Professional Documents
Culture Documents
Download New Perspectives on the Internet Comprehensive 9th Edition Schneider Test Bank all chapters
Download New Perspectives on the Internet Comprehensive 9th Edition Schneider Test Bank all chapters
https://testbankfan.com/product/new-perspectives-on-xml-
comprehensive-3rd-edition-carey-test-bank/
https://testbankfan.com/product/new-perspectives-on-xml-
comprehensive-3rd-edition-carey-solutions-manual/
https://testbankfan.com/product/new-perspectives-on-microsoft-
excel-2013-comprehensive-1st-edition-parsons-test-bank/
https://testbankfan.com/product/new-perspectives-on-html-and-css-
comprehensive-6th-edition-carey-test-bank/
New Perspectives on Computer Concepts 2014
Comprehensive 17th Edition Parsons Test Bank
https://testbankfan.com/product/new-perspectives-on-computer-
concepts-2014-comprehensive-17th-edition-parsons-test-bank/
https://testbankfan.com/product/new-perspectives-on-computer-
concepts-2016-comprehensive-18th-edition-parsons-test-bank/
https://testbankfan.com/product/new-perspectives-on-computer-
concepts-2018-comprehensive-20th-edition-parsons-test-bank/
https://testbankfan.com/product/new-perspectives-on-microsoft-
word-2013-comprehensive-1st-edition-zimmerman-test-bank/
https://testbankfan.com/product/new-perspectives-on-microsoft-
excel-2010-comprehensive-1st-edition-parsons-test-bank/
Tutorial 6: Internet Security
TRUE/FALSE
3. Computer security experts generally classify computer security threats into three categories: secrecy,
integrity, and necessity.
8. Computers hijacked without the owner’s knowledge are often called spammers.
10. The text recommends having your Social Security number printed on your checks.
12. You can purchase a digital signature from a certificate authority site.
14. Software that gathers personal information about the user’s behavior or the user’s computer without
their knowledge is called infoware.
15. A bulkhead is a software program or hardware device that controls access between two networks.
16. A port scan tests whether a computer’s various ports are open, closed, or stealth.
17. A digital ID is most often used by people using social networks, such as Facebook, to verify their
posts.
18. A client certificate authenticates a Web site so site visitors can be confident in the identity of the Web
server.
19. In a brute force attack, a cracker uses a program to enter character combinations until the system
accepts a user name and password.
20. The latest, most secure form of SSL certificate is known as SSL-EV.
MODIFIED TRUE/FALSE
1. The use of nonphysical security techniques to protect data stored on computers is sometimes called
computer security. _________________________
ANS: F, logical
3. Asymmetric encryption uses a public and a private key to exchange encrypted messages.
_________________________
ANS: T PTS: 1 REF: WEB 302
4. Many viruses can send you an email that includes the name of someone you know in the message’s
From line, a tactic called phishing. _________________________
ANS: F, spoofing
5. A(n) packet sniffer examines the structure of the data elements that flow through a network.
_________________________
6. A talented computer programmer who uses his skills to commit illegal acts is sometimes known as
a(n) snacker. _________________________
ANS: F
hacker
cracker
7. When an “@” symbol appears in a URL, all characters that precede the symbol are ignored.
_________________________
8. A digital logo is a digital pattern containing copyright information that is inserted into a digital image,
animation, or audio or video file. _________________________
ANS: F, watermark
9. Java, JavaScript, and ActiveX programs are all considered proactive content.
_________________________
10. A Web phish is a small, hidden graphic on a Web page or email message that works with a cookie to
obtain information about the person viewing the page or email message.
_________________________
ANS: F, bug
ANS: F
not always
not
12. Most firewalls are installed to prevent traffic from entering the network.
_________________________
13. A(n) certificate authority authenticates the certificate holder’s identity and issues digital certificates.
_________________________
14. A(n) identity manager stores user name and password information in encrypted form on a computer.
_________________________
15. The combination of user login plus password is called multifactor authentication.
_________________________
MULTIPLE CHOICE
2. Computer security is the use of ____ security techniques to protect data stored on computers.
a. physical c. logical
b. port d. encrypted
ANS: C PTS: 1 REF: WEB 298
3. The figure above shows a(n) ____ page that contains a Web bug.
a. HTTPS page c. HTML page
b. User History page d. FTP page
ANS: C PTS: 1 REF: WEB 333
4. The location of the clear GIF shown in the figure above is a URL for DoubleClick, a division of ____
that develops tools for Internet marketing and advertising.
