True/False
Indicate whether the sentence or statement is true or false.
1.
The payment of a bribe is still a crime even if the payment was lawful under the laws of the foreign country in which it was paid.
2.
It is not permissible under the FCPA to pay an official to perform some official function faster.
3.
One reason companies are motivated to build a strong ethics program is to avoid negative publicity.
4.
Stakeholders can only include those directly involved in an issue.
5.
21 percent of the policies in existence in 1987 showed board involvement, and participation had increased by 2000.
6.
In a public audit, companies identify ethical lapses committed in the past and take actions to avoid similar mistakes in the future.
7.
Virtue ethics is a philosophical approach to ethical decision-making that focuses on how we ought to behave and how we should think about relationships if we are concerned with our daily life in a community.
8.
The goal of the utilitarian approach of ethical decision-making is to find the single greatest good to benefit the interests of the organization primary stakeholders.
9.
The fairness approach to ethical decision-making is the one that treats everyone the same and shows no favoritism or discrimination.
10.
Operating ethically always guarantees business success to any organization anywhere in the world.
11.
A problem area of IT professional-client ethics is the tactic of IT consultants or auditors recommending their own products and/or services or those of an affiliated vendor to remedy a problem they have detected.
12.
Professionals feel a degree of loyalty to the other members of their profession. As a result, they are slow to criticize one another in public.
13.
We can expect a professional code of ethics to provide the complete answer, because a code can be the definitive collection of behavioral standards.
14.
The trend in IT certification is toward a broadening from purely technical content to a mix of technical, business, and behavioral competencies.
15.
Great Britain and the Canadian provinces of Ontario and British Columbia have not adopted licensing for software engineers.
16.
The AITP standards of conduct have often been used to censure practicing IT professionals.
17.
A breach of duty may only consist of an action, and not a failure to act.
18.
It is piracy when an IT employee brings home a software package from work and loads onto his/her personal computer at home.
19.
A firewall can serve as an effective barrier to incoming e-mail from certain Web sites, companies, or individuals.
20.
A professional is someone who requires advanced training and experience, must exercise discretion and judgment in the course of his or her work, and whose work cannot be standardized.
21.
The IT professional-employer relationship is usually a stable relationship that requires little effort by the involved parties to maintain.
22.
The "Deceptive Duo" were cyberterrorists seeking to cause destruction in order to bring attention to their cause.
23.
Two of the most widely used anti-virus software products are Norton Antivirus from Norton and Dr. Soloman's Antivirus from McAfee.
24.
It is said that the more complex a system becomes, the more vulnerable it is to an attack.
25.
Security incidents can take many forms, but one of the most frequent kinds of incident is an attack on a networked computer from a malicious insider.
26.
Most security experts recommend against giving out specific information about a compromise in public forums such as news reports, conferences, professional meetings, and online discussion groups.
27.
A denial-of-service attack requires a break-in at the target computer before it can cause any real harm to the target site.
28.
Corporations with an Internet connection can ensure that spoofed packets don't leave their corporate network using a process called ingress filtering.
29.
Since hackers break into systems to just "look around", they never cause any real damage that is irreparable.
30.
Obtaining title to property through deception or trickery constitutes the crime of criminal fraud.
Multiple Choice
Identify the letter of the choice that best completes the statement or answers the question.
31.
Ethical behavior refers to behavior that conforms to generally accepted social ____.
a. | discrepancies |
b. | norms |
c. | outcasts |
d. | classes |
32.
____ are habits that incline us to do what is acceptable and ____ are habits that incline us to do what is unacceptable.
a. | Voluntary habits, involuntary habits |
b. | Virtues, vices |
c. | Conditioned habits, unconditioned habits |
d. | Learned, innate |
33.
____ is the product of multiplying the likelihood of a negative event happening by the impact of such an event happening.
a. | Tangent |
b. | Net |
c. | Loss |
d. | Risk |
34.
In 1991, the United States Justice Department published sentencing guidelines that suggested more lenient treatment for convicted corporate executives if their companies had ____.
a. | fired the corporate executives responsible for the actions |
b. | encouraged the employee responsible to turn himself/herself to the authority |
c. | caught the employee responsible for accounting malpractice |
d. | established ethics programs |
35.
Fines can be lowered by as much as ____ percent if the organization has implemented an ethics management program and cooperates with authorities.
36.
Penalties for violating the FCPA are quite severe. For corporations, it is up to $____ million per violation.
37.
Which of the following is a problem associated with the utilitarian approach?
a. | It is often difficult, if not impossible, to measure and compare the values of certain benefits and costs. |
b. | It doesn't provide much of a guide for action. |
c. | It is difficult to agree on a common set of values and goals. |
d. | Decisions made with this approach can be influenced by personal biases toward a particular group, and the decision-maker may not even realize it. |
38.
Which of the following is a problem associated with the virtue ethics approach?
a. | It is often difficult, if not impossible, to measure and compare the values of certain benefits and costs. |
b. | It doesn't provide much of a guide for action. |
c. | It is difficult to agree on a common set of values and goals. |
d. | Decisions made with this approach can be influenced by personal biases toward a particular group, and the decision-maker may not even realize it. |
39.
