1. Which of the following laws makes it mandatory for organizations to demonstrate that there are controls in place to prevent misuse or fraud, controls to detect any potential problems, and effective measures to correct any problems?
A. Trade Expansions Act of 1962
B. Sarbanes-Oxley Act
C. Electronic Communications Privacy Act of 1986
D. Central Intelligence Agency Act
2. In May 2001, an e-mail with "This is unbelievable!" in the subject field and an attached file spread to numerous computers in the world. Any user who downloaded the attached file complained of his or her systems slowing down and in some cases, files being erased. The attached file is most likely to be:
A. adware.
B. spyware.
C. a virus.
D. spam.
3. In __________, an attacker accesses the network, intercepts data from it, and even uses network services and/or sends attack instructions to it without having to enter the home, office, or organization that owns the network.
A. drive-by hacking
B. hacktivism
C. viral marketing
D. cybersquatting
4. Which of the following terms represents junk newsgroup postings used for the purpose of advertising for some product or service?
A. Spam
B. Adware
C. Cookie
D. Bot herder
Albitrex Systems is an Asian software consulting firm which develops solutions for companies in the United States and Europe. The company is heavily dependent on the Internet for transporting data. The company wants to ensure that only authorized users access the data and that the data cannot be intercepted and compromised. Which of the following would be most helpful to the company in achieving this goal?
A. Spam filtering
B. Hot backing up
C. Tunneling
D. Open transmitting
A mass cyber attack occurred in a country when it took severe actions against a group of citizens who protested against the country's religious policies. The attack involved a denial-of-service in which selected sites were bombarded with traffic to force them offline. This is an example of:
A. cyberterrorism.
B. logic bombing.
C. hot backing up.
D. cyberbullying.
5. Which of the following is a valid observation about encryption?
A. Encrypted messages cannot be deciphered without the decoding key.
B. Encryption is used for data enhancement rather than data protection.
C. Encryption is performed only after the messages enter the network.
D. The encryption approach is not dependent on the type of data transmission.
6. Violating data belonging to banks or other financial institutions is a crime in the United States. Which of the following legislations prohibit such violations?
A. The Foreign Intelligence Surveillance Act
B. The Computer Fraud and Abuse Act
C. The Patriot Act
D. The Banking Rights and Privacy Act
7. An organization takes active countermeasures to protect its systems, such as installing firewalls. This approach is known as risk:
A. reduction.
B. acceptance.
C. rescheduling.
D. transference.
8. Which of the following US laws amended the Computer Fraud and Abuse Act to allow investigators access to voice-related communications?
A. The Non-detention Act
B. The Espionage Act
C. The Patriot Act
D. The Video Privacy Protection Act
9. When using Yahoo Messenger, you get an unsolicited advertisement from a company. This advertisement contains a link to connect to the merchant's website. Which of the following is the best way of classifying this advertisement?
A. Adware
B. Cookie
C. Internet hoax
D. Spim
10. Recovery point objectives of a recovery plan specify:
A. the maximum time allowed to recover from a catastrophic event.
B. data structures and patterns of the data.
C. the minimum time after which response should be allowed in a catastrophic event.
D. how current the backup data should be.
11. Identify the policy that lists procedures for adding new users to systems and removing users who have left the organization.
A. Information policy
B. Account management policy
C. Incident handling procedures
D. Disaster recovery plan
12. Ronald downloads a movie from the Internet onto his company's computer. During this process, his system gets affected by a virus. The virus spreads rapidly in the company's network and causes the server to crash. This type of virus is most likely:
A. adware.
B. phishing mail.
C. spam.
D. a worm.
13. While adding information to the employee information database, Neil's computer crashed and the entire database on his computer was erased along with it. Which of the following types of virus would have caused Neil's computer to crash?
A. Spyware
B. Worm
C. Adware
D. Logic bomb
14. Ciscon Telecom is a mobile operator in the European Union. The company provides personalized services to its customers, and its databases contain valuable information about its customers. The loss of customer information that is used to decide services would be extremely harmful to the organization. Which of the following strategies used by Ciscon is an example of risk transference?
A. The company insures any possible data loss for a large sum.
B. The company forms a special team of top executives to monitor and correct the information policies.
C. It installs a corporate firewall to protect unauthorized access to information.
D. It enforces a strict employee data policy and prohibits employees from unauthorized access.
15. Which of the following can typically be filed for a patent?
A. Material inventions
B. Software
C. Music
D. Literature
16. Which of the following can typically be filed for a copyright?
A. iPhone
B. Music by the Beatles
C. Amazon's one-click buying
D. Google Nexus phone
17. __________ by terrorists refers to the use of the vast amount of information available on the Internet regarding virtually any topic for planning, recruitment, and numerous other endeavors.
A. Information dissemination
B. Data mining
C. Location monitoring
D. Information sharing
18. A hacker takes an individual's Social Security number, credit card number, and other personal information for the purpose of using the victim's credit rating to run up debts that are never repaid. This practice is called:
A. bot herding.
B. cyberstalking.
C. cyberbullying.
D. identity theft.