chapter 9

Accounting Information Systems, 12e (Romney/Steinbart)
Chapter 9 Information Systems Controls for Systems ReliabilityPart 2: Confidentiality and
Privacy
1) Concerning virtual private networks (VPN), which of the following is not true?
A) VPNs provide the functionality of a privately owned network using the nternet!
") #sing VPN software to encrypt infor$ation while it is in transit over the nternet in effect creates
private co$$unication channels, often referred to as tunnels, which are accessi%le only to those parties
possessing the appropriate encryption and decryption keys!
C) &he cost of the VPN software is $uch less than the cost of leasing or %uying the infrastructure
(telephone lines, satellite links, co$$unications e'uip$ent, etc!) needed to create a privately owned
secure co$$unications network!
() t is $ore e)pensive to reconfigure VPNs to include new sites than it is to add or re$ove the
corresponding physical connections in a privately owned network!
Answer* (
Page +ef* ,-.
/%0ective* 1earning /%0ective 2
(ifficulty * 3oderate
AAC4"* Analytic
,) 5hich of the following is not associated with asy$$etric encryption?
A) No need for key e)change
") Pu%lic keys
C) Private keys
() 4peed
Answer* (
Page +ef* ,-6
/%0ective* 1earning /%0ective 2
(ifficulty * 7asy
AAC4"* Analytic
2) &he syste$ and processes used to issue and $anage asy$$etric keys and digital certificates are
known as
A) asy$$etric encryption!
") certificate authority!
C) digital signature!
() pu%lic key infrastructure!
Answer* (
Page +ef* ,-,
/%0ective* 1earning /%0ective 2
(ifficulty * 3oderate
AAC4"* Analytic
1
Copyright 8 ,61, Pearson 7ducation, nc! pu%lishing as Prentice 9all
.) 5hich of the following descri%es one weakness of encryption?
A) 7ncrypted packets cannot %e e)a$ined %y a firewall!
") 7ncryption protects the confidentiality of infor$ation while in storage!
C) 7ncryption protects the privacy of infor$ation during trans$ission!
() 7ncryption provides for %oth authentication and non:repudiation!
Answer* A
Page +ef* ,-.
/%0ective* 1earning /%0ective 2
(ifficulty * 3oderate
AAC4"* Analytic
;) #sing a co$%ination of sy$$etric and asy$$etric key encryption, Chris <ai sent a report to her
ho$e office in 4yracuse, New =ork! 4he received an e$ail acknowledge$ent that the docu$ent had
%een received and then, a few $inutes later, she received a second e$ail that indicated that the hash
calculated fro$ the report differed fro$ that sent with the report! &his $ost likely e)planation for this
result is that
A) the pu%lic key had %een co$pro$ised!
") the private key had %een co$pro$ised!
C) the sy$$etric encryption key had %een co$pro$ised!
() the asy$$etric encryption key had %een co$pro$ised!
Answer* C
Page +ef* ,-1
/%0ective* 1earning /%0ective 2
(ifficulty * (ifficult
AAC4"* Analytic
-) 7ncryption has a re$arka%ly long and varied history! &he invention of writing was apparently soon
followed %y a desire to conceal $essages! /ne of the earliest $ethods, attri%uted to an ancient +o$an
e$peror, was the si$ple su%stitution of nu$%ers for letters, for e)a$ple A > 1, " > ,, etc! &his is an
e)a$ple of
A) a hashing algorith$!
") sy$$etric key encryption!
C) asy$$etric key encryption!
() a pu%lic key!
Answer* "
Page +ef* ,-6
/%0ective* 1earning /%0ective 2
(ifficulty * 3oderate
AAC4"* Analytic
?) An electronic docu$ent that certifies the identity of the owner of a particular pu%lic key!
A) Asy$$etric encryption
") (igital certificate
C) (igital signature
() Pu%lic key
Answer* "
Page +ef* ,-,
/%0ective* 1earning /%0ective 2
(ifficulty * 3oderate
AAC4"* Analytic
,
Copyright 8 ,61, Pearson 7ducation, nc! pu%lishing as Prentice 9all
@) &hese syste$s use the sa$e key to encrypt and to decrypt!
A) Asy$$etric encryption
") 9ashing encryption
C) Pu%lic key encryption
() 4y$$etric encryption
Answer* (
Page +ef* ,-6
/%0ective* 1earning /%0ective 2
(ifficulty * 7asy
AAC4"* Analytic
A) &hese are used to create digital signatures!
