Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 7

Accounting Information Systems, 12e (Romney/Steinbart)

Chapter 9 Information Systems Controls for Systems ReliabilityPart 2: Confidentiality and


1) Concerning virtual private networks (VPN), which of the following is not true?
A) VPNs provide the functionality of a privately owned network using the Internet.
B) Using VPN software to encrypt information while it is in transit over the Internet in effect creates
private communication channels, often referred to as tunnels, which are accessible only to those parties
possessing the appropriate encryption and decryption keys.
C) The cost of the VPN software is much less than the cost of leasing or buying the infrastructure
(telephone lines, satellite links, communications equipment, etc.) needed to create a privately owned
secure communications network.
D) It is more expensive to reconfigure VPNs to include new sites than it is to add or remove the
corresponding physical connections in a privately owned network.
Answer: D
Page Ref: 264
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic

2) Which of the following is not associated with asymmetric encryption?

A) No need for key exchange
B) Public keys
C) Private keys
D) Speed
Answer: D
Page Ref: 260
Objective: Learning Objective 3
Difficulty : Easy
AACSB: Analytic

3) The system and processes used to issue and manage asymmetric keys and digital certificates are
known as
A) asymmetric encryption.
B) certificate authority.
C) digital signature.
D) public key infrastructure.
Answer: D
Page Ref: 262
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic
4) Which of the following describes one weakness of encryption?
A) Encrypted packets cannot be examined by a firewall.
B) Encryption protects the confidentiality of information while in storage.
C) Encryption protects the privacy of information during transmission.
D) Encryption provides for both authentication and non-repudiation.
Answer: A
Page Ref: 264
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic

5) Using a combination of symmetric and asymmetric key encryption, Chris Kai sent a report to her
home office in Syracuse, New York. She received an email acknowledgement that the document had
been received and then, a few minutes later, she received a second email that indicated that the hash
calculated from the report differed from that sent with the report. This most likely explanation for this
result is that
A) the public key had been compromised.
B) the private key had been compromised.
C) the symmetric encryption key had been compromised.
D) the asymmetric encryption key had been compromised.
Answer: C
Page Ref: 261
Objective: Learning Objective 3
Difficulty : Difficult
AACSB: Analytic

6) Encryption has a remarkably long and varied history. The invention of writing was apparently soon
followed by a desire to conceal messages. One of the earliest methods, attributed to an ancient Roman
emperor, was the simple substitution of numbers for letters, for example A = 1, B = 2, etc. This is an
example of
A) a hashing algorithm.
B) symmetric key encryption.
C) asymmetric key encryption.
D) a public key.
Answer: B
Page Ref: 260
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic

7) An electronic document that certifies the identity of the owner of a particular public key.
A) Asymmetric encryption
B) Digital certificate
C) Digital signature
D) Public key
Answer: B
Page Ref: 262
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic
8) These systems use the same key to encrypt and to decrypt.
A) Asymmetric encryption
B) Hashing encryption
C) Public key encryption
D) Symmetric encryption
Answer: D
Page Ref: 260
Objective: Learning Objective 3
Difficulty : Easy
AACSB: Analytic

9) These are used to create digital signatures.

A) Asymmetric encryption and hashing
B) Hashing and packet filtering
C) Packet filtering and encryption
D) Symmetric encryption and hashing
Answer: A
Page Ref: 261
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic

10) Information encrypted with the creator's private key that is used to authenticate the sender is
A) asymmetric encryption.
B) digital certificate.
C) digital signature.
D) public key.
Answer: C
Page Ref: 261
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic

11) Which of the following is not one of the three important factors determining the strength of any
encryption system?
A) Key length
B) Key management policies
C) Encryption algorithm
D) Privacy
Answer: D
Page Ref: 259
Objective: Learning Objective 3
Difficulty : Easy
AACSB: Analytic
12) A process that takes plaintext of any length and transforms it into a short code.
A) Asymmetric encryption
B) Encryption
C) Hashing
D) Symmetric encryption
Answer: C
Page Ref: 260
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic

13) Which of the following descriptions is not associated with symmetric encryption?
A) A shared secret key
B) Faster encryption
C) Lack of authentication
D) Separate keys for each communication party
Answer: C
Page Ref: 260
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic

14) Encryption has a remarkably long and varied history. Spies have been using it to convey secret
messages ever since there were secret messages to convey. One powerful method of encryption uses
random digits. Two documents are prepared with the same random sequence of numbers. The spy is sent
out with one and the spy master retains the other. The digits are used as follows. Suppose that the word
to be encrypted is SPY and the random digits are 352. Then S becomes V (three letters after S), P
becomes U (five letters after P), and Y becomes A (two letters after Y, restarting at A after Z). The spy
would encrypt a message and then destroy the document used to encrypt it. This is an early example of
A) a hashing algorithm.
B) asymmetric key encryption.
C) symmetric key encryption.
D) public key encryption.
Answer: C
Page Ref: 260
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic

