Correct Answers 0
Total Questions 70
Score 0 %
Course # 571003
Computer Security: Crime and Fraud Protection
based on the electronic .pdf file(s):

Computer Security: Crime and Fraud Protection
by: Dr. Jae K. Shim, Ph.D., 2005, 289 pages

14 CPE Credit Hours
Technology & Operations

A P E X C P E . C O M  . . . . .  1.877.317.9047  . . . . .  support@apexcpe.com

Chapter 1 - Organizational Policy

1.    A good manager will know the types and forms of information generated and how the information is used by the business before planning how to manage it. T F   7
2.    In designing and implementing risk-management procedures and controls the manager is not responsible for:   7
    Identifying the risks and evaluating the risks
    Installing appropriate controls
    Designing the security hardware and software
    Preparing a contingency plan and continually monitoring the controls against the plan
3.    Optional security policy that defines the limit of acceptable behavior should include:   9
    No playing unauthorized games on the corporate computers
    No visiting adult web sites
    No use of pirated software
    All the above
4.         The responsibility of the risk-manager does not include:   7
    Identify the risk
    Evaluate the risk
    Security guards
    Install appropriate controls
5.         Not every organization need define security policies and acceptable behavior. T F   9
6.         Proper security safeguards includes all except:   11
    turn over employees to prevent over familiarization
    revoke passwords as soon as an employee is terminated
    use lists of authorized personnel to control entry into system
    constantly monitor logs generated by computer system
7.        A security policy includes:   9
    No playing computer games on corporate computers
    No visiting adult web sites
    Prohibits taking copies of corporate electronic documents out of the office
    All of the above
8.         For a security policy to succeed, it is not necessary for all individuals or departments to participate. T F   11

Chapter 2 - Physical Security and Data Preservation

9.         The first line of defense for a computer system is to protect it physically: the plant, the equipment, and the personnel. T F   13
10.    Safeguards that help protect computer facilities from accidents and disaster like floods and fire include all except:   14
    Adequate lighting for safe evacuation
    Open windows for ventilation
    Fireproof containers to protect media (disks, tapes)
    User manuals for equipment and software for proper operations
11.    Maintenance and preventive care logs should not contain:   16
    Type of equipment serviced
    Date of service
    Controlling access to the equipment
    Service performed and results of diagnostic tests
12.         Computer facilities are rarely susceptible to damage from environmental factors. T F   15
13.    Computer facilities are susceptible to damage from a variety of environmental factors except:   15
    Air conditioning
14.    Simple precautions to minimize static electricity do not include:   17
    Using shag carpeting on the floors
    Using anti-static sprays
    Grounding computer equipment
    Use anti-static floor and table mats
15.         Data that is no longer needed must be destroyed. T F   18
16.    Computer and terminal controls should include the:   20
    Manufacturer’s name
    Automatic shut-off, call-back, and time locks
    Model number of the hardware
    Date of purchase and date that the warranty expires
17.    Special fasteners can be used to protect RAM chips and internal components using cover locks on all except:   24
    Lock the computer
    Block access to the disk drive
    Block access to the mouse
    Block access to the cd-rom

Chapter 3 - Hardware Security

18.         Software security depends on hardware security. T F   30
19.       Which of the following is not one of the most common hardware problems:   30
    Equipment can be stolen or replaced
    Security can be circumvented
    Having a key or password protected configuration set up
    Systems can be booted by unauthorized users
20.    Data integrity can be ensured by:   32
    Human error
    Backing up data regularly
    Software bugs or viruses
    Natural disasters, fires and floods
21.         Data integrity is as important to protect as actual hardware. T F   32
22.    According to computer crime surveys the biggest dollar loss occurs by:   31
    Denial of services
    Unauthorized insider access
    System penetration
23.    Major computer vendors offering security products to safeguard user hardware and software are:   37
    Smart cards, preset locks
    Firewalls, anti-virus software
    All of the above
24.    Major vendors offer the following security features except:   37
    Smart Card Security Kits (IBM)
    Hard drive password feature (DELL)
    Fingerprint identification technology (COMPAQ)
    Centralized management of hardware
25.         The banks use smart card systems for computer security because they are not vulnerable to high-risk attacks. T F   40
26.    Smart Card vulnerabilities do not include:   40
    Attacks by the cardholder against the terminal
    Attacks by the cardholder against the data owner
    Attacks against single sign-on employees
    Attacks by cardholders against the software manufacturers
27.    A biometric product that is created by sound waves generated by an individual speaking a given phrase or password is a:    44
    Handwritten acoustic emission
    Palm print
    Voice print

