cis3250 ch1-5

Multinational and global organizations must not present a consistent face to their shareholders, customers, and suppliers but instead must operate with a different value system in each country they do business in. T/F

False

Legal acts conform to what an individual believes to be the right thing to do. T/F

False

The greater reliance of information systems in all aspects of life has decreased the risk that information technology will be used unethically. T/F

False

The countries with the highest software piracy rate in the world include Luxembourg, Japan, and New Zealand. T/F

False

In a nonprofit organization, the board of directors reports to the local community that it serves. T/F

True

Because an activity is defined as legal, the activity is also considered ethical. T/F

False

In a for-profit organization, the primary objective of which of the following is to oversee the organization's business activities and management for the benefit of shareholders, employees, customers, suppliers, and the community?
negotiator
board of directors
corporate ethics officer
corporate compliance officer

board of directors

If the desired results are not achieved upon implementation of a solution, one should return to the "identify alternatives" step of the decision making process and rework the decision. T/F

False

The goodwill that is created by which of the following can make it easier for corporations to conduct their business?
profits
alliances
incentives
CSR activities

CSR activities

The piracy rate is nearly 80 percent across which continent?
Asia
North America
Europe
Africa

Africa

Laws can proclaim an act as legal, although many people may consider the act immoral. T/F

True

The term morals refers to the personal principles upon which an individual bases his or her decisions about what is right and what is wrong. T/F

True

Which of the following statements best describes a reason why organizations pursue corporate social responsibility (CSR) goals and promote a work environment in which employees are encouraged to act ethically when making business decisions?
To enjoy higher employee turnover rates
To define a variable approach for dealing with stakeholders
To gain the goodwill of the community
To increase unfavorable publicity

To gain the goodwill of the community

The board of directors of an organization is normally responsible for day-to-day management and operations of the organization. T/F

False

The term ethics describes standards or codes of behavior expected of an individual by a group to which the individual belongs. T/F

True

Standards or codes of behavior expected of an individual by a group (nation, organization, profession) to which an individual belongs is known as which of the following?
Ethics
Virtues
Laws
Morals

Ethics

Most people have developed a decision-making process they use almost automatically, without thinking about the steps they go through. T/F

True

Which of the following helps ensure that employees abide by the law, follow necessary regulations, and behave in an ethical manner?
mission statement
acceptable use policy
problem statement
code of ethics

code of ethics

Which of the following steps in the decision-making process gathers and analyzes facts and also identifies stakeholders affected by the decision?
Develop problem statement
Evaluate result
Identify alternatives
Implement decision

Develop problem statement

One's personal beliefs about right and wrong are known as which of the following?
virtues
vices
characteristics
morals

Morals

Which of the following states the principles and core values that are essential to the work of a particular occupational group?
work statement
mission statement
manual of style
professional code of ethics

professional code of ethics

One of the most common ethical problems for members of the IT profession when a potential employee lies on a resume and claims competence in an IT skill that is in high demand. This act is known as which of the following?
misrepresentation
fraud
resume inflation
breach of the duty of care

resume inflation

Professionals who breach the duty of care are liable for injuries that their negligence causes. This liability is commonly referred to as which of the following?
professional malpractice
breach of the duty of care
professional standard breach
software piracy

professional malpractice

Gifts come with no expectation of a future favor for the donor. T/F

True

A breach of the duty of care is defined as a failure to conform to the code of ethics of a professional organization. T/F

False

From a legal perspective, there is both a reasonable person standard and a reasonable professional standard to decide whether parties owe a duty of care. T/F

True

A bribe is a crime even if the payment was lawful under the laws of the foreign country in which it was paid. T/F

False

Vendor certifications require passing a written exam, which usually contains multiple-choice questions because of legal concerns about whether other types of exams can be graded objectively. T/F

True

Under what circumstance might a gift be considered a bribe?
When given as a gesture of friendship
The gift exchange is made directly from donor to recipient
The gift comes with no expectation of a future favor
When the gift has not been declared

When the gift has not been declared

Which term is used to describe the failure to act as a reasonable person would act?
professional malpractice
duty of care
unreasonable professional standard
breach of the duty of care

breach of the duty of care

The goal of the standards set by the Foreign Corrupt Practices Act (FCPA) is to prevent companies from:

creating relationships between IT workers and suppliers.
making facilitating payments for obtaining permits or licenses.
using slush funds or other means to disguise payments to officials.
providing misrepresentations of a material fact.

using slush funds or other means to disguise payments to officials.