a. Yahoo! c. Microsoft
b. Google d. Apple
ANS: B PTS: 1 REF: WEB 333
5. When the user loads the Web page that contains the code shown in the figure above, the browser
downloads the ____ file from the DoubleClick server.
a. clear GIF c. clear widget
b. clear JPG d. clear screensaver
ANS: A PTS: 1 REF: WEB 333
6. Referring to the figure above, the process of downloading a Web bug can identify ____.
a. your IP address c. information about your use of the site
b. the Web site you last visited d. all of the above
ANS: D PTS: 1 REF: WEB 333
7. All of the following are categories of computer security threat EXCEPT ____.
a. secrecy c. integrity
b. subterfuge d. necessity
ANS: B PTS: 1 REF: WEB 300
8. According to the text, any act or object that endangers an asset is known as a(n) ____.
a. challenge c. opportunity
b. threat d. virus
ANS: B PTS: 1 REF: WEB 300
12. ____ encryption uses a single key that both the sender and receiver know.
a. Private-key c. Asymmetric
b. Public-key d. Man-in-the-Middle
ANS: A PTS: 1 REF: WEB 301
13. A ____ is a technologically skilled person who uses his or her skills to obtain unauthorized entry into
computers.
a. zombie c. script kiddie
b. cracker d. whacker
ANS: B PTS: 1 REF: WEB 301
15. Email ____ involves a virus sending you an email that includes the name of someone you know in the
message’s From line.
a. scamming c. spoofing
b. spamming d. goofing
ANS: C PTS: 1 REF: WEB 303
16. A(n) ____ attack involves phony email messages that include links to spoofed Web sites.
a. DoS c. man-in-the-middle
b. DDoS d. phishing
ANS: D PTS: 1 REF: WEB 303
17. If you click a link in a phishing email, you will likely be taken to ____.
a. a legitimate Web site, in which you can do business safely
b. a competitor’s Web site (say, going to BarnesandNoble.com when you thought you were
going to Amazon.com)
c. the phishing perpetrator’s Web site
d. A Web site that is being targeted by a denial-of-service attack
ANS: C PTS: 1 REF: WEB 305
18. All characters that precede a(n) “____” symbol in a URL are ignored by a Web server.
a. @ c. _
b. / d. %
ANS: A PTS: 1 REF: WEB 305
20. Email programs alert users when a link in an email message opens a Web page that is coded to a
different ____ than the one displayed in the message.
a. sender name c. category of Web site
b. URL d. date
ANS: B PTS: 1 REF: WEB 305
21. A digital ____ is a pattern containing copyright information that is inserted into a digital image,
animation, or audio or video file.
a. Web bug c. watermark
b. worm d. stenograph
ANS: C PTS: 1 REF: WEB 307
22. ____ is a process that hides encrypted messages within different types of files.
a. Stegography c. Steganography
b. Stenography d. Stenagography
ANS: C PTS: 1 REF: WEB 309
23. A(n) ____ attack occurs when an attacker disrupts normal computer processing or denies processing
entirely.
a. necessity c. secrecy
b. integrity d. man-in-the-middle
ANS: A PTS: 1 REF: WEB 309
24. Computers that have been “hijacked” and used to help a DDoS attack are known as ____.
a. droids c. phish
b. reluctants d. zombies
ANS: D PTS: 1 REF: WEB 310
26. If you believe that your computer is involved in a DoS attack, you should contact your ____
immediately.
a. network administrator c. either a. or b.
b. ISP d. neither a. nor b.
ANS: C PTS: 1 REF: WEB 310
27. All of the following are listed in the text as ways to avoid identity theft EXCEPT ____.
a. matching credit card receipts to monthly statements
b. keeping credit card, bank account, and investment account information together in a safe
place
c. canceling and reopening credit card accounts once every three months
d. shredding all mail that contains any personal information
ANS: C PTS: 1 REF: WEB 313
28. The text recommended purchasing identity theft ____, which can help pay the expenses required to
clear and restore your identity in case of a theft.
a. insurance c. tracking
b. security d. vaults
ANS: A PTS: 1 REF: WEB 313
29. If you believe you are a victim of identity theft, you must act quickly to contact the ____ credit
reporting agencies, every financial institution at which you have an account, and the issuer of every
credit card you hold.
a. two c. four
b. three d. five
ANS: B PTS: 1 REF: WEB 313
30. If you are the victim of identity theft, file a police report with ____ law enforcement to document the
theft, and keep a copy of the report.