Chapter 4 - Software Security

28.    A computer virus is a clinically injected organism into a computer system. T F   60
29.    A program that replicates itself but does not infect other programs is a:   60
    Trojan horse
30.    Viruses remain free to spread into other programs because most common viruses give off no symptoms of their infection. T F   61
31.    The top information security products and services now in use do not include:   59
    Virus protection
    Backup storage
    Access controls
    Electrical avoidance shockers
32.    Which of the following is not a type of viruses:   61
    Boot sector viruses
    File infectors or parasitic viruses
    Animal viruses
33.    Firewalls do not:   65
    Protect against malicious insiders
    Protect against unauthorized entry from outside and inside
    Protect against completely new threats
    Protect against viruses
34.    A system that enforces an access control policy between two networks is a:   65
    Web shield
    Net shield
    Group shield
35.    Encryption is the transmission of data into secret code. T F   71
36.    Which one of the following is not a practical application of Security Socket Layer (SSL)?   80
    Client/server systems – securing database access
    Financial – develop remote banking programs
    Information systems – create remote access and administration applications
    Under water activities – control water pressure

Chapter 5 - Personnel Security

37.    It is not necessary to screen or pre-screen potential employees because their resumes guarantee their qualifications and honesty. T F   91
38.    when checking and screening for pre-employment backgrounds you do not have to check:   92
    Applicants previous addresses and employers
    Professional and bank references
    Applicant’s acquaintances and relatives
    Credit history
39.    Companies should insist that new employees in sensitive jobs sign employment agreements with non-disclosure provisions. T F   93
40.    Formal performance evaluations should be used to routinely assess employees’ performance and skill level. T F   94
41.    Effective performance appraisals will not detect:   94
    Low quality or low production output
    Late arrivals
    Warranted overtime
42.    When training new employees which one of the following should not be addressed:   95
    What data can be used for personal use
    The organization’s data backup policy
    The type of data that should be encrypted
    How data encrypted keys are managed
43.    Employees can cause considerable damage if terminated except for:   95
    Intentionally input erroneous data
    Erase data files and destroy backups
    Terminate access prior to informing an employee of termination
    Make copies of data for personal use or competitors

Chapter 6 - Network Security

44.    An attacker that is able to read or copy confidential information has:    97
    Denial of service
    Write access
    Read access
    None of the above
45.    Most local area network or communication software packages contain encryption and security features. T F   96
46.    It is important to realize that simply keeping the telephone number secret is sufficient. T F   98
47.    Which of the following is not a tool used to implement the security plan:   97
    Encryption tools
    Route filtering
48.    A saboteur’s tools do not include:   100
    Geographic dispersion
    Data manipulation
49.    Which one of the following is not a common type of network topologies:   103
    Hierarchical topology (tree structure)
    Horizontal topology (or bus topology)
    Physical topology (surface elevations)
    Star topology (data communication)
50.    Risks related to software bugs cannot easily be reduced by:   116
    Keeping up-to-date on software fix patches
    Using products that have been around a while
    Using well known brand name products
    Allowing services for internet users not authorized