Which entity is a computing society founded in 1947 with more than 97,000 student and professional members in more than 100 countries, and it publishes over 50 journals and 30 newsletters?

Institute of Electrical and Electronic Engineers Computer Society
Business Software Alliance
Association for Computing Machinery
Association of Information Technology Professionals

Association for Computing Machinery

The United Nations Convention Against Corruption makes it a crime to bribe a foreign official, a foreign political party official, or a candidate for foreign political office. T/F

False

While no policy can stop wrongdoers, it can establish boundaries for acceptable and unacceptable behavior and enable management to punish violators. T/F

True

Which of the following is defined as not doing something that a reasonable person would do or doing something that a reasonable person would not do?

professional malpractice
breach of the duty of care
negligence
software piracy

negligence

Currently no one IT professional organization has emerged as preeminent, so there is no universal code of ethics for IT workers. T/F

True

A hardware or software device that serves as a barrier between a company and the outside world and limits access to the company's network based on the organization's Internet usage policy is known as which of the following?

router
hub
bridge
firewall

firewall

The Foreign Corrupt Practices Act (FCPA) makes it a crime to do which of the following?

pay an official to perform some official function faster
make lawful payments to a foreign official
make facilitating payments
bribe a foreign official

bribe a foreign official

A vendor certification:

-has no effect on an IT worker's salary and career prospects.
-usually does not require the purchase of expensive training material and course instruction.
-may focus too narrowly on the technical details of the vendor's technology.
-requires vendors to pass lengthy essay exams.

may focus too narrowly on the technical details of the vendor's technology.

In malpractice lawsuits, many courts have ruled that IT workers are not liable for malpractice because they:

do not belong to a professional organization.
fail to breach a duty of care.
do not meet the legal definition of a professional.
are not certified.

do not meet the legal definition of a professional.

A piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner is known as which of the following?

virus
operating system
zombie
CAPTCHA

virus

Before the IT security group can begin an eradication effort, it must:

seek permission of the firm's legal counsel
collect and log all possible criminal evidence from the system
consider the potential for negative publicity
develop an estimate for the monetary damage caused

collect and log all possible criminal evidence from the system

Discussing security attacks through public trials and the associated publicity has not only enormous potential costs in public relations but real monetary costs as well. T/F

True

Which type of attacker hacks computers or websites in an attempt to promote a political ideology?

Industrial spies
Hackers
Cyberterrorists
Hacktivists

Hacktivists

Even when preventive measures are implemented, no organization is completely secure from a determined computer attack. T/F

True

Trojan horse has become an umbrella term for many types of malicious code. T/F

False

Which type of exploit is defined as the sending of fraudulent emails to an organization's employees designed to look like they came from high-level executives from within the organization?

Spamdexing
Vishing
Smishing
Spear phishing

Spear phishing

Which of the following concepts recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system's benefits or the risks involved?

competitive intelligence
reasonable assurance
separation of duties
risk assessment

reasonable assurance

Many organizations use software to provide a comprehensive display of all key performance indicators related to an organization's security defenses, including threats, exposures, policy compliance, and incident alerts. What is this type of software known as?

firewall
security dashboard
intrusion detection software
proxy server software

security dashboard

Which of the following is a form of Trojan horse which executes when it is triggered by a specific event such as a change in a particular file, by typing a specific series of keystrokes, or by a specific time or date?

denial-of-service attack
logic bomb
botnet
rootkit

logic bomb

Spammers can defeat the registration process of free email services by launching a coordinated attack that can sign up for thousands of untraceable email accounts. What is this type of attack known as?

distributed denial-of-service attack
bot attack
CAPTCHA attack
logic bomb

bot attack

In computing, a term for any sort of general attack on an information system that takes advantage of a particular system vulnerability is known as which of the following?

exploit
patch
firewall
security audit

exploit

Today's computer menace is much better organized and may be part of an organized group. T/F

True

Whenever possible, automated system rules should mirror an organization's written policies. T/F

True

It is not unusual for a security audit to reveal that too many people have access to critical data and that many people have capabilities beyond those needed to perform their jobs. T/F

True

Ransomware is malware that stops you from using your computer or accessing your data until you meet certain demands, such as paying a ransom or sending photos to the attacker. T/F

True

Which of the following is a partnership between the Department of Homeland Security and the public and private sectors, established in 2003 to protect the nation's Internet infrastructure against cyberattacks?