a. local c. Internet
b. UN d. national
ANS: A PTS: 1 REF: WEB 315
31. ____ components can make a Web page more useful by providing interactive elements like shipping
calculators or mortgage payment tables.
a. Active content c. Clickstream
b. Static d. Graphic
ANS: A PTS: 1 REF: WEB 322
32. When a digital signature authenticates an ActiveX control’s developer or source, it is called a(n) ____
ActiveX control.
a. safe c. signed
b. logical d. encrypted
ANS: C PTS: 1 REF: WEB 322
33. A Java ____ is a program written in the Java programming language, could execute and consume a
computer’s resources.
a. apple c. cookie
b. applet d. widget
ANS: B PTS: 1 REF: WEB 322
35. A(n) ____ is a self-replicating program usually hidden within another file and sent as an email
attachment.
a. virus c. phish
b. Trojan horse d. worm
ANS: D PTS: 1 REF: WEB 327
36. ____ is a general category of software that includes advertisements to pay for the product for which it
appears.
a. Adware c. Web bug-ware
b. Spyware d. Abandonware
ANS: A PTS: 1 REF: WEB 328
37. The term “Web bug” is most associated with the term “____.”
a. phishing c. active content
b. cookie d. adware
ANS: B PTS: 1 REF: WEB 333
39. A(n) ____ is a small, hidden graphic on a Web page, designed to work in conjunction with a cookie to
obtain information about the person viewing the page.
a. biscuit c. applet
b. Web bug d. no-see-um
ANS: B PTS: 1 REF: WEB 333
42. By setting your Internet security program or other program, such as ____, to remove cookies on a
regular basis, you can eliminate cookies that store user data from your computer.
a. Spy-Kids c. Bug-Aware
b. Ad-Aware d. Cookie-Kids
ANS: B PTS: 1 REF: WEB 334
45. Virtual ports use numbers to isolate traffic by type; a computer has more than ____ virtual ports for
different processes.
a. 650 c. 65,000
b. 6,500 d. 650,000
ANS: B PTS: 1 REF: WEB 334
47. Most ____ are installed to prevent traffic from entering the network, though they can also prevent data
from leaving the network.
a. firewalls c. gatehouses
b. ports d. certificates
ANS: A PTS: 1 REF: WEB 335
48. ____ is a general term for the process of verifying the identity of a person or a Web site.
a. Spoofing c. Inspection
b. Authentication d. Firewalling
ANS: B PTS: 1 REF: WEB 335
53. The countermeasure that protects individuals from becoming victims of ____ attacks is to use unique
user names and passwords at each Web site that requires a login.
a. DDoS c. phishing
b. brute force d. none of the above
ANS: B PTS: 1 REF: WEB 336
54. A ____ attack occurs when a cracker uses a program to enter character combinations until the system
accepts a user name and password.
a. phishing c. brute force
b. man-in-the-middle d. none of the above
ANS: C PTS: 1 REF: WEB 336
55. ____ is the process of associating a person and his identification with a very high level of assurance.
a. User authentication c. Cross-checking
b. Digitally ID’ing d. E-Clearance
ANS: A PTS: 1 REF: WEB 336
56. The combination of user login plus password is called ____ authentication.
a. multifactor c. unbreakable
b. single-factor d. strong
ANS: B PTS: 1 REF: WEB 336
58. A digital certificate usually contains all of the following EXCEPT ____.
a. the certificate holder’s name, address, and email address
b. the certificate’s expiration date or validity period
c. a keycode that destroys all evidence of the certificate upon use
d. verification from a trusted third party
ANS: C PTS: 1 REF: WEB 337
62. ____ was one of the first certificate authorities to issue server certificates.
a. VeriTab c. Google CA
b. Thawte d. Mozilla
ANS: B PTS: 1 REF: WEB 337
65. Web pages secured by SSL have URLs that begin with ____.
a. S-http:// c. SSL://
b. https:// d. IETF://
ANS: B PTS: 1 REF: WEB 341
66. ____ keys exist only during a single connection between a browser and a server.
a. Public c. Session
b. Private d. none of the above
ANS: C PTS: 1 REF: WEB 342
67. ____ emerged in 2008 from concerns that fraudulent Web sites had started obtaining certificates.
a. SSL-II c. Super-SSL
b. SSL-EV d. SSL 2.0
ANS: B PTS: 1 REF: WEB 342
68. If a Web site is using the Extended Validation version of SSL in Internet Explorer, the background of
the address window turns ____.
