CIS 3250 Exam 1

Employees may suppress their tendency to act in a manner that seems ethical to them and instead act in a manner that will protect them against anticipated punishment

True

Which of the following statements best describes a reason why organizations pursue corporate social responsibility (CSR) goals and promote a work environment in which employees are encouraged to act ethically when making business decisions?

To gain the goodwill of the community

A clear, concise statement of an issue that needs to be addressed is known as which of the following?

problem statement

To extend to all people the same respect and consideration that you expect from them is considered which of the following character traits?

integrity

Which of the following terms best describes a habit that inclines people to do what is acceptable?

virtue

An organization's mission statement highlights its key ethical issues and identifies the overarching values and principles that are important to the organization and its decision making.

False

In the business world, important decisions are too often left to the technical experts; general business managers must assume greater responsibility for these decisions.

True

A well-implemented ethics and compliance program and a strong ethical culture can lead to:

less pressure on employees to misbehave

Which of the following helps ensure that employees abide by the law, follow necessary regulations, and behave in an ethical manner?

code of ethics

The term ethics describes standards or codes of behavior expected of an individual by a group to which the individual belongs.

True

Because an activity is defined as legal, the activity is also considered ethical

False

The greater reliance of information systems in all aspects of life has decreased the risk that information technology will be used unethically.

False

A code of ethics cannot gain company-wide acceptance unless it is fully endorsed by the organization's leadership and developed with which of the following?

employee participation

Increasingly, managers are including ethical conduct as part of an employee's performance appraisal.

True

A statement that highlights an organization's key ethical issues and identifies the overarching values and principles that are important to the organization and its decision making is known as which of the following?

code of ethics

The board of directors of an organization is normally responsible for day-to-day management and operations of the organization.

False

Ideally, the corporate ethics officer should be a well respected, senior-level manager who reports directly to the CEO.

True

Legal acts conform to what an individual believes to be the right thing to do.

False

Consistency means that shareholders, customers, suppliers, and the community know what they can expect of an organization-that it will behave in the future much as it has in the past.

True

During which step of the decision-making process should one be extremely careful not to make assumptions about the situation?

Develop problem statement

A discrepancy between employee's own values and an organization's action

fosters poor performance

In which step of the decision-making process should the decision makers consider laws, guidelines, policies, and principles that might apply to the decision?

choose alternative

Someone who stands to gain or lose, depending on how a situation is resolved is known as which of the following

stakeholder

Setting corporate social responsibility (CSR) goals encourages an organization to achieve higher moral and ethical standards

True

What term is used to describe a habit of unacceptable behavior?

Vice

The goodwill that is created by which of the following can make it easier for corporations to conduct their business?

CSR Activities

Multinational and global organizations must not present a consistent face to their shareholders, customers, and suppliers but instead must operate with a different value system in each country they do business in

False

In the decision-making process of implementing the decision, what plan must be defined to explain to people how they will move from the old way of doing things to the new way?

transition

Which of the following positions provides an organization with vision and leadership in the area of business conduct?

corporate ethics officer

In an environment where employees are encouraged to do "whatever it takes" to get the job done, employees may feel pressure to act in which of the following ways?

unethically

The term morals refers to the personal principles upon which an individual bases his or her decisions about what is right and what is wrong

True

Compliance means to be in conformance with a profession's core body of knowledge

False

While no policy can stop wrongdoers, it can establish boundaries for acceptable and unacceptable behavior and enable management to punish violators.

True

There are many industry association certifications in a variety of IT-related subject areas

True

The internal audit department includes members of the board of directors who determine that the internal systems and controls of the organization are adequate and effective

False

When it comes to distinguishing between bribes and gifts, the perceptions of the donor and recipient almost always coincide

False

A breach of the duty of care is defined as a failure to conform to the code of ethics of a professional organization

False

Gifts come with no expectation of a future favor for the donor

True

Government licensing of IT workers is common within most of the states of the United States

False

Vendor certifications require passing a written exam, which usually contains multiple-choice questions because of legal concerns about whether other types of exams can be graded objectively

True

The Foreign Corrupt Practices Act (FCPA) makes it a crime to do which of the following?

bribe a foreign official

a vender certification:

may focus too narrowly on the technical details of the vendor's technology

Which of the following is an effort by an employee to attract attention to a negligent, illegal, and unethical abusive, or dangerous act by a company that threatens the public interest?

Whistle-blowing

The Foreign Corrupt Practices Act is a legally binding global treaty to fight bribery and corruption

False

There is potential conflict of interest when IT consultants or auditors recommend their own products and services or those of an affiliated vender or remedy a problem they have detected

True

To prove fraud in a court of law, prosecutors must demonstrate that:

the wrongdoer made a false representation of material fact

In 1972, which organization recommended that publicly held organizations establish audit committees?

Securities and Exchange Commission (SEC)

A hardware or software device that serves as a barrier between a company and the outside world and limits access to the company's network based on the organization's Internet usage policy is known as which of the following?

firewall

Which of the following states the principles and core values that are essential to the work of a particular occupational group?

Professional code of ethics

The posting of thousands of State Department documents on the WikiLeaks Web site is an example of which of the following?

Inappropriate sharing of information

The United Nations Convention Against Corruption makes it a crime to bribe a foreign official, a foreign political party official, or a candidate for foreign political office

False

A spear phishing attach typically employs a group of zombies to keep the target so busy responding to a stream of automated requests that legitimate users cannot access the target

False

Cyberterrorism involves the deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms

False

Which of the following is a federal law that provides a definition of the term cyberterrorism and under which young people primarily involved in what they consider to be minor computer pranks have been tried as cyberterrorists?

