b. incremental backup d. selective backup Register to View AnswerPTS: 1 REF: 577 44. With a three-generation backup policy, the grandparent is the ____. a. most recent copy of the file c. oldest copy of the file b. second oldest copy of the file d. original file Register to View AnswerPTS: 1 REF: 577 45. With a three-generation backup policy, the parent is the ____. a. most recent copy of the file c. oldest copy of the file b. second oldest copy of the file d. original file Register to View AnswerPTS: 1 REF: 577 46. With a three-generation backup policy, the child is the ____. a. most recent copy of the file c. oldest copy of the file b. second oldest copy of the file d. original file Register to View AnswerPTS: 1 REF: 577 47. Some perpetrators use a technique called ____ in which they attempt to connect to wireless networks via their notebook computers while driving a vehicle through areas they suspect have a wireless network. a. cyberforensics c. war flying b. war driving d. wire cruising Register to View AnswerPTS: 1 REF: 578 48. A(n) ____ network, the most recent network standard, conforms to the government security standards and uses more sophisticated encryption techniques than WPA. a. 802.11a c. 802.11b b. 802.11i d. 802.11k Register to View AnswerPTS: 1 REF: 578 49. A(n) ____ is an injury or disorder of the muscles, nerves, tendons, ligaments, and joints. a. DoS c. PGP b. ISP d. RSI Register to View AnswerPTS: 1 REF: 579 50. Users may have ____ if they have sore, tired, burning, itching or dry eyes; blurred or double vision; or difficulty focusing on a screen image. a. OMS c. CVS b. EMV d. VCS Register to View AnswerPTS: 1 REF: 579 51. To prevent repetitive strain injury, take all of the following precautions except ____. a. place a wrist rest between the keyboard and the edge of the desk b. use the heel of the hand as a pivot point while typing or using the mouse c. place the mouse at least six inches from the edge of the desk d. minimize the number of switches between the mouse and the keyboard Register to View AnswerPTS: 1 REF: 579 52. ____ is an applied science devoted to incorporating comfort, efficiency, and safety into the design of items in the workplace. a. Ergonomics c. Epidemics b. Eurhythmics d. Econometrics Register to View AnswerPTS: 1 REF: 580 53. Computer ____ occurs when a computer consumes someone's entire social life. a. craving c. addiction b. consumption d. railroading Register to View AnswerPTS: 1 REF: 581 54. Symptoms of a user with computer addiction include all of the following except ____. a. craves computer time c. neglects family and friends b. unable to stop computer activity d. irritable when at the computer Register to View AnswerPTS: 1 REF: 581 55. Computer ____ are the moral guidelines that govern the use of computers and information systems. a. logistics c. ethics b. mechanics d. rights Register to View AnswerPTS: 1 REF: 581 56. ____ rights are the rights to which creators are entitled for their work. a. Community property c. Creative b. Intellectual property d. Ethical Register to View AnswerPTS: 1 REF: 582 57. ____ refers to unique and original works such as ideas, inventions, writings, art, processes, company and product names, and logos. a. PGP c. IP b. DoS d. TCP Register to View AnswerPTS: 1 REF: 582 58. A(n) ____ gives authors and artists exclusive rights to duplicate, publish, and sell their materials. a. intellectual property deed c. access right b. content license d. copyright Register to View Answer PTS: 1 REF: 582 59. A(n) IT code of conduct is a written guideline that helps determine whether a specific computer action is ____. a. practical c. acceptable b. permissible d. ethical Register to View AnswerPTS: 1 REF: 582 60. Personal computers, display devices, and printers should comply with guidelines of the ____ program. a. ENERGY STAR c. ACCEPTABLE USE b. SECURE ELECTRONICS d. GREEN COMPUTING Register to View AnswerPTS: 1 REF: 583 61. Information ____ refers to the right of individuals and companies to deny or restrict the collection and use of information about them. a. rights c. restrictions b. acceptable use d. privacy Register to View AnswerPTS: 1 REF: 584 62. A ____ is a small text file that a Web server stores on a user's computer. a. worm c. cookie b. spike d. payload Register to View AnswerPTS: 1 REF: 585 63. Web sites use a ____ to keep track of items in a user's shopping cart. a. session cookie c. adware b. zombie d. shopping bot Register to View AnswerPTS: 1 REF: 586 64. ____ is a scam in which a perpetrator sends an official looking e-mail that attempts to obtain a user's personal and financial information. a. Pharming c. Phighting b. Phishing d. Spamming Register to View AnswerPTS: 1 REF: 587 65. An alternative to e-mail filtering is to purchase a(n) ____ program that attempts to remove a message like the one in the accompanying figure before it reaches a user's inbox. a. email c. filtering b. sieve d. anti-spam Register to View AnswerPTS: 1 REF: 587 66. ____, like that shown in the accompanying figure, is an unsolicited e-mail message or newsgroup posting