Wiretapping is incorrect because it is a computer crime. An unauthorized device is attached to a telecommunications circuit for the purpose of obtaining active and/or passive access. Eavesdropping is incorrect because it is a computer crime involving an unauthorized interception of information. Masquerading is incorrect because it is a computer crime, and it is an attempt to gain access to a computer system by posing as an authorized user.

166. Site licenses for buying off-the-shelf personal computer software provide many benefits to vendors and users alike. Which one of the following does not determine the need for site licenses?

a. The use of similar software for many computers

b. The availability of contract

c. The availability of de jure standards in place

d. The availability of de facto standards in place

166. b. Site licenses should be considered if an organization needs similar software for many computers, can afford procurement or can get a suitable site license, and has or needs standards (formal or informal) in place. Specific requirements and not the availability of a contract determine site licenses. It takes some effort to award a site license, but when used properly, a site license can provide savings in personnel resources and reduced prices. De jure standards are formal, whereas de facto standards are informal in nature.

167. Software site license contracts do not:

a. Increase support expenses

b. Improve management of software inventory

c. Facilitate centralized ordering

d. Streamline software distribution function

167. a. Software site licenses decrease support expenses due to economies of scale. For user organizations a site license permits using many copies of a software package at reduced cost and allows better management of the organization’s software inventory. For software vendors a site license can reduce marketing and distribution costs and provide predictable payments.

Site license contracts improve management of software inventories, centralize ordering, and streamline software distribution functions. Accurate inventories are important when ordering software upgrades, designing a local area network, and protecting against computer viruses. Centralized ordering and software distribution functions gain acceptance when they are shown to be advantageous to the organization. A benefit of site licensing is a standardized support, which reduces training and other support expenses, and is the easiest way to gain seamless and transparent sharing of information. The benefits of standardization include ease of information exchange, shared application processing, shared application development, and reduced training time and costs.

168. Which one of the following refers to striking a balance between an individual’s rights and controls over information about themselves?

a. Confidentiality

b. Privacy

c. Security

d. Integrity

168. b. Privacy is the right of an individual to limit access to information regarding that individual. Privacy refers to the social balance between an individual’s right to keep information confidential and the societal benefit derived from sharing information, and how this balance is codified to give individuals the means to control personal information. Safeguards that help ensure confidentiality of information can be used to protect personal privacy.

Confidentiality is incorrect because it refers to disclosure of information only to authorized individuals, entities, and so forth. Security is incorrect because it refers to the protection individual’s desire against unauthorized disclosure, modification, or destruction of information they consider private or valuable. Security and safeguards are often used interchangeably. Integrity is incorrect because it refers to the perfect condition that ensures that only authorized individuals changed the information.

169. Which of the following incident detection methods does not work well for all situations?

a. Intrusion detection software

b. Antivirus software

c. Log analyzers

d. User reports

169. d. Automated incident detection methods include intrusion detection software, whether network-based or host-based, antivirus software, and log analyzers. Incidents may also be detected through manual means, such as user reports, but they do not work well for all situations due to their being static in nature. Some incidents have overt signs that can be easily detected, whereas others are virtually undetectable without automation.

170. The person who most frequently reports illegal copying and use of vendor-developed PC-based software in an organization to either government officers or to the software vendor representative is:

a. Systems consultants

b. Software dealers

c. Hard disk loaders

d. Disgruntled employees

170. d. In a majority of cases (90-95 percent) illegal copying and use of software is reported by disgruntled employees. The other tips tend to come from systems consultants who work at client sites. Software dealers and hard disk loaders would not report because they are usually involved in illegal copying of the software for their customers.

171. Which of the following logs can be helpful in identifying sequences of malicious events?

a. Network-based security software logs

b. Host-based security software logs

c. Operating system logs

d. Application system logs

171. d. Application system logs generate highly detailed logs that reflect every user request and response, which can be helpful in identifying sequences of malicious events and determining their apparent outcome. For example, many Web, file transfer protocol (FTP), and e-mail servers can perform such application logging.

Both network-based and host-based security software logs contain basic security-related information such as user access profiles and access rights and permissions, which is not helpful in identifying sequences of malicious events. Operating system logs collect information on servers, workstations, and network connectivity devices (for example, routers and switches) that could be useful in identifying suspicious activity involving a particular host, but is not helpful in identifying sequences of malicious events.

172. A single and effective control procedure to detect illegal use of copyrighted software in the organization is to:

a. Send an electronic-mail questionnaire to all users.

b. Remind all users periodically not to use illegally obtained software.

c. Develop a software inventory management tool and periodically compare the inventory software list to company purchase orders.

d. Develop a software anti-piracy policy immediately and distribute to all users without fail.