sg19

True/False Indicate whether the statement is true or false. F F T T T 1. Individuals are always free to decide what security measures they want to use. 2. Its best to use three-factor authentication. 3. Internet Explorer includes the pop-up blocker, the ability to manage add-ons, the ability to block scripts and disable scripts embedded in Web pages, and the ability to set the general security level. 4. Dont use the same password on more than one system (computer, network, or application). 5. When you are responsible for the security of a computer or small network, make it a habit to check every computer for which you are responsible every day. Multiple Choice Identify the choice that best completes the statement or answers the question. ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ 6. The International Organization for Standardization has developed two documents (ISO 17799 and ISO 27002), which describe, in detail, the recommended standards to secure computer resources. 7. For the health care industry, the Health Insurance Portability and Accountability HIPAA includes regulations to secure patient data that apply to all health care companies and professionals. 8. When implementing a security plan, the four steps are sometimes called the Plan-Do-Study-Act 9. Because of the problem of losing encrypted data and Internet passwords when a user password is reset, each new user should create a password Reset disk for use in the event the user forgets the password. 10. A Digital Certificate is assigned by a Certification Authority, and is used to prove you are who you say you are. 11. A passphrase is made of several words with spaces allowed. 12. A Strong password means it is not easy to guess by both humans and computer programs designed to hack passwords. 13. A(n) Administrator account has complete access to the system and can make changes that affect the security of the system and other users. 14. A(n) Limited account has read-write access only on its own folders, read-only access to most system folders, and no access to other users data. 15. Folders and files stored on a workstation or server that contain user data need to be classified as to the permissions assigned to the data. 16. A network Drive map is one of the most powerful and versatile methods of communicating over a network. 17. Most encryption software products use a method called Public Key Encryption 18. Grayware is any annoying and unwanted program that might or might not mean you harm. 19. A Trojan sometimes installs a Backdoor in the system, which is a hidden way to allow malware to reach the system in secret even after the Trojan has been removed. 20. A Boot Sector virus can hide in either of two boot areas of a hard drive. 21. A Multipartite virus is a combination of a boot sector virus and a file virus and can hide in either. 22. A Macro is a small program contained in a document that can be automatically executed either when the document is first loaded or later by pressing a key combination. 23. As a defensive and offensive measure to protect against malicious software, install and run Antivirus (AV) software and keep it current.

____ 24. Generally speaking, the weakest link in setting up security in a computer environment is people ____ 25. In the computer arena, Social Engineering is the practice of tricking people into giving out private information or allowing unsafe programs into the network or computer. ____ 26. Most hard drive manufacturers offer a Zero-Fill utility used to wipe clean all data on the drive. Completion Complete each statement. 27. Kerberos is the default authentication protocol used by Windows Vista/XP. 28. As part of the authentication process, rather than proving a person is in possession of a token, some systems are set to use Biometric data to validate the persons physical body. 29. A(n) Virus is a program that replicates by attaching itself to other programs. 30. A(n) Script virus is a virus that hides in a script, which might execute when you click a link on a Web page or in an HTML e-mail message or when you attempt to open an e-mail attachment. 31. As a part of managing the security of a computer or network, your organization might make you accountable to fill out an Incident report of unusual or atypical events. Matching Match each term with the correct statement below. a. Rootkit f. Macro viruses b. File virus c. Logic bomb d. Authentication e. Spam ____ 32. Proves that an individual is who he says he is and is accomplished by a variety of techniques (Authentication) ____ 33. Determines what an individual can do in the system (Authorization) ____ 34. Junk e-mail that you dont want, you didnt ask for, and that gets in your way (Spam) ____ 35. A type of identity theft where the sender of an e-mail message scams you into responding with personal data about yourself. Phishing) ____ 36. Dormant code added to software and triggered at a predetermined time or by a predetermined event (Logic Bomb) ____ 37. Substitutes itself for a legitimate program (Trojan Horse) ____ 38. Hides in an executable program having an .exe, .com, .sys, .vbs, or other executable file extension, or in a word-processing document that contains a macro (File Virus) ____ 39. The most common viruses spread by e-mail (macro viruses) g. Trojan horse h. Phishing i. Authorization

____ 40. Malware that loads itself before the OS boot is complete (rootkit)