a. green c. opaque
b. blue d. transparent
ANS: A PTS: 1 REF: WEB 342
69. When using SSL-EV with Chrome, the site’s verified organization name appears in the Address bar to
the left of the URL with a green background and the ____ site information icon.
a. Close c. Confirm
b. Open d. View
ANS: D PTS: 1 REF: WEB 343
70. When using SSL-EV with Firefox, the site’s verified organization name appears in the Location bar
____ the URL with a green background.
a. to the right of c. underneath
b. to the left of d. above
ANS: B PTS: 1 REF: WEB 343
Case 6-1
Ian is beginning his studies toward a degree in computer security. He knows that he has a lot to learn
and wants as solid a footing in the basics as he can get. He has asked you to come over and help him
make sure he’s got a good grasp of the fundamentals.
71. You start with a simple question for Ian. You ask him which category of threat a computer virus falls
under. He replies: ____.
a. necessity c. secrecy
b. integrity d. ephemeral
ANS: B PTS: 1 REF: WEB 327 TOP: Critical Thinking
72. Next, you ask Ian what category of threat encryption is meant to tackle, and which encryption method
works best on the Internet. He replies: ____ and ____.
a. necessity; symmetrical c. secrecy; symmetrical
b. integrity; asymmetrical d. necessity; symmetrical
ANS: C PTS: 1 REF: WEB 301 TOP: Critical Thinking
73. Impressed with Ian’s knowledge, you decide to test him further. You ask him what kind of software
tool or program is most helpful in defending against necessity attacks. He replies: ____.
a. packet sniffer c. ad blocker
b. script kiddie d. secret key
ANS: A PTS: 1 REF: WEB 311 TOP: Critical Thinking
74. Moving on, you ask Ian what type of computers commonly participate in a DDoS attacks. He answers
____.
a. zombies c. both a. and b.
b. bots d. neither a. nor b.
ANS: C PTS: 1 REF: WEB 310 TOP: Critical Thinking
75. Lastly, you ask Ian what it is about a digital sound or video file that permits steganography. Again, he
correctly responds that ____.
a. an individual sound or video file is usually broken up into many pieces on a hard drive
b. the steganographic mark can be seen or heard by other users as a means of free and fast
advertising
c. sound and video files contain portions of unused data where secret messages can be
hidden
d. none of the above
ANS: C PTS: 1 REF: WEB 309 TOP: Critical Thinking
Case 6-2
Heather’s friend recently had her identity stolen after accidentally responding to a phishing email.
Worried that it might happen to her, Heather has read up on how phishing attacks work. You come
over to help make sure she understands it.
76. You tell Heather, hypothetically, that an email was sent to her asking her to click the following URL
link: https://www.chase.com/customer/private@218.36.41.188/index.html. You ask her where this link
will take her. She replies: ____.
a. to the www.chase.com Web site, in the customer/private folder
b. to the www.chase.com main page
c. to the home page of a Web site with the URL 218.36.41.188
d. none of the above
ANS: C PTS: 1 REF: WEB 305 TOP: Critical Thinking
77. Next, you ask Heather whether it is safe to click a URL link in an email if there is no @ symbol
anywhere in it. She replies: ____.
a. yes, because the URL link will be legitimate
b. yes, because all email client software will alert users if a link points to a Web page with an
address other than that listed on the email
c. no, it is never OK ever to click a URL link in any email
d. that it is considered unsafe to click a URL link in an email unless you have previously
verified that the sender is who they say they are, and whom you trust
ANS: D PTS: 1 REF: WEB 303-305
TOP: Critical Thinking
78. You next hypothesize to Heather that she has clicked a URL link in an email, and a Web site has come
up that looks legitimate. Even the browser’s address bar has the correct URL in it. Should she consider
the site safe?
a. She should click the Reload or Refresh button once, and then consider the site safe.
b. She should immediately turn the computer off and reboot it. Again, she should never click
a URL link in any email ever.
c. She should still use extreme caution. Modern phishing programs are able to place a popup
with phony address information directly over a browser’s address bar.
d. none of the above
ANS: C PTS: 1 REF: WEB 303-305
TOP: Critical Thinking
79. Offhand, Heather asks you why this kind of attack was named “phishing” in the first place. You reply
that ____.
a. the first such attack was perpetrated against the band Phish in the 1990s, and the personal
information of several thousand fans was compromised
b. the attack “fishes” for information by masquerading as an email from someone known and
trustworthy
c. for the first few years, all such attacks seemed “fishy” to all but the most gullible
d. none of the above
ANS: B PTS: 1 REF: WEB 303 TOP: Critical Thinking
80. You feel that Heather knows her stuff. Before you leave, you remind her to visit the Web site that has
the most current, detailed information about phishing attacks, ____.
