Chapter 17

For Exercises 1-27, mark the answers true or false as follows: A. True B. False Information integrity ensures that data can be modified only by appropriate mechanisms.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False Pairing threats with vulnerabilities is a part of risk analysis.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False Biometrics is a type of user authentication that relies on the user having a smart card or a card with a readable magnetic strip.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False A password should not resemble anything that looks like a word or phrase in a language that humans speak.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False CAPTCHA is a software mechanism that authenticates a particular user before allowing him or her to post a comment to a blog.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False The reCAPTCHA project serves a secondary purpose-to help digitize books.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False The Touch ID biometric system uses retinal scans for user validation.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False A computer virus "infects" another program by embedding itself into that program.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False The terms "Trojan horse" and "worm" are used interchangeably to describe a particular category of malicious code.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False A logic bomb is set to go off when a particular system event occurs, such as a particular date and time.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False Antivirus software is not effective against non-virus types of malware.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False A password-guessing program uses dictionaries to try thousands of potential passwords each second.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False Phishing is a technique that uses deceptive emails and websites to obtain user information, such as usernames and passwords.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False A back door threat is implemented by a programmer of the system under attack.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False A denial-of-service attack does not directly corrupt data.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False Decryption is the process of converting plaintext into ciphertext.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False A cipher is an algorithm used to encrypt and decrypt text.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False A transposition cipher is an example of modern cryptography.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False In public-key cryptography, each user has two related keys, one public and one private.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False A digital signature allows the recipient to verify that the message truly originates from the stated sender.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False The Internet can create a false sense of anonymity.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False A website's security policy describes the constraints and behaviors that an organization embraces regarding information management.

For Exercises 1-27, mark the answers true or false as follows: A. True B. False Many mobile phones collect and store location data that can then be read and used by third parties, such as law enforcement.

Exercises 28-55 are problems or shortanswer questions. What is the CIA triad of information security?

Exercises 28-55 are problems or shortanswer questions. Other than those presented in this chapter, give three examples of data integrity violations.

Exercises 28-55 are problems or shortanswer questions. List at least four guidelines related to password creation and management.

Exercises 28-55 are problems or shortanswer questions. Is "diningroom" a good password? Why or why not?

Exercises 28-55 are problems or shortanswer questions. Is "fatTony \(99^{\prime \prime}\) a good password? Why or why not?

Exercises 28-55 are problems or shortanswer questions. What is password management software?

Exercises 28-55 are problems or shortanswer questions. What is the goal of a CAPTCHA interaction?

Exercises 28-55 are problems or shortanswer questions. What is Apple's Touch ID technology used for?

Exercises 28-55 are problems or shortanswer questions. What do we mean when we say a computer virus is self-replicating?

Exercises 28-55 are problems or shortanswer questions. Describe the two techniques used by antivirus software to identify malware.

Exercises 28-55 are problems or shortanswer questions. Describe a hypothetical scenario, other than the one described in this chapter, of a phishing attack.

Exercises 28-55 are problems or shortanswer questions. Describe how a Trojan horse attacks a computer system.

Exercises 28-55 are problems or shortanswer questions. Describe a buffer overflow and how it might make a computer system vulnerable.

Exercises 28-55 are problems or shortanswer questions. How does a man-in-the-middle attack work?

Exercises 28-55 are problems or shortanswer questions. Using a Caesar cipher, shifting three letters to the right, encrypt the message "WE ESCAPE TONIGHT."

Exercises 28-55 are problems or shortanswer questions. Describe how Claire would send a message to David using public-key encryption.

Exercises 28-55 are problems or shortanswer questions. What is a digital signature?

Exercises 28-55 are problems or shortanswer questions. What does a website's security policy describe?

Exercises 28-55 are problems or shortanswer questions. What is GPS? How is it used to support cell phone applications?

Exercises 28-55 are problems or shortanswer questions. Which abuses are possible given the current state of cell phone data collection?

Exercises 28-55 are problems or shortanswer questions. What is a wiki?

Exercises 28-55 are problems or shortanswer questions. What is WikiLeaks? Is it a wiki?

Exercises 28-55 are problems or shortanswer questions. Who is Julian Assange?