Carnegie Mellon's Computer Response Team
U.S. Computer Emergency Readiness Team
The National Institute of Standards and Technology
The Science and Technology Directorate of Homeland Security

U.S. Computer Emergency Readiness Team

The fundamental problem with trying to detect a rootkit is that the operating system cannot be trusted to provide which of the following?

valid test results
correct system login ids
the correct date and time
sufficient memory for operations

valid test results

Computer forensics is such a new field that there is little training or certification processes available. T/F

False

Which term is defined as an exploit that takes place before the security community or software developer knows about the vulnerability or has been able to repair it?

logic bomb
DDoS attack
zero-day attack
rootkit

zero-day attack

In 2008, which act granted expanded authority to collect, without court-approved warrants, international communications as they flow through U.S. telecom network equipment and facilities?

USA PATRIOT Act
Foreign Intelligence Surveillance Act Amendments Act
Electronic Communications Privacy Act
Omnibus Crime Control and Safe Streets Act

Foreign Intelligence Surveillance Act Amendments Act

The use of cookies and tracking software is controversial because companies can collect information about consumers without their explicit permission. T/F

True

Which act included strong privacy provisions for electronic health records and bans the sale of health information, promotes the use of audit trails and encryption, and provides rights of access for patients?

Foreign Intelligence Surveillance Act
American Recovery and Reinvestment Act
Gramm-Leach-Bliley Act
Electronic Communications Privacy Act

American Recovery and Reinvestment Act

Which act prohibits the government from concealing the existence of any personal data record-keeping systems?

Fair Information Practices Act
USA PATRIOT Act
Privacy Act
Freedom of Information Act

Privacy Act

Established in 1980, The Organisation for Economic Co-operation and Development's created which of the following, which are often held up as the model of ethical treatment of consumer data?

European Union Data Protection Directives
fair information practices
transborder data flow principles
BBB online data protection guidelines

fair information practices

Through the use of cookies, a Web site is able to identify visitors on subsequent visits. T/F

True

American citizens are protected by the Fourth Amendment even when there is no reasonable expectation of privacy. T/F

False

A pen register is a device that records the originating number of incoming calls for a particular phone number. T/F

False

The use of information technology in business requires balancing the needs of those who use the information that is collected against the rights and desires of the people whose information is being used. T/F

True

The Privacy Act of 1974 extends to the actions of the CIA, U.S. law enforcement agencies, and the private industry. T/F

False

In Doe v. Holder, the courts ruled that the NSL gag provision violates which of the following?

Fair Information Practices Act
USA PATRIOT Act
First Amendment
sunset provision

First Amendment

The Foreign Intelligence Surveillance Act:

-extends the protections offered under the Wiretap Act to electronic communications, such as email, fax, and messages sent over the Internet.
-was passed by Congress in 1994 and amended both the Wiretap Act and the Electronic Communications Privacy Act.
-requires any company doing business within the borders of the countries comprising the European Union to implement a set of privacy directives on the fair and appropriate use of information.
-allows surveillance, without court order, within the United States for up to a year unless the "surveillance will acquire the contents of any communication to which a U.S. person is a party."

allows surveillance, without court order, within the United States for up to a year unless the "surveillance will acquire the contents of any communication to which a U.S. person is a party."

Which act requires that financial institutions must provide a privacy notice to each consumer that explains what data about the consumer is gathered, with whom that data is shared, how the data is used, and how the data is protected?

Fair Credit Reporting Act
Health Insurance Portability and Accountability Act
Gramm-Leach-Bliley Act
USA PATRIOT Act

Gramm-Leach-Bliley Act

A device that records the originating number of incoming calls for a particular phone number is known as which of the following?

trap and trace
pen register
intercom
phone switchboard

trap and trace

Electronically stored information includes any form of digital information stored on any form of electronic storage device. T/F

True

Under which act did the Federal Communications Commission respond to appeals from the Department of Justice by requiring providers of Internet phone services and broadband services to ensure that their equipment accommodated the use of law enforcement wiretaps?