a. Phish Phinders c. the Anti-Phishing Working Group
b. Bephuddler Web-Safe d. Phishbait
ANS: C PTS: 1 REF: WEB 305 TOP: Critical Thinking
COMPLETION
1. The use of logical security techniques to protect data stored on computers is sometimes called
____________________.
ANS: decryption
ANS:
denial of service
DoS
ANS: distributed
7. A company can defend its Web server from DoS attacks by adding a DoS ____________________ to
monitor communication between the Web server and the router that connects it to the Internet.
ANS: filter
8. A(n) ____________________ examines the structure of the data elements that flow through a network
ANS: network
11. Users with Facebook accounts can “____________________” the Facebook Security page to make it
easy to view security updates when viewing their own pages.
ANS: like
12. With the popularity of sites that allow users to send very short updates of approximately
____________________ characters or less to their friends, the ability to abbreviate links to Web sites
has become a necessity.
ANS: 160
13. ____________________ components are Microsoft’s technology for writing small applications that
perform some action in Web pages.
ANS: ActiveX
15. A(n) ____________________ vendor does not inform the customer that the software he is providing
will track your use of the programs and of the Internet.
ANS: spyware
16. A Web client firewall might be a dedicated ____________________, or a program running on the
Web client computer.
ANS: open
ANS: password
19. A digital certificate contains verification from a trusted third party, called a(n)
____________________.
ANS:
certificate authority
CA
20. A server certificate ensures that transfer of data between a user’s computer and the server is
____________________ so that it is tamperproof and free from being intercepted.
ANS: encrypted
MATCHING
a. spoofing g. hacker
b. adware h. necessity
c. steganography i. authentication
d. spyware j. secrecy
e. port scan k. secret key
f. port l. password manager
1. people who write programs or manipulate technologies to obtain unauthorized access to computers
2. type of threat that permits data delays or denial
3. verifying the identity of a person
4. it permits traffic to leave and enter a computer
5. a component of asymmetric encryption
6. occurs when data is disclosed to an unauthorized party
7. hides encrypted messages within different types of files
8. many freeware and shareware programs are sold as this
9. user has no control over or knowledge of the ads
10. sending a message with the name of someone known in the From line
11. tests whether network traffic is filtered or not on a computer
12. stores login information in an encrypted form
1. ANS: G PTS: 1 REF: WEB 301
2. ANS: H PTS: 1 REF: WEB 300
3. ANS: I PTS: 1 REF: WEB 335
4. ANS: F PTS: 1 REF: WEB 334
5. ANS: K PTS: 1 REF: WEB 302
6. ANS: J PTS: 1 REF: WEB 300
7. ANS: C PTS: 1 REF: WEB 309
8. ANS: B PTS: 1 REF: WEB 328
9. ANS: D PTS: 1 REF: WEB 328
10. ANS: A PTS: 1 REF: WEB 303
11. ANS: E PTS: 1 REF: WEB 335
12. ANS: L PTS: 1 REF: WEB 335
ESSAY
1. Name and describe the three basic types of computer security threats.
ANS:
A secrecy threat permits unauthorized data disclosure and ensures the authenticity of the data’s source.
An integrity threat permits unauthorized data modification.
A necessity threat permits data delays (slowing down the transmission of data) or denials (preventing
data from getting to its destination).
2. Describe the terms cryptography, encryption, algorithm, and key and how they interact together to
secure information.
ANS:
The study of ways to secure information is called cryptography. Encryption is the most common
cryptographic process and the most widely used form of protection for data transmitted on any
network, including the Internet. Encryption is the process of coding information using an algorithm to
produce a string of characters that is unreadable. An algorithm is a formula or set of steps that solves a
particular problem; some algorithms also use a key, which is a fact that the encryption algorithm uses
as part of its formula.
3. What do DoS and DDoS stand for? Please describe each type of security attack?
ANS:
The most common necessity attack, called a denial-of-service (DoS) attack, occurs when an attacker
floods a computer, server, or network with messages with the goal of consuming the network’s
bandwidth resources and disabling its services and communications.
In a distributed denial-of-service (DDoS) attack, the attacker takes control of one or more computers
without the owner’s permission and uses those computers to launch a DoS attack on other computers,
servers, or networks. Most DDoS attacks are launched after the attacking computers are infected with
Trojan horse programs.