File labels are incorrect because they verify internal file labels for tapes to ensure that the correct data file is used in the processing. Journaling is incorrect because it captures system transactions on a journal file so that recovery can be made should a system failure occur. Run-to-run control is incorrect because it verifies control totals resulting from one process or cycle to the subsequent process or cycle to ensure their accuracy.
158. Which of the following is not an example of denial-of-service attacks?
a. Flaw-based attacks
b. Information attacks
c. Flooding attacks
d. Distributed attacks
158. b. An information attack is not relevant here because it is too general. Flaw-based attacks take advantage of a flaw in the target system’s software to cause a processing failure, escalate privileges, or to cause it to exhaust system resources. Flooding attacks simply send a system more information than it can handle. A distributed attack is a subset of denial-of-service (DoS) attacks, where the attacker uses multiple computers to launch the attack and flood the system.
159. All the following are examples of technical controls for ensuring information systems security except:
a. User identification and authentication
b. Assignment of security responsibility
c. Access controls
d. Data validation controls
159. b. Assignment of security responsibility is a part of management controls. Screening of personnel is another example of management controls. The other three choices are part of technical controls.
160. Which of the following individuals or items cause the highest economic loss to organizations using computer-based information systems?
a. Dishonest employees
b. Disgruntled employees
c. Errors and omissions
d. Outsiders
160. c. Users, data entry clerks, system operators, and programmers frequently make errors that contribute directly or indirectly to security problems. In some cases, the error is the threat, such as a data entry error or a programming error that crashes a system. In other cases, the errors create vulnerabilities. Errors can occur during all phases of the system life cycle. Many studies indicate that 65 percent of losses to organizations are the result of errors and omissions followed by dishonest employees (13%), disgruntled employees (6%), and outsiders/hackers (3%).
161. Which one of the following situations renders backing up program and data files ineffective?
a. When catastrophic accidents happen
b. When disruption to the network occurs
c. When viruses are timed to activate at a later date
d. When backups are performed automatically
161. c. Computer viruses that are timed to activate at a later date can be copied onto the backup media thereby infecting backup copies as well. This makes the backup copy ineffective, unusable, or risky. Backups are useful and effective (i) in the event of a catastrophic accident, (ii) in case of disruption to the network, and (iii) when they are performed automatically. Human error is eliminated.
162. What does an ineffective local-area-network backup strategy include?
a. Backing up servers daily
b. Securing the backup workstations
c. Scheduling backups during regular work hours
d. Using file recovery utility programs
162. c. It is not a good operating practice to schedule backups during regular work hours because it interrupts the business functions. It is advised to schedule backups during off hours to avoid file contention (when files are open and the backup program is scheduled to run). As the size and complexity of local-area networks (LANs) increase, backups have assumed greater importance with many options available. It is a common practice to back up servers daily, taking additional backups when extensive database changes occur. It is good to secure the backup workstations to prevent interruption of backup processes that can result in the loss of backup data. It is a better practice to use the network operating system’s file recovery utility for immediate restoration of accidentally deleted files before resorting to the time consuming process of file recovery from backup tapes.
163. Which one of the following types of restores is used when performing system upgrades and reorganizations?
a. Full restores
b. Individual file restores
c. Redirected restores
d. Group file restores