A) Asy$$etric encryption and hashing
") 9ashing and packet filtering
C) Packet filtering and encryption
() 4y$$etric encryption and hashing
Answer* A
Page +ef* ,-1
/%0ective* 1earning /%0ective 2
(ifficulty * 3oderate
AAC4"* Analytic
16) nfor$ation encrypted with the creatorBs private key that is used to authenticate the sender is
A) asy$$etric encryption!
") digital certificate!
C) digital signature!
() pu%lic key!
Answer* C
Page +ef* ,-1
/%0ective* 1earning /%0ective 2
(ifficulty * 3oderate
AAC4"* Analytic
11) 5hich of the following is not one of the three i$portant factors deter$ining the strength of any
encryption syste$?
A) <ey length
") <ey $anage$ent policies
C) 7ncryption algorith$
() Privacy
Answer* (
Page +ef* ,;A
/%0ective* 1earning /%0ective 2
(ifficulty * 7asy
AAC4"* Analytic
2
Copyright 8 ,61, Pearson 7ducation, nc! pu%lishing as Prentice 9all
1,) A process that takes plainte)t of any length and transfor$s it into a short code!
A) Asy$$etric encryption
") 7ncryption
C) 9ashing
() 4y$$etric encryption
Answer* C
Page +ef* ,-6
/%0ective* 1earning /%0ective 2
(ifficulty * 3oderate
AAC4"* Analytic
12) 5hich of the following descriptions is not associated with sy$$etric encryption?
A) A shared secret key
") Caster encryption
C) 1ack of authentication
() 4eparate keys for each co$$unication party
Answer* C
Page +ef* ,-6
/%0ective* 1earning /%0ective 2
(ifficulty * 3oderate
AAC4"* Analytic
1.) 7ncryption has a re$arka%ly long and varied history! 4pies have %een using it to convey secret
$essages ever since there were secret $essages to convey! /ne powerful $ethod of encryption uses
rando$ digits! &wo docu$ents are prepared with the sa$e rando$ se'uence of nu$%ers! &he spy is sent
out with one and the spy $aster retains the other! &he digits are used as follows! 4uppose that the word
to %e encrypted is 4P= and the rando$ digits are 2;,! &hen 4 %eco$es V (three letters after 4), P
%eco$es # (five letters after P), and = %eco$es A (two letters after =, restarting at A after D)! &he spy
would encrypt a $essage and then destroy the docu$ent used to encrypt it! &his is an early e)a$ple of
A) a hashing algorith$!
") asy$$etric key encryption!
C) sy$$etric key encryption!
() pu%lic key encryption!
Answer* C
Page +ef* ,-6
/%0ective* 1earning /%0ective 2
(ifficulty * 3oderate
AAC4"* Analytic
1;) /ne way to circu$vent the counterfeiting of pu%lic keys is %y using
A) a digital certificate!
") digital authority!
C) encryption!
() cryptography!
Answer* A
Page +ef* ,-,
/%0ective* 1earning /%0ective 2
(ifficulty * 7asy
AAC4"* Analytic
.
Copyright 8 ,61, Pearson 7ducation, nc! pu%lishing as Prentice 9all
1-) n a private key syste$ the sender and the receiver have EEEEEEEE, and in the pu%lic key syste$
they have EEEEEEEE!
A) different keysF the sa$e key
") a decrypting algorith$F an encrypting algorith$
C) the sa$e keyF two separate keys
() an encrypting algorith$F a decrypting algorith$
Answer* C
Page +ef* ,-6
/%0ective* 1earning /%0ective 2
(ifficulty * 7asy
AAC4"* Analytic
1?) Asy$$etric key encryption co$%ined with the infor$ation provided %y a certificate authority
allows uni'ue identification of
A) the user of encrypted data!
") the provider of encrypted data!
C) %oth the user and the provider of encrypted data!
() either the user or the provider of encrypted data!
Answer* (
Page +ef* ,-,
/%0ective* 1earning /%0ective 2
(ifficulty * 3oderate
AAC4"* Analytic
1@) 5hich of the following is not one of the 16 internationally recogniGed %est practices for protecting
the privacy of custo$ersB personal infor$ation?
A) Providing free credit report $onitoring for custo$ers
") nfor$ custo$ers of the option to opt:out of data collection and use of their personal infor$ation
C) Allow custo$ersB %rowsers to decline to accept cookies
() #tiliGe controls to prevent unauthoriGed access to, and disclosure of, custo$ersB infor$ation
Answer* A
Page +ef* ,;-:,;?