sent to many recipients or newsgroups at once. a. Hash c. Worm b. Spam d. Spike Register to View AnswerPTS: 1 REF: 587 67. To avoid items like that shown in the accompanying figure, users can sign up for ____, which is a service from an Internet service provider that blocks e-mail messages from designated sources. a. an anti-spam program c. an antivirus program b. e-mail encryption d. e-mail filtering Register to View AnswerPTS: 1 REF: 587 68. ____ is a scam in which a perpetrator sends an official looking e-mail that attempts to obtain a user's personal and financial information. a. Spam c. Phishing b. Spit d. Spyware Register to View AnswerPTS: 1 REF: 587 69. Internet advertising firms often use ____ to collect information about users Web browsing habits. a. comware c. spyware b. postware d. billware Register to View Answer PTS: 1 REF: 588 70. ____ is/are not considered spyware because a user knows it/they exist(s). a. Adware c. A Web bug b. Cookies d. Spam Register to View AnswerPTS: 1 REF: 588 71. One type of spyware, called a(n) ____, is hidden on Web pages or in e-mail messages in the form of graphical images. a. Web bug c. content filter b. forensic element d. integrated bot Register to View AnswerPTS: 1 REF: 588 72. ____ is a program placed on a computer without the user's knowledge that secretly collects information about the user. a. Spyware c. A worm b. A virus d. A Trojan horse Register to View AnswerPTS: 1 REF: 588 73. A(n) ____ program secretly collects information about a user. a. virus c. encryption b. spyware d. antivirus Register to View AnswerPTS: 1 REF: 588 74. The 1986 ____ provides the same protection that covers mail and telephone communications to electronic communications such as voice mail. a. Electronic Communications Privacy Act (ECPA) b. Fair Credit Reporting Act c. Computer Fraud and Abuse Act d. Computer Matching and Privacy Protection Act Register to View AnswerPTS: 1 REF: 589 75. The 1988 ____ regulates the use of government data to determine the eligibility of individuals for federal benefits. a. Electronic Communications Privacy Act (ECPA) b. Fair Credit Reporting Act c. Computer Fraud and Abuse Act d. Computer Matching and Privacy Protection Act Register to View AnswerPTS: 1 REF: 589 76. Many businesses use ____ to limit employees' Web access. a. content filtering c. honeypots b. Web bugs d. spyware Register to View AnswerPTS: 1 REF: 590 77. Content ____ is the process of restricting access to certain material on the Web. a. remastering c. indexing b. filtering d. masking Register to View Answer PTS: 1 REF: 590 78. Employee ____ involves the use of computers to observe, record, and review an employee's use of a computer, including communications such as e-mail messages, keyboarding activity, and Web sites visited. a. filtering c. spamming b. monitoring d. indexing Register to View AnswerPTS: 1 REF: 590 79. One approach to content filtering is through a rating system of ____, which is similar to those used for movies and videos. a. ICRA c. MSN b. AOL d. BSA Register to View AnswerPTS: 1 REF: 590 80. Web ____ software is a program that restricts access to specified Web sites. a. access c. filtering b. protection d. monitoring Register to View AnswerPTS: 1 REF: 591 MODIFIED TRUE/FALSE 1. Intrusion detection software is quite inexpensive. _________________________ Register to View Answerexpensive PTS: 1 REF: 564 2. An employee using an organization's computer to track his or her child's soccer league scores is an example of unauthorized access. _________________________ Register to View Answeruse PTS: 1 REF: 564 3. Many companies use access controls to minimize the chance that a hacker may intentionally access or an employee may accidentally access confidential information on a computer. _________________________ Register to View AnswerPTS: 1 REF: 565 4. Identification verifies that an individual is the person he or she claims to be. _________________________ Register to View AnswerAuthentication PTS: 1 REF: 565 5. Authentication verifies that an individual is a valid user. _________________________ Register to View AnswerIdentification PTS: 1 REF: 565 6. Biometric devices, an example of which is shown in the accompanying figure, are losing popularity as a security precaution. _________________________ Register to View Answergaining PTS: 1 REF: 568 7. Hardware theft is the act of stealing computer equipment. _________________________ Register to View AnswerPTS: 1 REF: 570 8. Hardware theft and vandalism pose a threat to the home desktop computer user. _________________________ Register to View Answerdo not pose PTS: 1 REF: 570 9. Thieves often target notebook computers of company executives, so they can use the stolen computer to access confidential company information illegally. _________________________ Register to View AnswerPTS: 1 REF: 570 10. The best preventive measures against hardware theft and vandalism are common sense and a constant awareness of the risk. _________________________ Register to View AnswerMULTIPLE RESPONSE Modified Multiple Choice 1. Which of the following replicates