Which of the following approaches is based on a vision of society as a community whose members work together to achieve a common set of values and goals?
a. | Virtue ethics |
b. | Utilitarian |
c. | Fairness |
d. | Common good |
40.
Which of the following approaches focuses on how fairly our actions and policies distribute benefits and burdens among those affected by the decision?
a. | Virtue ethics |
b. | Utilitarian |
c. | Fairness |
d. | Common good |
41.
Which of the following actions is taken by corporations to reduce business ethics risks?
a. | Appoint a corporate ethics officer |
b. | Establish a corporate code of conduct |
c. | Set ethical standards at a high organizational level |
d. | All of the above |
42.
Why are corporations interested in fostering good business ethics?
a. | To protect the company and its employees from legal action |
b. | To create an organization that operates consistently |
c. | To avoid negative publicity |
d. | All of the above |
43.
A person's virtues and vices help define that person's ____, the complex scheme of moral values by which one chooses to live.
a. | social class |
b. | value system |
c. | upbringing |
d. | natural inclination |
44.
One approach to acting with ____ is to extend to all persons the same respect and consideration that you yourself desire.
a. | consistency |
b. | fairness |
c. | integrity |
d. | compassion |
45.
The United States ____ makes it a crime to bribe a foreign official, a foreign political party official, or a candidate for foreign political office.
46.
A firm's business practices and its accounting information systems are frequently audited by ____ to ensure that they meet certain accounting standards.
a. | its accounting department |
b. | its CEO |
c. | its internal auditors |
d. | both internal and outside auditors |
47.
The FCPA ____ facilitating payments that are made for routine government actions, such as obtaining permits or licenses.
a. | recommends |
b. | regulates |
c. | forbids |
d. | permits |
48.
Which one of the following actions is NOT permissible under FCPA?
a. | Paying an official to speed up official functions |
b. | Submitting payments to obtain permits or licences |
c. | Giving a gift in such a way as to make the recipient feel obligated to alter his or her behavior in some way favorable to the donor |
d. | Submitting payments to provide phone services, power, or water supplies |
49.
Which one of the following statements is NOT true with bribes?
a. | Bribes are usually made directly from donor to recipient. |
b. | Bribes are often made indirectly through a third party. |
c. | Bribes encourage an obligation for the recipient to alter his or her behavior in some way favorable to the donor. |
d. | Bribes are made in secret as they are neither legally nor morally acceptable. |
50.
The ____ officer is a senior-level manager responsible for improving the ethical behavior of the members of an organization.
a. | human resources |
b. | corporate ethics |
c. | accounting |
d. | corporate development |
51.
For a company code of conduct of ethics to be acceptable company wide, it must be ____.
a. | formulated with employee participation |
b. | fully endorsed by the company leaders |
c. | accessible by employees, shareholders, business partners, and the public |
d. | All of the above |
52.
Trade secrets can include which of the following items?
a. | The design of new software code |
b. | Hardware designs |
c. | Business plans |
d. | All of the above |
53.
The goal of whistle-blowing is to ____.
a. | fix a serious problem when working within the company to address the issue that has failed |
b. | cut down spending |
c. | make sure customer requirements are met |
d. | put together retirement plans for employees |
54.
ACM stands for ____.
a. | Allocated Cache Memory |
b. | Abnormal Computing Measurement |
c. | Association for Computing Machinery |
d. | Academy of Computing Mechanics |
55.
ACM's newest publication, Ubiquity, is a(n) ____ magazine.
a. | forum and opinion |
b. | research oriented |
c. | computing guideline |
d. | employment advertisement |
56.
ACM does NOT offer which of the following services?
a. | a forum and opinion magazine |
b. | digital library of bibliographic information, citations, articles, and journals |
c. | comprehensive news-gathering service |
d. | insurance for IT professional against legal lawsuits |
57.
What is AITP's mission?
a. | To provide superior leadership and education in information |
b. | To prevent software piracy |
c. | To prevent accounting malpractice |
d. | To ensure IT professionals' benefits |
58.
Which of the following was NOT one of the initial recommendations made by the Joint Steering Committee for the Establishment of Software Engineering as a Profession?
a. | Define ethical standards |
b. | Define the required body of knowledge and recommended practices in software engineering |
c. | Define appropriate curricula to acquire the body of knowledge |
d. | Define the format and guidelines for scientific publications |
59.
Because certification ____, hiring managers have become rather cynical on the subject.
a. | is no substitute for experience |
b. | takes too long to complete |
c. | uses different standards |
d. | costs too much |
60.
People who were MCSE certified and trained on the Windows NT 4.0 operating system generally ____ for newer operating systems when they became available.
a. | paid a fee to upgrade their certification |
b. | went through a recertification process |
c. | took the certification exam over |
d. | are automatically certified |
61.
____ refers to the obligation that we not cause any unreasonable harm or risk of harm to others.
a. | Integrity |
b. | Honesty |
c. | Duty of care |
d. | Welfare |
62.