USA PATRIOT Act
Communications Assistance for Law Enforcement Act
Electronic Communications Privacy Act
Foreign Intelligence Surveillance Act

Communications Assistance for Law Enforcement Act

Which act outlines who may access a user's credit information, how users can find out what is in their file, how to dispute inaccurate data, and how long data is retained?

Gramm-Leach-Bliley Act
Fair Credit Reporting Act
Credit CARD Act
Federal Credit Union Act

Fair Credit Reporting Act

Which of the following is an act that repealed a depression-era law known as Glass-Steagall?

Fair Credit Reporting Act
Health Insurance Portability and Accountability Act
Gramm-Leach-Bliley Act
Electronic Communications Privacy Act

Gramm-Leach-Bliley Act

The Health Insurance Portability and Accountability Act requires healthcare organizations to employ standardized electronic transactions, codes, and identifiers to enable them to fully digitize medical records thus making it possible to exchange medical records over the Internet. T/F

True

The USA PATRIOT Act grants citizens the right to access certain information and records of federal, state, and local governments upon request. T/F

False

In the United States, speech that is merely annoying, critical, demeaning, or offensive enjoys protection under which Amendment?

First
Second
Fourth
Fifth

First

Which country has the largest online population in the world and also perhaps the most rigorous Internet censorship?

United States
India
Japan
China

China

Which of the following is considered an absolute defense against a charge of defamation?

Libel
Slander
The First Amendment
Truth

Truth

The Supreme Court has held that obscene speech and which of the following are not protected by the First Amendment and may be forbidden by the government?

audition
defamation
declamation
demarcation

defamation

Which of the following terms is defined as the control or suppression of the publishing or accessing of information on the Internet?

Internet filtering
Anonymous expression
Internet censorship
Slander

Internet censorship

Most countries other than the United States do not provide constitutional protection for hate speech. T/F

True

Proponents of the Children's Internet Protection Act (CIPA) contended that shielding children from drugs, hate, pornography, and other topics is a sufficient reason to justify which of the following?

Internet filters
spams
compression
encryption

Internet filters

Violation of which of the following acts can cause a school or public library to lose funding to help pay for its Internet connections?

Child Online Protection Act (COPA)
Children's Internet Protection Act (CIPA)
Children's Online Privacy Protection Act (COPPA)
Communications Decency Act (CDA)

Children's Internet Protection Act (CIPA)

Which of the following involves the examination of Internet records in an attempt to reveal the identity of an anonymous poster?

Remailing
Doxing
Slandering
Libeling

Doxing

Anti-SLAPP laws are designed to protect children from pornography. T/F

False

A strategic lawsuit against public participation (SLAPP) is typically without merit. T/F

True

In general, the closer an Internet service provider (ISP) is to a pure service provider than to a content provider, the more likely that the Section 230 immunity of the Communications Decency Act (CDA) will apply. T/F

True

Private schools may prohibit students, instructors, and other employees from engaging in offensive speech. T/F

True

Which act became law in 1996 with the purpose of allowing freer competition among phone, cable, and TV companies?

Telecommunications Act
Telecommunications Deregulation and Reform Act
Child Online Protection Act
Communications Opportunity, Promotion and Enhancement Bill

Telecommunications Act

When a U.S. citizen engages in an activity protected by the U.S. Constitution, even if the activity violates the criminal laws of another country, U.S. laws do not allow which of the following?

the person to be imprisoned
the person to be sued
the person to be extradited
the person to be judged

the person to be extradited

A U.S. citizen who posts material on the Web that is illegal in a foreign country cannot be prosecuted in that country. T/F

False

Despite the importance of which of the following in early America, it took nearly 200 years for the Supreme Court to render rulings that addressed it as an aspect of the Bill of Rights?

privacy
freedom
anonymity
rights

anonymity

Which of the following is the Supreme Court case that established a test to determine if material is obscene and therefore not protected by the First Amendment?

Miller v. Brown
Miller v. California
Miller v. Stern
Miller v. Texas

Miller v. California

The Fifth Amendment protects American's rights to freedom of religion and freedom of expression. T/F

False

A strategy employed by corporations, government officials, and others against citizens and community groups who oppose them on matters of public interest is known as which of the following?

A John Doe lawsuit
A SLAPP
Internet censorship
Anonymous expression

A SLAPP