itself to other computers? a. virus c. worm b. Trojan horse d. SMS Register to View AnswerC PTS: 1 REF: 558 PTS: 1 REF: 570 2. Today, a common way computers become infected with ____ is through users opening infected e-mail attachments. a. macros c. viruses b. worms d. Trojan horses Register to View AnswerC, D PTS: 1 REF: 559 c. keys d. smart cards REF: 568 3. Examples of possessed objects are ____. a. badges b. retinas Register to View AnswerC, D PTS: 1 4. Unless otherwise specified by a license agreement, users do not have the right to ____ software. a. copy c. lease b. export d. rent Register to View AnswerB, C, D PTS: 1 REF: 571 c. in a vault d. offsite REF: 577 5. Backup copies should be kept ____. a. in a safe b. in a desk drawer Register to View AnswerC, D PTS: 1 6. People who spend their workday using a computer sometimes complain of ____. a. lower back pain c. muscle fatigue b. feet pain d. emotional fatigue Register to View AnswerC, D PTS: 1 REF: 580 7. Computers, monitors, and other equipment contain ____. a. lead c. mercury b. toxic materials d. flame retardants Register to View AnswerB, C, D PTS: 1 REF: 583 c. computer manufacturers d. convenience stores 8. Many ____ offer free recycling to customers. a. schools b. office supply stores Register to View AnswerC PTS: 1 REF: 583 9. The information in an electronic profile includes ____. a. age c. address b. spending habits d. number of dependents Register to View AnswerB, C, D PTS: 1 REF: 585 10. Many Internet security programs include ____. a. a firewall c. antivirus program b. filtering capabilities d. macro recorders Register to View AnswerB, C TRUE/FALSE 1. Any illegal act involving a computer generally is referred to as a computer security risk. Register to View AnswerPTS: 1 REF: 556 PTS: 1 REF: 591 2. A cyberextortionist uses the Internet or network to destroy or damage computers for political reasons. Register to View AnswerPTS: 1 REF: 557 3. Methods that guarantee a computer or network is safe from computer viruses, worms, and Trojan horses exist. Register to View AnswerPTS: 1 REF: 560 4. A program like the one in the accompanying figure scans for programs that attempt to modify the boot program, the operating system, and other programs that normally are read from but not modified. Register to View AnswerPTS: 1 REF: 560 5. Programmers often build trapdoors into programs during system development. Register to View AnswerPTS: 1 REF: 563 6. Perpetrators of back doors trick their victims into interacting with phony Web sites. Register to View AnswerPTS: 1 REF: 563 7. Personal firewalls constantly monitor all transmissions to and from a computer and inform users of any attempted intrusion. Register to View AnswerPTS: 1 REF: 564 8. To utilize intrusion detection software requires little expertise because the programs are simple and easy to use and interpret. Register to View AnswerPTS: 1 REF: 564 9. Many systems implement access controls using a two-phase process called identification and assessment. Register to View Answer PTS: 1 REF: 565 10. Most multiuser operating systems require that users correctly enter a user name and password before they can access the data, information, and programs stored on a computer network. Register to View AnswerPTS: 1 REF: 566 11. Biometric objects often are used in combination with personal identification numbers. Register to View AnswerPTS: 1 REF: 568 12. Some security systems for notebook computers shut down the computer and sound an alarm if the computer moves outside a specified distance. Register to View AnswerPTS: 1 REF: 570 13. Many organizations and businesses have strict written policies governing the installation and use of software and enforce their rules by checking networked or online computers periodically to ensure that all software is licensed properly. Register to View AnswerPTS: 1 REF: 572 14. A corrupt individual stealing credit card numbers to make fraudulent purchases is an example of information theft. Register to View AnswerPTS: 1 REF: 572 15. Some operating systems and e-mail programs allow you to encrypt the contents of files and messages that are stored on your computer. Register to View AnswerPTS: 1 REF: 574 16. Applications requiring more security require 40-bit or 128-bit encryption. Register to View AnswerPTS: 1 REF: 574 17. Digital signatures often are used to ensure that an imposter is not participating in an Internet transaction. Register to View AnswerPTS: 1 REF: 574 18. Analog signatures help to prevent e-mail forgery. Register to View AnswerPTS: 1 REF: 574 19. Many browsers offer 128-bit encryption and 256-bit encryption, which are higher levels of protection than 40-bit encryption because they have longer encryption keys. Register to View AnswerPTS: 1 REF: 574 20. Web addresses of pages that use TLS (Transport Layer Security) typically begin with https, instead of http. Register to View Answer PTS: 1 REF: 575 21. S-HTTP is easier to use than TLS, but it is less secure. Register to View AnswerPTS: 1 REF: 575 22. A brownout is a complete power failure. Register to View AnswerPTS: 1 REF: 575 