Information Technology For Managers 2nd Edition By by George Reynolds – Test Bank

CHAPTER 11— CYBERCRIME AND IT SECURITY

MULTIPLE CHOICE

1. Identify a true statement about the bring your own device (BYOD) business policy.
2. It can improve employee productivity.
3. It can provide data security.
4. It creates a bug-free environment.
5. It enhances employee interaction.

ANS: A

RATIONALE: Bring your own device (BYOD) is a business policy that permits, and in some cases encourages, employees to use their own mobile devices to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet. Proponents of BYOD say it improves employee productivity by allowing workers to use devices with which they are already familiar—while also helping to create an image of a company as a flexible and progressive employer.

2. Which of the following is a drawback of the bring your own device (BYOD) business policy?
3. It affects the productivity of the employees of a company.
4. It inhibits the privacy of the employees of a company.
5. It exposes a company’s data to malware.
6. It creates the image of a company as not being flexible.

ANS: C

RATIONALE: Most companies have found they cannot entirely prevent employees from using their own devices to perform work functions. However, this practice raises many potential security issues as it is highly likely that such devices are also used for nonwork activity (browsing Web sites, blogging, shopping, visiting social networks, etc.) that exposes them to malware much more frequently than a device used strictly for business purposes.

3. In computing, a(n) _____ is an attack on an information system that takes advantage of a particular system vulnerability.
4. exit door
5. glitch
6. bot
7. exploit

ANS: D

RATIONALE: In computing, an exploit is an attack on an information system that takes advantage of a particular system vulnerability. Often this attack is due to poor system design or implementation. Once the vulnerability is discovered, software developers create and issue a “fix,” or patch, to eliminate the problem.

4. Which of the following is created and issued by software engineers to remove a system vulnerability?
5. A patch
6. A key
7. A license
8. A constraint

ANS: A

RATIONALE: Once a vulnerability is discovered, software developers create and issue a “fix,” or patch, to eliminate the problem. Users of the system or application are responsible for obtaining and installing the patch, which they can usually download from the Web.

5. The attack that takes place before a software developer knows about the vulnerability is known as a(n) _____.
6. unidentified attack
7. zero-day attack
8. exploit
9. threat

ANS: B

RATIONALE: It is difficult to keep up with all the required patches to fix vulnerabilities. Of special concern is a zero-day attack that takes place before the security community or software developer knows about the vulnerability or has been able to repair it.

6. Which perpetrator violates computer or Internet security maliciously for illegal personal gain?
7. A red hat hacker
8. A gray hat hacker
9. A white hat hacker
10. A black hat hacker

ANS: D

RATIONALE: A black hat hacker is someone who violates computer or Internet security maliciously or for illegal personal gain (in contrast to a white hat hacker who is someone who has been hired by an organization to test the security of its information systems). He breaks into secure networks to destroy, modify, or steal data.

7. Which of the following best describes malicious insiders?
8. They hack computers in an attempt to promote a political ideology.
9. They disrupt a company’s information systems and business operations.
10. They are hired by an organization to test the security of its information systems.
11. They are hired by an organization to test the security of another organization’s information systems.

ANS: B

RATIONALE: A malicious insider is an employee or contractor who attempts to gain financially and/or disrupt a company’s information systems and business operations. He or she has inside information concerning the organization’s security practices, data, or computer systems.

8. Those who capture trade secrets and attempt to gain an unfair competitive advantage are known as _____.
9. white hat hackers
10. hacktivists
11. industrial spies
12. black hat hackers

ANS: C

RATIONALE: Industrial spies are individuals who capture trade secrets and attempt to gain an unfair competitive advantage. They are usually hired by organizations or individuals to illegally gain data and access to other organization’s trade secrets.

9. Which of the following is true of white hat hackers?
10. They are hired by an organization to test the security of its information systems.
11. They disrupt a company’s information systems and business operations.
12. They capture trade secrets and attempt to gain an unfair competitive advantage in a company.
13. They destroy the infrastructure components of governments, financial institutions, and emergency response units.

ANS: A

RATIONALE: White hat hackers are people who have been hired by an organization to test the security of its information systems. They use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them.

10. In the context of computer crimes, those who cause problems, steal data, and corrupt systems are known as _____.
11. black hat hackers
12. white hat hackers
13. hacktivists
14. crackers

ANS: D

RATIONALE: A cracker is an individual who causes problems, steals data, and corrupts systems. He or she possesses a high level of skill and knowledge with computers that enables him or her to interfere with the confidentiality of any information or security system.