Ethical and Legal Issues
Computer Crimes and Attacks
Network Security
200

To minimize the invasion of privacy, organizations should:

a. Not delete data even when it is not needed.

b. Not modify data once it is entered into an information system.

c. Collect only the data that is necessary for the stated purpose.

c. Collect only the data that is necessary for the stated purpose.

200

An IT staff at the university has installed a help desk app where students can report issues. A student has reported that software is being mysteriously installed on their computer. Also, when students go to the registration page in a browser, they are taken to a different site. The IT staff would classify this as what type of issue?

a. Keystroke loggers

b. Spyware

c. Firmware

d. Script loggers

b. Spyware

200

Spoofing happens when:

a. A word is converted into a digital pattern.

b. Keystrokes are monitored and recorded.

c. An illegitimate program poses as a legitimate one.

d. A firewall rejects the incoming data packets.

c. An illegitimate program poses as a legitimate one.

400

Jared makes two copies of an antivirus software package he bought and sold one of the copies to Joshua. How would Jared’s actions be classified in this situation?

a. Ethical, but illegal

b. Unethical, but legal

c. Illegal and unethical

d. Legal and ethical

c. Illegal and unethical

400

Which statement best describes spyware?

a. It is software that secretly gathers information about users while they browse the Web.

b. It is an attack that floods a server with service requests to prevent legitimate users’ access to the system.

c. It is encryption security that manages transmission security on the Internet.

d. It is a programming routine built into a system by its designer to bypass system security and sneak back into the system later to access programs or files.

a. It is software that secretly gathers information about users while they browse the Web.

400

John downloaded Alten Cleaner, a program that poses as a computer registry cleaner, on his computer. Once he installed the program on his computer, the program illegitimately gained access to John’s passwords and credit card information. What is the reason behind this happening to John?

a. Spoofing

b. Phishing

c. Baiting

d. Pharming

a. Spoofing

600

Clement applies for a home loan at Global Bank Inc. As part of the process, he provides details to the banker responsible for sanctioning loans. The banker uses Clement’s personal information to sell him insurance policies. In this scenario, the banker’s action is considered _____.

a. Unethical and illegal

b. Ethical, but illegal

c. Legal and ethical

d. Legal but unethical

d. Legal but unethical

600

In the context of computer crimes and attacks, the difference between phishing and spear phishing is that:

a. Spear phishing attacks are targeted toward a specific person or a group.

b. Spear phishing involves monitoring and recording keystrokes.

c. Spear phishing involves hackers capturing and recording network traffic.

d. Spear phishing involves collecting sensitive information via phone calls.

a. Spear phishing attacks are targeted toward a specific person or a group.

600

_____ is a computer crime that involves destroying or disrupting computer services.

a. Keystroke logging

b. Dumpster diving

c. Bombing

d. Sabotage

d. Sabotage

800

Albert applied for a consumer durables loan at Horizon Bank and had to provide his personal information in the loan application form. John, the banker in charge, used Albert’s information to sell him a credit card issued by Horizon Bank. In this scenario, John’s action is considered _____.

a. Illegal and unethical

b. Criminal but ethical

c. Legal but unethical

d. Legal and ethical

c. Legal but unethical

800

Similar to phishing, _____ is directing Internet users to fraudulent Web sites to steal their personal information, such as Social Security numbers, passwords, bank account numbers, and credit card numbers.

a. Sniffing

b. Screening

c. Pharming

d. Cybersquatting

c. Pharming

800

In the context of computer and network security, _____ means that a system must not allow the disclosing of information by anyone who is not authorized to access it.

a. Reliability

b. Confidentiality

c. Integrity

d. Availability

b. Confidentiality

1000

Alfred, a software programmer at Gamma Inc., develops a program that spreads Trojan viruses to the organization’s network. Liam, his manager, has discovered that Alfred has intentionally spread the virus. What should Liam do next?

a. Congratulate Alfred for identifying a weakness in the network

b. Promote Alfred to CISO with his knowledge of the organization’s weaknesses

c. While unethical, this is not illegal, so Liam should send Alfred to HR

d. Liam should fire Alfred and defer to HR for legal prosecution

d. Liam should fire Alfred and defer to HR for legal prosecution

1000

Capturing and recording network traffic is referred to as _____.

a. Sniffing

b. Phishing

c. Bombing

d. Pharming

a. Sniffing

1000

In computer and network security, _____ refers to the accuracy of information resources within an organization.

a. Validity

b. Confidentiality

c. Integrity

d. Availability

c. Integrity