23. Undervoltages can cause equipment damage, but generally do not cause data loss. Register to View AnswerPTS: 1 REF: 575 24. A surge protector absorbs small overvoltages -- generally without damage to the computer or equipment. Register to View AnswerPTS: 1 REF: 576 25. Typically, the amount of protection offered by a surge protector is inversely proportional to its cost; that is, the more expensive, the more protection the protector offers. Register to View AnswerPTS: 1 REF: 576 26. The higher a surge protector's Joule rating, the poorer the protection. Register to View AnswerPTS: 1 REF: 576 27. A standby UPS, sometimes called an offline UPS, runs constantly off the battery, which provides continuous protection. Register to View AnswerPTS: 1 REF: 576 28. An online UPS switches to battery power when a problem occurs in the power line. Register to View AnswerPTS: 1 REF: 577 29. A fault-tolerant computer has duplicate components so that it can continue to operate when one of its main components fail. Register to View AnswerPTS: 1 REF: 577 30. A wireless access point (WAP) should be configured to broadcast a network name, in order to increase security. Register to View AnswerPTS: 1 REF: 578 31. Carpal tunnel syndrome (CTS) is inflammation of a tendon due to some repeated motion or stress on that tendon. Register to View AnswerPTS: 1 REF: 579 32. Although eyestrain associated with CVS (computer vision syndrome) is not thought to be disruptive or unpleasant, it has serious long-term consequences. Register to View Answer PTS: 1 REF: 579 33. For a computer workspace, ergonomics experts recommend an area smaller than two feet by four feet. Register to View AnswerPTS: 1 REF: Computer 580 34. addiction is an untreatable illness. Register to View AnswerPTS: 1 REF: 581 35. Assume that because information is on the Web, it is accurate. Register to View AnswerPTS: 1 REF: 582 36. The National Press Photographers Association believes that allowing even the slightest alteration could lead to misrepresentations in photographs. Register to View AnswerPTS: 1 REF: 582 37. Digital retouching of photographs is an area in which legal precedents have been established. Register to View AnswerPTS: 1 REF: 582 38. One suggestion to safeguard personal information is to avoid shopping clubs and buyer cards. Register to View AnswerPTS: 1 REF: 584 39. In order to safeguard personal information, you should not reply to messages like those shown in the accompanying figure for any reason. Register to View Answer PTS: 1 REF: 584 40. Spim is messages like those in the accompany figure, but sent via VoIP. Register to View AnswerPTS: 1 REF: 587 41. A message like the one in the accompanying figure, when sent through an instant messaging service, is called spit. Register to View AnswerPTS: 1 REF: 587 42. Critics contend that the information in an electronic profile reveals more about an individual than anyone has the right to know. Register to View AnswerPTS: 1 REF: 585 43. Online shopping sites generally use a session cookie to keep track of items in a user's shopping cart. Register to View AnswerPTS: 1 REF: 586 44. Session cookies usually do not expire and last indefinitely. Register to View AnswerPTS: 1 REF: 586 45. Users can purchase a software program that selectively blocks cookies. Register to View AnswerPTS: 1 REF: 587 46. Phishing is an unsolicited e-mail message or newsgroup posting sent to many recipients or newsgroups at once. Register to View AnswerPTS: 1 REF: 587 47. A spyware program communicates information it collects to some inside source while a user is offline. Register to View AnswerPTS: 1 REF: 588 48. To remove spyware, users need to obtain a special program that can detect and delete it. Register to View AnswerPTS: 1 REF: 588 49. Many businesses use spyware to limit employees' Web access. Register to View AnswerPTS: 1 REF: 590 50. It is illegal for employers to use software programs that monitor employees. Register to View AnswerCOMPLETION 1. The term ____________________ refers to online or Internet-based illegal acts. PTS: 1 REF: 590 ANS: cybercrime PTS: 1 REF: 556 2. The term ____________________, although originally a complimentary word for a computer enthusiast, now has a derogatory meaning and refers to someone who accesses a computer or network illegally. ANS: hacker PTS: 1 REF: 556 3. A(n) ____________________ is someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious action. ANS: cracker PTS: 1 REF: 556 4. A computer ____________________ is a potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user's knowledge or permission. ANS: virus PTS: 1 REF: 558 5. A(n) ____________________ is a program that copies itself repeatedly in memory or on a network, using up resources and possibly shutting down the computer or network. ANS: worm PTS: 1 REF: 558 6. A(n) ____________________ is a malicious-logic program that hides within or looks like a legitimate program and usually is triggered by a certain condition or action. ANS: Trojan horse PTS: 1 REF: 558 7. A(n) ____________________ is a program that hides in a computer and allows