15) One way to circumvent the counterfeiting of public keys is by using

A) a digital certificate.
B) digital authority.
C) encryption.
D) cryptography.
Answer: A
Page Ref: 262
Objective: Learning Objective 3
Difficulty : Easy
AACSB: Analytic
16) In a private key system the sender and the receiver have ________, and in the public key system
they have ________.
A) different keys; the same key
B) a decrypting algorithm; an encrypting algorithm
C) the same key; two separate keys
D) an encrypting algorithm; a decrypting algorithm
Answer: C
Page Ref: 260
Objective: Learning Objective 3
Difficulty : Easy
AACSB: Analytic

17) Asymmetric key encryption combined with the information provided by a certificate authority
allows unique identification of
A) the user of encrypted data.
B) the provider of encrypted data.
C) both the user and the provider of encrypted data.
D) either the user or the provider of encrypted data.
Answer: D
Page Ref: 262
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic

18) Which of the following is not one of the 10 internationally recognized best practices for protecting
the privacy of customers' personal information?
A) Providing free credit report monitoring for customers
B) Inform customers of the option to opt-out of data collection and use of their personal information
C) Allow customers' browsers to decline to accept cookies
D) Utilize controls to prevent unauthorized access to, and disclosure of, customers' information
Answer: A
Page Ref: 256-257
Objective: Learning Objective 2
Difficulty : Moderate
AACSB: Analytic

19) On March 3, 2008, a laptop computer belonging to Folding Squid Technology was stolen from the
trunk of Jiao Jan's car while he was attending a conference in Cleveland, Ohio. After reporting the theft,
Jiao considered the implications of the theft for the company's network security and concluded there was
nothing to worry about because
A) the computer was protected by a password.
B) the computer was insured against theft.
C) it was unlikely that the thief would know how to access the company data stored on the computer.
D) the data stored on the computer was encrypted.
Answer: D
Page Ref: 258
Objective: Learning Objective 3
Difficulty : Easy
AACSB: Analytic
20) Jeff Davis took a call from a client. "Jeff, I need to interact online and real time with our affiliate in
India, and I want to make sure that our communications aren't intercepted. What do you suggest?" Jeff
responded "The best solution will be to implement
A) a virtual private network."
B) a private cloud environment."
C) an asymmetric encryption system with digital signatures."
D) multifactor authentication."
Answer: A
Page Ref: 264
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic

21) In developing policies related to personal information about customers, Folding Squid Technologies
adhered to the Trust Services framework. The standard applicable to these policies is
A) security.
B) confidentiality.
C) privacy.
D) availability.
Answer: C
Page Ref: 254
Objective: Learning Objective 2
Difficulty : Easy
AACSB: Analytic

22) Jeff Davis took a call from a client. "Jeff, I need for my customers to make payments online using
credit cards, but I want to make sure that the credit card data isn't intercepted. What do you suggest?"
Jeff responded "The best solution will be to implement
A) a virtual private network."
B) a private cloud environment."
C) an encryption system with digital signatures."
D) a data masking program."
Answer: C
Page Ref: 261
Objective: Learning Objective 2
Difficulty : Moderate
AACSB: Analytic
23) Describe some steps you can take to minimize your risk of identify theft.
Answer: Shred documents containing personal information. Never send personally identifying
information in unencrypted email. Beware of email/phone/print requests to verify personal information
that the requesting party should already possess. Do not carry your social security card with you. Print
only your initials and last name on checks. Limit the amount of other information preprinted on checks.
Do not use your mailbox for outgoing mail. Do not carry more than a few blank checks with you. Use
special software to digitally clean any digital media prior to disposal. Monitor your credit cards
regularly. File a police report as soon as you discover a purse or wallet missing. Make photocopies of
driver's license, passports and credit cards and keep in a safe location. Immediately cancel any stolen or
lost credit cards.
Page Ref: 256
Objective: Learning Objective 2
Difficulty : Moderate
AACSB: Analytic

24) Describe symmetric encryption and identify three limitations.

Answer: Symmetric encryption systems use the same key to encrypt and decrypt data. Symmetric
encryption is much faster than asymmetric encryption, but the sender and receiver need to know the
shared secret key, which requires a different secure method of exchanging the key. Also, different secret
keys must be used with each different communication party. Finally, there is no way to prove who
created a specific document.
Page Ref: 260
Objective: Learning Objective 3
Difficulty : Moderate
AACSB: Analytic

You might also like