Ethical and Legal Issues
To minimize the invasion of privacy, organizations should:
a. Not delete data even when it is not needed.
b. Not modify data once it is entered into an information system.
c. Collect only the data that is necessary for the stated purpose.
c. Collect only the data that is necessary for the stated purpose.
An IT staff at the university has installed a help desk app where students can report issues. A student has reported that software is being mysteriously installed on their computer. Also, when students go to the registration page in a browser, they are taken to a different site. The IT staff would classify this as what type of issue?
a. Keystroke loggers
b. Spyware
c. Firmware
d. Script loggers
b. Spyware
Spoofing happens when:
a. A word is converted into a digital pattern.
b. Keystrokes are monitored and recorded.
c. An illegitimate program poses as a legitimate one.
d. A firewall rejects the incoming data packets.
c. An illegitimate program poses as a legitimate one.
Jared makes two copies of an antivirus software package he bought and sold one of the copies to Joshua. How would Jared’s actions be classified in this situation?
a. Ethical, but illegal
b. Unethical, but legal
c. Illegal and unethical
d. Legal and ethical
c. Illegal and unethical
Which statement best describes spyware?
a. It is software that secretly gathers information about users while they browse the Web.
b. It is an attack that floods a server with service requests to prevent legitimate users’ access to the system.
c. It is encryption security that manages transmission security on the Internet.
d. It is a programming routine built into a system by its designer to bypass system security and sneak back into the system later to access programs or files.
a. It is software that secretly gathers information about users while they browse the Web.
John downloaded Alten Cleaner, a program that poses as a computer registry cleaner, on his computer. Once he installed the program on his computer, the program illegitimately gained access to John’s passwords and credit card information. What is the reason behind this happening to John?
a. Spoofing
b. Phishing
c. Baiting
d. Pharming
a. Spoofing
Clement applies for a home loan at Global Bank Inc. As part of the process, he provides details to the banker responsible for sanctioning loans. The banker uses Clement’s personal information to sell him insurance policies. In this scenario, the banker’s action is considered _____.
a. Unethical and illegal
b. Ethical, but illegal
c. Legal and ethical
d. Legal but unethical
d. Legal but unethical
In the context of computer crimes and attacks, the difference between phishing and spear phishing is that:
a. Spear phishing attacks are targeted toward a specific person or a group.
b. Spear phishing involves monitoring and recording keystrokes.
c. Spear phishing involves hackers capturing and recording network traffic.
d. Spear phishing involves collecting sensitive information via phone calls.
a. Spear phishing attacks are targeted toward a specific person or a group.
_____ is a computer crime that involves destroying or disrupting computer services.
a. Keystroke logging
b. Dumpster diving
c. Bombing
d. Sabotage
d. Sabotage
Albert applied for a consumer durables loan at Horizon Bank and had to provide his personal information in the loan application form. John, the banker in charge, used Albert’s information to sell him a credit card issued by Horizon Bank. In this scenario, John’s action is considered _____.
a. Illegal and unethical
b. Criminal but ethical
c. Legal but unethical
d. Legal and ethical
c. Legal but unethical
Similar to phishing, _____ is directing Internet users to fraudulent Web sites to steal their personal information, such as Social Security numbers, passwords, bank account numbers, and credit card numbers.
a. Sniffing
b. Screening
c. Pharming
d. Cybersquatting
c. Pharming
In the context of computer and network security, _____ means that a system must not allow the disclosing of information by anyone who is not authorized to access it.
a. Reliability
b. Confidentiality
c. Integrity
d. Availability
b. Confidentiality
Alfred, a software programmer at Gamma Inc., develops a program that spreads Trojan viruses to the organization’s network. Liam, his manager, has discovered that Alfred has intentionally spread the virus. What should Liam do next?
a. Congratulate Alfred for identifying a weakness in the network
b. Promote Alfred to CISO with his knowledge of the organization’s weaknesses
c. While unethical, this is not illegal, so Liam should send Alfred to HR
d. Liam should fire Alfred and defer to HR for legal prosecution
d. Liam should fire Alfred and defer to HR for legal prosecution
Capturing and recording network traffic is referred to as _____.
a. Sniffing
b. Phishing
c. Bombing
d. Pharming
a. Sniffing
In computer and network security, _____ refers to the accuracy of information resources within an organization.
a. Validity
b. Confidentiality
c. Integrity
d. Availability
c. Integrity