someone from a remote location to take full control of the computer. ANS: rootkit PTS: 1 REF: 558 8. Computer viruses, worms, and Trojan horses deliver their ____________________ on a computer when a user opens an infected file or runs an infected program, for example. ANS: payload PTS: 1 REF: 558-559 9. Some viruses are hidden in ____________________, which are instructions saved in an application such as a word processing or spreadsheet program. ANS: macros PTS: 1 REF: 560 10. A virus ____________________ is a known specific pattern of virus code. ANS: signature PTS: 1 REF: 560 11. To ____________________ a program file, a program like the one in the accompany figure records information such as the file size and file creation date in a separate file. ANS: inoculate PTS: 1 REF: 561 12. A(n) ____________________ is a separate area of a hard disk that holds an infected file until the infection can be removed. ANS: quarantine PTS: 1 REF: 561 13. A(n) ____________________ attack is an assault whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail. ANS: denial of service DoS denial of service (DoS) DoS (denial of service) PTS: 1 REF: 562 14. A(n) ____________________ is a program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network. ANS: back door PTS: 1 REF: 562 15. The computer that a hacker uses for nefarious purposes, known as a ____________________, is unaware that it is being used to attack other systems. ANS: zombie PTS: 1 REF: 562 16. A(n) ____________________ is a vulnerable computer designed to entice an intruder to hack into it. ANS: honeypot PTS: 1 REF: 564 17. A(n) ____________________ server is a server outside a company's network that controls which communications pass into the company's network. ANS: proxy PTS: 1 REF: 564 18. ____________________ access is the use of a computer or network without permission. ANS: Unauthorized PTS: 1 REF: 565 19. A(n) ____________________ control is a security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer. ANS: access PTS: 1 REF: 565 20. In addition to access controls, a computer should maintain a(n) ____________________ trail that records both successful and unsuccessful access attempts. ANS: audit PTS: 1 REF: 565 21. To prevent unauthorized access and use, at a minimum a company should have a written ____________________ that outlines the computer activities for which a computer or network may and may not be used. ANS: AUP acceptable use policy AUP (acceptable use policy) acceptable use policy (AUP) PTS: 1 REF: 565 22. Each character added to a(n) ____________________ significantly increases the number of combinations and the length of time it might take for someone or for a hacker's computer to guess it. ANS: password PTS: 1 REF: 566 23. A(n) ____________________ object is any item that must be carried to gain access to a computer or computer facility. ANS: possessed PTS: 1 REF: 568 24. A(n) ____________________ device like the one in the accompanying figure authenticates a person's identity by translating a personal characteristic into a digital code that then is compared with a digital code stored in the computer verifying a physical or behavioral characteristic. ANS: biometric PTS: 1 REF: 568 25. Examples of ____________________ devices and systems include fingerprint scanners, hand geometry systems, and face recognition systems. ANS: biometric PTS: 1 REF: 568 26. To help reduce the chance of ____________________, physical controls such as locked doors and cables usually are adequate to protect equipment. ANS: hardware theft PTS: 1 REF: 570 27. Some notebook computers use ____________________ objects as methods of security. ANS: possessed PTS: 1 REF: 570 28. A(n) ____________________ agreement is the right to use software. ANS: license PTS: 1 REF: 571 29. The most common type of license included with software purchased by individual users is a(n) ____________________. ANS: end-user license agreement EULA EULA (end-user license agreement) end-user license agreement (EULA) PTS: 1 REF: 571 30. When users purchase software, a(n) ____________________ license agreement like the one in the accompanying figure does not permit users to install the software on a network or to give copies to friends and colleagues. ANS: single-user PTS: 1 REF: 571 31. When users purchase software, a(n) ____________________ license agreement like the one in the accompanying figure permits users to install the software on only one computer ANS: single-user PTS: 1 REF: 571 32. Software ____________________ is a fairly simple crime to commit, because many buyers believe they have the right to copy software they have paid for, and because in some countries legal protection for software does not exist. ANS: piracy PTS: 1 REF: 571 33. To promote a better understanding of software piracy problems and, if necessary, to take legal action, a number of major worldwide software companies formed the ____________________. ANS: Business Software Alliance BSA (Business Software Alliance) BSA Business Software Alliance (BSA) PTS: 1 REF: 572 34. During product ____________________, which is conducted