USA Patriot Act

Employees and contract workers must be educated about the importance of security so that they will be motivated to understand and follow the security policies

True

Computer forensics is such a new field that there is little training or certification processes avalible

False

Which term is defined as an exploit that takes place before the security community or software developer knowns about the vulnerability or has been able to repair it?

zero-day attack

Which of the following concepts recognizes that managers must be use their judgement to ensure that the control does not exceed the system's benefits or the risks involved?

reasonable assurance

The intimidation of government or civilian population by using information technology to disable critical national infrastructure in order to achieve political, religious, or ideological goals is known as which of the following?

cyberterrorism

A business policy that permits employees to use their own mobile devices to access company resources and applications is known as which of the following?

bring your own device (BYOD)

The most common computer security precaution taken by businesses is the installation of which of the following?

firewall

Which of the following enables remote users to securely access an organization's collection of computing and storage devices and share data remotely?

virtual private network

An antivirus software scans for a specific sequence of bytes that indicates the presence of a specific malware. This sequence of bytes is known as which of the following?

virus signature

Many organizations outsource their network security operations to a company that monitors, manages, and maintains computer and network security for them. This type of company is known as which of the following?

managed security service provider

Many organizations use software to provide a comprehensive display of all key performance indicators related to an organization's security defenses, including threats, exposures, policy compliance, and incident alerts. What is this type of software known as?

security dashboard

Phishing frequently leads consumers to counterfeit websites designed to trick them into initiating a denial-of-service attack.

false

Even when preventative measures are implemented, no organization is completely secure from a determined computer attack.

true

Installation of a corporate firewall is the least common security precaution taken by businesses as it does not provide sufficient security.

false

A router is a hardware- or software-based network security system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.

false

The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act states that it is legal to spam, provided the messages meet a few basic requirements.

true

Which of the following is a partnership between the Department of Homeland Security and the public and private sectors, established in 2003 to protect the nation's Internet infrastructure against cyberattacks?

U.S. Computer Emergency Readiness Team

In computing, a term for any sort of general attack on an information system that takes advantage of a particular system vulnerability is known as which of the following?

exploit

Today's computer menace is much better organized and may be part of an organized group

True

Often a successful attack on an information system is due to poor system design or implementation. Once such a vulnerability is discovered, software developers quickly create and issue which of the following, in order to eliminate the problem?

patch

The act of fraudulently using email to try to get the recipient to reveal personal data is known as which of the following?

Phising

Installation of a corporate firewall is the least common security precaution taken by businesses as it does not provide sufficient security

False

A type of computer crime perpetrator whose primary motive is to achieve financial gain is known as which of the following?

cybercriminal

What type of attack keeps the target so busy responding to a stream of automated requests that legitimate users cannot get in?

Distributed Denial-Of-Service

Which of the following gets a rootkit installation started and can be easily activated by clocking on a link to malicious Web site in an email or openeing an infected PDF file?

Dropper code

Software and/or hardware that monitors system and network resources and activities, and notifies network security personnel when it identifies network traffic that attempts to circumvent the security measures of a networked computer environment is known as which of the following?

intrusion detection system

The Fifth Amendment regulates the collection of the content of wire and electronic communications

False

Which of the following is a form of Trojan horse which executes when it is triggered by a specific event such as a change in particular file, by typing a specific series of keystrokes, or by a specific time or date?

Logic bomb

The cost to repair the worldwide damage done by a computer worm has exceeded $1 billion on more than one occasion

True

The cost of creating an email campaign for a product or service is typically more expensive and takes longer to conduct than a direct-mail campaign

False

It is not unusual for a security audit to reveal that too many people have access to critical data and that many people have capabilities beyond those needed to perform their jobs.

True

The U.S. has a single, overarching national data privacy policy.

False

Which act prohibits unauthorized access to stored wire and electronic communications, such as the contents of email inboxes, instant messages, message boards, and social networking sites?

Electronic Communications Privacy Act

Which act presumes that a student's records are private and not available to the public without the consent of the student?

Family Educational Rights and Privacy Act

In the context of tenets of The European Union Data Protection Directive, which of the following terms refers to an individual's right to seek legal relief through appropriate channels to protect privacy rights?

enforcement

Online marketers can capture personal information, such as names, addresses, and Social Security numbers without requiring consent.

False

Through the use of cookies, a Web site is able to identify visitors on subsequent visits.

True

Under the Right to Financial Privacy Act, a financial institution can release a customer's financial records without the customer's authorization as long as it is a government authority that is seeking the records.

False

The cost of a data breach can be quite expensive, by some estimates nearly $200 for each record lost.

True

The Children's Online Privacy Protection Act:

does not cover the dissemination of information to children

A pen register is a device that records the originating number of incoming calls for a particular phone number.

False

Which act requires that financial institutions must provide a privacy notice to each consumer that explains what data about the consumer is gathered, with whom that data is shared, how the data is used, and how the data is protected?

Gramm-Leach-Bliley Act

Which act allows consumers to request and obtain a free credit report each year from each of the three primary credit reporting companies?

Fair and Accurate Credit Transactions Act

Title I of which of the following acts extends the protections offered under the Wiretap Act to electronic communications, such as fax and messages sent over the Internet?

Electronic Communications Privacy Act

Under which act did the Federal Communications Commission respond to appeals from the Department of Justice by requiring providers of Internet phone services and broadband services to ensure that their equipment accommodated the use of law enforcement wiretaps?

Communications Assistance for Law Enforcement Act

The rights assigned to parents by the Family Educational Rights and Privacy Act transfer to the student once the student reaches the age of 21.

False