/%0ective* 1earning /%0ective ,
(ifficulty * 3oderate
AAC4"* Analytic
1A) /n 3arch 2, ,66@, a laptop co$puter %elonging to Colding 4'uid &echnology was stolen fro$ the
trunk of Hiao HanBs car while he was attending a conference in Cleveland, /hio! After reporting the theft,
Hiao considered the i$plications of the theft for the co$panyBs network security and concluded there was
nothing to worry a%out %ecause
A) the co$puter was protected %y a password!
") the co$puter was insured against theft!
C) it was unlikely that the thief would know how to access the co$pany data stored on the co$puter!
() the data stored on the co$puter was encrypted!
Answer* (
Page +ef* ,;@
/%0ective* 1earning /%0ective 2
(ifficulty * 7asy
AAC4"* Analytic
;
Copyright 8 ,61, Pearson 7ducation, nc! pu%lishing as Prentice 9all
,6) Heff (avis took a call fro$ a client! IHeff, need to interact online and real ti$e with our affiliate in
ndia, and want to $ake sure that our co$$unications arenBt intercepted! 5hat do you suggest?I Heff
responded I&he %est solution will %e to i$ple$ent
A) a virtual private network!I
") a private cloud environ$ent!I
C) an asy$$etric encryption syste$ with digital signatures!I
() $ultifactor authentication!I
Answer* A
Page +ef* ,-.
/%0ective* 1earning /%0ective 2
(ifficulty * 3oderate
AAC4"* Analytic
,1) n developing policies related to personal infor$ation a%out custo$ers, Colding 4'uid &echnologies
adhered to the &rust 4ervices fra$ework! &he standard applica%le to these policies is
A) security!
") confidentiality!
C) privacy!
() availa%ility!
Answer* C
Page +ef* ,;.
/%0ective* 1earning /%0ective ,
(ifficulty * 7asy
AAC4"* Analytic
,,) Heff (avis took a call fro$ a client! IHeff, need for $y custo$ers to $ake pay$ents online using
credit cards, %ut want to $ake sure that the credit card data isnBt intercepted! 5hat do you suggest?I
Heff responded I&he %est solution will %e to i$ple$ent
A) a virtual private network!I
") a private cloud environ$ent!I
C) an encryption syste$ with digital signatures!I
() a data $asking progra$!I
Answer* C
Page +ef* ,-1
/%0ective* 1earning /%0ective ,
(ifficulty * 3oderate
AAC4"* Analytic
-
Copyright 8 ,61, Pearson 7ducation, nc! pu%lishing as Prentice 9all
,2) (escri%e so$e steps you can take to $ini$iGe your risk of identify theft!
Answer* 4hred docu$ents containing personal infor$ation! Never send personally identifying
infor$ation in unencrypted e$ail! "eware of e$ailJphoneJprint re'uests to verify personal infor$ation
that the re'uesting party should already possess! (o not carry your social security card with you! Print
only your initials and last na$e on checks! 1i$it the a$ount of other infor$ation preprinted on checks!
(o not use your $ail%o) for outgoing $ail! (o not carry $ore than a few %lank checks with you! #se
special software to digitally clean any digital $edia prior to disposal! 3onitor your credit cards
regularly! Cile a police report as soon as you discover a purse or wallet $issing! 3ake photocopies of
driverBs license, passports and credit cards and keep in a safe location! $$ediately cancel any stolen or
lost credit cards!
Page +ef* ,;-
/%0ective* 1earning /%0ective ,
(ifficulty * 3oderate
AAC4"* Analytic
,.) (escri%e sy$$etric encryption and identify three li$itations!
Answer* 4y$$etric encryption syste$s use the sa$e key to encrypt and decrypt data! 4y$$etric
encryption is $uch faster than asy$$etric encryption, %ut the sender and receiver need to know the
shared secret key, which re'uires a different secure $ethod of e)changing the key! Also, different secret
keys $ust %e used with each different co$$unication party! Cinally, there is no way to prove who
created a specific docu$ent!
Page +ef* ,-6
/%0ective* 1earning /%0ective 2
(ifficulty * 3oderate
AAC4"* Analytic
?
Copyright 8 ,61, Pearson 7ducation, nc! pu%lishing as Prentice 9all