either online or by telephone, users provide a software product's 25-character identification number to receive an installation identification number unique to the computer on which the software is installed. ANS: activation PTS: 1 REF: 572 35. In its simplest form, a(n) ____________________ is a programmed formula that the recipient of encrypted data uses to decrypt the ciphertext. ANS: encryption key PTS: 1 REF: 573 36. ____________________ is the process of converting readable data into unreadable characters to prevent unauthorized access. ANS: Encryption PTS: 1 REF: 573 37. A(n) ____________________ is a mathematical formula that generates a code from the contents of an e-mail message. ANS: hash PTS: 1 REF: 574 38. ____________________ is an encryption program you can purchase for your computer. ANS: PGP Pretty Good Privacy PGP (Pretty Good Privacy) Pretty Good Privacy (PGP) PTS: 1 REF: 574 39. A(n) ____________________ signature is an encryption code that a person, Web site, or company attaches to an electronic message to verify the identity of the message sender. ANS: digital PTS: 1 REF: 574 40. A Web site that uses encryption techniques to secure its data is known as a(n) ____________________ site. ANS: secure PTS: 1 MATCHING Identify the letter of the choice that best matches the phrase or definition. a. digital signature k. CTS b. digital certificate l. Fair Credit Reporting Act c. CA m. virus hoax d. noise n. password e. PUE o. script kiddie f. TLS p. ciphertext g. S-HTTP q. plaintext h. clickjacking r. CAN-SPAM Act i. Digital Millennium Copyright Act s. piracy (DCMA) j. Web bug t. copyright 1. Usually does not have advanced computer and technical skills. 2. A successor to Secure Sockets Layer. 3. Often appears in the form of a chain letter that requests a user to send a copy of the e-mail to as many people as possible. 4. Most systems require that a user selects this on his or her own. 5. Used by applications that must verify the authenticity of a client. 6. An authorized person or company that issues and verifies digital certificates. 7. Any unwanted signal, usually varying quickly, that is mixed with the normal voltage entering a computer. 8. In the encryption process, the unencrypted, readable data. 9. In the encryption process, the encrypted (scrambled) data. 10. A ratio that measures how much power enters the computer facility against the amount of power required to run the computers. 11. An encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity of the message sender. 12. Protects any tangible form of expression. 13. A common infringement of copyright. 14. A notice that guarantees a user or a Web site is legitimate. 15. Gives law enforcement the right to impose penalties on people using the Internet to distribute spam. 16. A scam in which a button or link on a Web site contains a malicious program. 17. It fails to define a legitimate business need. 18. Makes it illegal to circumvent antipiracy schemes in commercial software. 19. The inflammation of the nerve that connects the forearm to the palm of the wrist. 20. Hidden on Web pages in the form of graphical images REF: 574 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: ANS: O F M N G C D Q P E A T S B R H L I K J PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: PTS: 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: REF: 556 575 561 566 575 574 575 573 573 583 574 582 582 574 589 588 586 589 579 588 ESSAY 1. Discuss the seven different categories into which perpetrators of cybercrime and other intrusions fall. ANS: The term hacker, although originally a complimentary word for a computer enthusiast, now has a derogatory meaning and refers to someone who accesses a computer or network illegally. Hackers often claim the intent of their security breaches is to improve security. A cracker also is someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious action. Both hackers and crackers have advanced computer and network skills. A script kiddie has the same intent as a cracker but does not have the technical skills and knowledge. Script kiddies often are teenagers that use prewritten hacking and cracking programs to break into computers. Some corporate spies have excellent computer and network skills and are hired to break into a specific computer and steal its proprietary data and information. Unscrupulous companies hire corporate spies, a practice known as corporate espionage, to gain a competitive advantage. Unethical employees break into their employers' computers for a variety of reasons. Some simply want to exploit a security weakness. Others seek financial gains from selling confidential information. Disgruntled employees may want revenge. A cyberextortionist is someone who uses e-mail as a vehicle for extortion. These perpetrators send a company a threatening e-mail message indicating they will expose confidential information, exploit a security flaw, or launch an attack that will compromise the company's network -- if they are not paid a sum of money. A cyberterrorist is someone who uses the Internet or network to destroy