Chapter 7 - Security Policy

51.    In formulating a policy you must first ask yourself the following questions except:   125
    What resources need to be protected
    Against whom must we protect our system
    Why not take lack of protection and losses as part of doing business
    How much can we spend to protect the system
52.    Computer security risk analysis and management does not involve:   128
    Destruction of data or equipment
    Security risk of system but not reliability of the system
    Theft of data equipment
    Malfunction of equipment or bugs in the software
53.    Which of the following is not an example of human factor threats:   129
    Personnel incompetence
    Distrust others, do not share
54.    An account administrator is not intended to ensure:   131
    User is authorized
    User has access privileges appropriate to the job
    User should be threatened against illegal usage of system
    User is not engaged in unauthorized activities
55.    Disruption in computer processing can be classified as all except:   135
    Malfunction – minor disruption that affects hardware
    Malfunction – that affects software or data files
    Disasters – disruption to entire facility
    Unknown risks
56.    Specialists inside and outside organizations who cannot suggest improvements and modifications in contingency planning are:   137
    Professional hackers
    Internal auditors
    Finance and accounting departments
    Security department
57.    Which of the following is not a part of contingency plans:   139
    Documents and records likely to be needed first
    Where vital records are stored
    On-site storage of back-up records
    Equipment and other resources that might be needed for recovery
58.    Systems and program documentation that should be backed-up do not include:   144
    Source code for program
    DSL telecommunication system
    Flow charts
    Program logic descriptions
59.    Fire damage can be reduced by:   145
    Storage safes
    Smoke and ionization systems
    Chemical extinguishing systems, automatic sprinklers
    All of the above

Chapter 8 - Contingency Planning

Chapter 9 - Auditing and Legal Issues

60.    Security auditing by Information Technology (IT) auditors and financial auditors can enhance audit efficiency by all except:   152
    Specialized computer audit techniques
    Use of technical tools and expertise
    Use for manual controls
    Evaluates the adequacy and effectiveness of the central system
61.    IT auditors typically do not review the following:   153
    System development standards
    Size of building
    Library control procedures
    Network system and contingency plans
62.    Which one of the following is not a control technique at the environmental level:   156
    Quality assurance review of vendor software
    Segregation of duties
    Ensuring that software is virus free
    Recommending hardware and software products
63.    Basic EDI security risks do not encompass:   158
    Access violations
    Communication enhancement
     Message modifications
    Interruptions or delays

Chapter 10 - Computer Crime, Cyber fraud, and Recent Trends

64.    Penalties for violation of the U.S. Computer Fraud and Abuse Act include:   162
    1 to 5 years in prison for a first offence
    10 years for a second offence
    20 years for three or more offences
    All of the above
65.    Which one of the following statements is not included in the definition of The Association of Information Technology Professionals (ATIP) computer crime as?   162
    Unauthorized modification of software, data, or network resources
    Unauthorized distribution of freeware software
    Unauthorized copying of software
    Unauthorized release of information
66.    Hacking is the obsessive use of computers, or the unauthorized access and use of networked computer systems. Which of the following is not considered a hacker?   163
    Outsiders who use the Internet to damage data
    Company employees who use the Internet to steal data and programs
    Company employees who use the Internet to damage data
    Outsiders who use the Internet to view a company's website
67.    Many computer crimes involve the theft of money. In the majority of cases, they are:   163
    “Inside jobs” that involve authorized network entry and fraudulent alteration of computer databases to cover the tracks of the employees involved
    “Outside jobs” that involve authorized network entry and fraudulent alteration of computer databases to cover the tracks of the employees involved
    “Inside jobs” that involve unauthorized network entry and fraudulent alteration of computer databases to cover the tracks of the employees involved
    “Outside jobs” that involve unauthorized network entry and fraudulent alteration of computer databases to cover the tracks of the employees involved
68.    Which one of the following would not be considered as a way that a computer virus can enter a computer system?   163
    E-mail and file attachments
    Borrowed copies of software
    Downloaded copies of shareware
    Running antivirus programs
69.    The unauthorized use of private and confidential personal information has seriously damaged the privacy of individuals. Which of the following is an example of using the Internet to violate a person's privacy?   164
    Accessing individuals' private e-mail conversations and computer records, and collecting and sharing information about individuals gained from their visits to Internet websites and newsgroups.
    Always knowing where a person is, especially as mobile and paging services become more closely associated with people rather than places.
    Using customer information gained from many sources to market additional business services.
    Collecting telephone numbers, e-mail addresses, credit card numbers, and other personal information to build individual customer profiles.
70.    Individuals have been mistakenly arrested and jailed, and people have been denied credit because of their physical profiles. These are examples of:   164
    Computer profiling and computer matching
    Computer libel