IF You Want To Purchase A+ Work Then
Click The Link Below , Instant Download
Accounting
Information Systems, 12e (Romney/Steinbart)
Chapter 9
Information Systems Controls for Systems ReliabilityPart
2: Confidentiality and Privacy
1)
Concerning virtual private networks (VPN), which of the following is not
true?
A)
VPNs provide the functionality of a privately owned network using the Internet.
B)
Using VPN software to encrypt information while it is in transit over the
Internet in effect creates private communication channels, often referred to as
tunnels, which are accessible only to those parties possessing the appropriate
encryption and decryption keys.
C)
The cost of the VPN software is much less than the cost of leasing or buying
the infrastructure (telephone lines, satellite links, communications equipment,
etc.) needed to create a privately owned secure communications network.
D)
It is more expensive to reconfigure VPNs to include new sites than it is to add
or remove the corresponding physical connections in a privately owned network.
4
2)
Which of the following is not associated with asymmetric encryption?
A)
No need for key exchange
B)
Public keys
C)
Private keys
D)
Speed
0
3)
The system and processes used to issue and manage asymmetric keys and digital
certificates are known as
A)
asymmetric encryption.
B)
certificate authority.
C)
digital signature.
D)
public key infrastructure.
4)
Which of the following describes one weakness of encryption?
A)
Encrypted packets cannot be examined by a firewall.
B)
Encryption protects the confidentiality of information while in storage.
C)
Encryption protects the privacy of information during transmission.
D)
Encryption provides for both authentication and non-repudiation.
4
5) Using a
combination of symmetric and asymmetric key encryption, Chris Kai sent a report
to her home office in Syracuse, New York. She received an email acknowledgement
that the document had been received and then, a few minutes later, she received
a second email that indicated that the hash calculated from the report differed
from that sent with the report. This most likely explanation for this result is
that
A)
the public key had been compromised.
B)
the private key had been compromised.
C)
the symmetric encryption key had been compromised.
D)
the asymmetric encryption key had been compromised.
1
6)
Encryption has a remarkably long and varied history. The invention of writing
was apparently soon followed by a desire to conceal messages. One of the earliest
methods, attributed to an ancient Roman emperor, was the simple substitution of
numbers for letters, for example A = 1, B = 2, etc. This is an example of
A)
a hashing algorithm.
B)
symmetric key encryption.
C)
asymmetric key encryption.
D)
a public key.
0
7)
An electronic document that certifies the identity of the owner of a particular
public key.
A)
Asymmetric encryption
B)
Digital certificate
C)
Digital signature
D)
Public key
2
8)
These systems use the same key to encrypt and to decrypt.
A)
Asymmetric encryption
B)
Hashing encryption
C)
Public key encryption
D)
Symmetric encryption
0
9)
These are used to create digital signatures.
A)
Asymmetric encryption and hashing
B)
Hashing and packet filtering
C)
Packet filtering and encryption
D)
Symmetric encryption and hashing
1
10)
Information encrypted with the creator's private key that is used to
authenticate the sender is
A)
asymmetric encryption.
B)
digital certificate.
C)
digital signature.
D)
public key.
1
11)
Which of the following is not one of the three important factors
determining the strength of any encryption system?
A)
Key length
B)
Key management policies
C)
Encryption algorithm
D)
Privacy
Page
Ref: 259
12)
A process that takes plaintext of any length and transforms it into a short
code.
A)
Asymmetric encryption
B)
Encryption
C)
Hashing
D)
Symmetric encryption
0
13)
Which of the following descriptions is not associated with symmetric
encryption?
A)
A shared secret key
B)
Faster encryption
C)
Lack of authentication
D)
Separate keys for each communication party
0
14) Encryption
has a remarkably long and varied history. Spies have been using it to convey
secret messages ever since there were secret messages to convey. One powerful
method of encryption uses random digits. Two documents are prepared with the
same random sequence of numbers. The spy is sent out with one and the spy
master retains the other. The digits are used as follows. Suppose that the word
to be encrypted is SPY and the random digits are 352. Then S becomes V (three
letters after S), P becomes U (five letters after P), and Y becomes A (two
letters after Y, restarting at A after Z). The spy would encrypt a message and
then destroy the document used to encrypt it. This is an early example of
A)
a hashing algorithm.
B)
asymmetric key encryption.
C)
symmetric key encryption.
D)
public key encryption.
0
15)
One way to circumvent the counterfeiting of public keys is by using
A)
a digital certificate.
B)
digital authority.
C)
encryption.
D)
cryptography.
2
16)
In a private key system the sender and the receiver have ________, and in the
public key system they have ________.
A)
different keys; the same key
B)
a decrypting algorithm; an encrypting algorithm
C)
the same key; two separate keys
D)
an encrypting algorithm; a decrypting algorithm
0
17) Asymmetric
key encryption combined with the information provided by a certificate
authority allows unique identification of
A)
the user of encrypted data.
B)
the provider of encrypted data.
C)
both the user and the provider of encrypted data.
D)
either the user or the provider of encrypted data.
2
18)
Which of the following is not one of the 10 internationally recognized
best practices for protecting the privacy of customers' personal information?
A)
Providing free credit report monitoring for customers
B)
Inform customers of the option to opt-out of data collection and use of their
personal information
C)
Allow customers' browsers to decline to accept cookies
D)
Utilize controls to prevent unauthorized access to, and disclosure of,
customers' information
Page
Ref: 256-257
19) On March 3,
2008, a laptop computer belonging to Folding Squid Technology was stolen from
the trunk of Jiao Jan's car while he was attending a conference in Cleveland,
Ohio. After reporting the theft, Jiao considered the implications of the theft
for the company's network security and concluded there was nothing to worry
about because
A)
the computer was protected by a password.
B)
the computer was insured against theft.
C)
it was unlikely that the thief would know how to access the company data stored
on the computer.
D)
the data stored on the computer was encrypted.
Page
Ref: 258
20)
Jeff Davis took a call from a client. "Jeff, I need to interact online and
real time with our affiliate in India, and I want to make sure that our
communications aren't intercepted. What do you suggest?" Jeff responded
"The best solution will be to implement
A)
a virtual private network."
B)
a private cloud environment."
C)
an asymmetric encryption system with digital signatures."
D)
multifactor authentication."
4
21) In
developing policies related to personal information about customers, Folding
Squid Technologies adhered to the Trust Services framework. The standard
applicable to these policies is
A)
security.
B)
confidentiality.
C)
privacy.
D)
availability.
Page
Ref: 254
22)
Jeff Davis took a call from a client. "Jeff, I need for my customers to
make payments online using credit cards, but I want to make sure that the
credit card data isn't intercepted. What do you suggest?" Jeff responded
"The best solution will be to implement
A)
a virtual private network."
B)
a private cloud environment."
C)
an encryption system with digital signatures."
D)
a data masking program."
23)
Describe some steps you can take to minimize your risk of identify theft.
24)
Describe symmetric encryption and identify three limitations.
No comments:
Post a Comment