or damage computers for political reasons. The extensive damage might destroy the nation's air traffic control system, electricity-generating companies, or a telecommunications infrastructure. PTS: 1 REF: 556|557 TOP: Critical Thinking 2. Discuss what a virus is and related examples of malware, and include definitions of the term payload, and a discussion of how a virus delivers a payload in your answer. Also discuss the symptoms of a computer's having been infected with a virus. ANS: Every unprotected computer is susceptible to the computer security risks of a computer virus, worm, and/or Trojan horse. A computer virus is a potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user's knowledge or permission. Once the virus infects the computer, it can spread throughout and may damage files and system software, including the operating system. A worm is a program that copies itself repeatedly, for example in memory or on a network, using up resources and possibly shutting down the computer or network. A Trojan horse (named after the Greek myth) is a program that hides within or looks like a legitimate program. A certain condition or action usually triggers the Trojan horse. Unlike a virus or worm, a Trojan horse does not replicate itself to other computers. A rootkit is a program that hides in a computer and allows someone from a remote location to take full control of the computer. Once the rootkit is installed, the rootkit author can execute programs, change settings, monitor activity, and access files on the remote computer. Although rootkits can have legitimate uses, such as in law enforcement, their use in nefarious and illegal activities is growing rapidly. Computer viruses, worms, Trojan horses, and rootkits are classified as malware (short for malicious software), which are programs that act without a user's knowledge and deliberately alter the computer's operations. Although malware often falls in one of these classes (virus, worm, Trojan horse, back door, or spyware), some malware has characteristics of two or more classes. For example, MyDoom and Blaster are worms; Melissa has elements of a virus, worm, and Trojan horse. Unscrupulous programmers write malware and then test it to ensure it can deliver its payload. The payload is the destructive event or prank the program is intended to deliver. A computer infected by a virus, worm, or Trojan horse often has one or more of the following symptoms: Screen displays unusual message or image Music or unusual sound plays randomly Available memory is less than expected Existing programs and files disappear Files become corrupted Programs or files do not work properly Unknown programs or files mysteriously appear System properties change Operating system does not start up Operating system shuts down unexpectedly Malware delivers its payload on a computer in a variety of ways: when a user (1) opens an infected file, (2) runs an infected program, (3) boots the computer with infected removable media inserted in a drive or plugged in a port, (4) connects an unprotected computer to a network, or (5) when a certain condition or event occurs, such as the computer clock changing to a specific date. Today, a common way computers become infected with viruses and other malware is through users opening infected email attachments. PTS: 1 REF: 558|559 TOP: Critical Thinking 3. Describe botnets and denial of service attacks. Register to View Answerbotnet is a group of compromised computers connected to a network such as the Internet that are being used as part of a network that attacks other networks, usually for nefarious purposes. A compromised computer, known as a zombie, is one whose owner is unaware the computer is being controlled remotely by an outsider. A bot is a program that performs a repetitive task on a network. Cybercriminals install malicious bots on unprotected computers to create a botnet, also called a zombie army. The perpetrator then uses the botnet to send spam via e-mail, spread viruses and other malware, or commit a distributed denial of service attack. A denial of service attack, or DoS attack, is an assault whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail. Perpetrators carry out a DoS attack in a variety of ways. For example, they may use an unsuspecting computer to send an influx of confusing data messages or useless traffic to a computer network. The victim computer network eventually jams, blocking legitimate visitors from accessing the network. A more devastating type of DoS attack is the DDoS (distributed DoS) attack, in which multiple unsuspecting computers are used to attack multiple computer networks. DDoS attacks have been able to stop operations temporarily at numerous Web sites, including powerhouses such as Yahoo!, Amazon.com, eBay, and CNN.com. PTS: 1 REF: 562 TOP: Critical Thinking 4. Discuss the three types of software theft. ANS: The first type of software theft involves a perpetrator physically stealing the media that contain the software or the hardware that contains the media. For example, an unscrupulous library patron might steal the Microsoft Encarta Encyclopedia DVD. The second type of software theft can occur when a programmer is terminated from, or stops working for, a company. Although the programs are company property, some dishonest programmers intentionally remove the programs they have written from company computers. The third type of software theft occurs when software is stolen from software manufacturers. This type of theft, called piracy, is by far the most common form of software theft. Software piracy is the unauthorized and illegal duplication of copyrighted software. PTS: 1 REF: 571 TOP: Critical Thinking 5. Discuss S-HTTP and VPNs. ANS: Secure HTTP (S-HTTP) allows users to choose an encryption scheme for data that passes between a client and a server. With S-HTTP, the client and server both must have digital certificates. S-HTTP is more difficult to use than SSL, but it is more secure. Applications that must verify the authenticity of a client, such as for online banking, use S-HTTP. Mobile users today often access their company networks through a virtual private network. When a mobile user connects to a main office using a standard Internet connection, a virtual private network (VPN) provides the mobile user with a secure connection to the company network server, as if the user has a private line. VPNs help ensure that data is safe from being intercepted by unauthorized people by encrypting data as it transmits from a notebook computer, smart phone, or other mobile device. PTS: 1 REF: 575 TOP: Critical Thinking 6. Explain three safeguards you can use to improve the security of wireless networks. ANS: In addition to using firewalls, some safeguards that improve the security of wireless networks include reconfiguring the wireless access point and ensuring equipment uses one or more wireless security standards such as Wi-Fi Protected Access and 802.11i. A wireless access point (WAP) should be configured so it does not broadcast a network name, known as an SSID (service set identifier). The WAP also should be programmed so only certain devices can access it. Wi-Fi Protected Access (WPA) is a security standard that improves on older security standards by authenticating network users and providing more advanced encryption techniques. An 802.11i network, the most recent network security standard, conforms to the government's security standards and uses more sophisticated encryption techniques than WPA. PTS: 1 CASE Critical Thinking Questions Case 1 One form of software theft is the theft of the software from software manufacturers, which is known as piracy. Because this has historically been rather easy to do, the practice has become very common. As a computer instructor you feel it is your responsibility to explain this practice to students through the use of some examples. 1. All of the following are permissible under a EULA except which of the following? a. Jamie installs Quark Xpress on a single computer. b. Christine leases her copy of Dreamweaver 8. c. Phuong-Dao makes one copy of Microsoft Office 2007 as a backup. d. Isaiah sells his copy of Adobe Photoshop CS2, having removed it from his computer first. Register to View AnswerPTS: 1 REF: 571 TOP: Critical Thinking REF: 578 TOP: Critical Thinking 2. Which of the following practice IS permissible under a EULA? a. Ahmed rents his copy of Adobe Illustrator. b. The lab administrator at the college installs Fireworks on the school computer lab network. c. Karen installs Flash on one desktop computer and one notebook computer. d. Perry gives a copy of Microsoft Publisher 2007 to his friend, while continuing to use the software. Register to View AnswerPTS: 1 REF: 571 TOP: Critical Thinking Critical Thinking Questions Case 2 In your introductory course on computers, your professor has decided to dedicate a lecture to computer ethics. There is a lot of ambiguity in this topic, and she has presented a range of circumstances for you and your classmates to review. 3. Which of the following is NOT a question of computer ethics? a. Users are required to provide a software product's 25-character identification number before installing software. b. A student copies text from the Web and uses it in a research paper for his English class. c. A student who has been expelled from school installs a computer virus on a computer in the student lab. d. Someone copies The DaVinci Code to the Web and encourages others to read it. Register to View AnswerPTS: 1 REF: 581 TOP: Critical Thinking 4. Which is NOT an issue surrounding the concept of fair use, from copyright law? a. The right of students to post their own term papers on the Web. b. The rights of a faculty member to print material from the Web and distribute it to the members of her class for instructional purposes. c. The use of an anonymizer program to surf the Web anonymously. d. The rights of individuals to download contents of your Web site, modify it, and then put it on the Web again as their own. Register to View AnswerPTS: 1 REF: 582 TOP: Critical Thinking ... View Full Document

End of Preview

Sign up now to access the rest of the document