The courts decide whether a duty of care is owed in specific cases by applying a(n) ____ person standard.
a. | average |
b. | reasonable |
c. | respectable |
d. | common |
63.
Defendants with a particular expertise or competence are measured against a reasonable ____ standard.
a. | labor |
b. | employment |
c. | duty |
d. | professional |
64.
Software engineers cannot be subject to malpractice lawsuits because ____.
a. | software engineering is not a uniformly licensed profession in the United States |
b. | software companies often have engineers residing in different states |
c. | software engineers often share responsibility in the compilation of a product |
d. | All of the above |
65.
The ASQC certification requirements include ____ years of professional experience with at least three years in a decision-making position.
66.
Licensing is a process generally administered at the ____ level in the United States.
a. | regional |
b. | state |
c. | county |
d. | city |
67.
____ is a process that one undertakes voluntarily to prove competency in a set of skills.
a. | Examination |
b. | Certification |
c. | Assessment |
d. | Categorization |
68.
Certifications granted by industry associations generally ensure a certain level of experience and ____ than vendor certifications.
a. | are more expensive to obtain |
b. | a broader perspective |
c. | take longer to obtain |
d. | require more years of experience |
69.
The IT professional must ____.
a. | understand the needs and capabilities of the user |
b. | establish an environment supportive of ethical behavior by the user |
c. | develop or help establish an effective system usage policy for users |
d. | All of the above |
70.
Which of the following is a typical ethical issue or problem of the IT professional-client relationship?
a. | Project status reports may be less than fully accurate |
b. | IT professionals fail to recommend services/products supplied by affiliated vendors |
c. | Contractual failure penalties are not substantial enough |
d. | All of the above |
71.
Which of the following CANNOT be blocked with the installation of a firewall?
a. | Instant messaging |
b. | Denial-of-service attacks |
c. | Access to newsgroups |
d. | Web sites with violent content |
72.
To find a virus, an anti-virus software would scan for a specific sequence of bytes, known as the virus ____.
a. | definition |
b. | signature |
c. | address |
d. | string |
73.
Which of the following was able to escape harm from the ILOVEYOU bug?
a. | British Parliament |
b. | U.S. Senate |
c. | Pentagon |
d. | None of the above |
74.
Code Red, SirCam, and Nimda are ____ that resulted in over $500 million in damages in 2001.
a. | viruses |
b. | worms |
c. | Trojan horses |
d. | denial-of-service attacks |
75.
When a charge is made fraudulently in a retail store, who must pay the fraudulent charges?
a. | The bank that issued the credit card |
b. | The owner of the card |
c. | The thief using the card |
d. | The Federal Trade Commission |
76.
A high rate of disputed transactions, known as ____, can greatly reduce a Web merchant's profit margin.
a. | false returns |
b. | irreconcilables |
c. | challengebacks |
d. | chargebacks |
77.
One security technique for reducing the potential for online credit card fraud is to ask for a(n) ____, which is the three-digit number above the signature panel on the back of a credit card.
a. | card verification value (CVV) |
b. | security access number (ASN) |
c. | identity verification value (IVV) |
d. | cardholder security code (CSC) |
78.
Where are smart cards most widely used?
a. | Asia |
b. | United States |
c. | Europe |
d. | Canada |
79.
It is crucial that anti-virus software be continually updated with the latest virus detection information, called ____.
a. | signatures |
b. | classification codes |
c. | catalogues |
d. | definitions |
80.
Installation of a(n) ____ is the most common security precaution taken by businesses.
a. | smart memory card |
b. | address verification system |
c. | encryption software |
d. | corporate firewall |
81.
Cute.exe is an example of a ____.
a. | worm |
b. | virus |
c. | Trojan horse |
d. | denial-of-service attack |
82.
____ viruses have become the most common and easily created viruses. These viruses can use Visual Basic or VBScript to create programs that infect documents and templates.
a. | Macro |
b. | Payload |
c. | Zombie |
d. | Script |
83.
Which of the following can propagate without human intervention?
a. | A worm |
b. | A virus |
c. | A Trojan horse |
d. | None of the above |
84.
A well-trained and well-funded perpetrator of computer crime who is willing to take minimal risk, and attacks infrequently fits most closely with the classification of a(n) ____.
a. | hacker |
b. | cracker |
c. | industrial spy |
d. | insider |
85.
Most frauds that occur within an organization are discovered by ____.
a. | chance and by outsiders |
b. | internal control procedures |
c. | the network administrator |
d. | higher management |
86.
The Identity Theft and Assumption Deterrence Act of 1998 criminalizes identity fraud, making it a federal felony punishable by a prison sentence ranging from ____.
a. | three to five years |
b. | three to twenty-five years |
c. | three to fifteen years |
d. | three to ten years |
87.
Which of the following items sold by online merchants is LEAST susceptible to credit card fraud?
a. | Jewelry |
b. | Downloadable software |
c. | Electronics |
d. | Clothing |
88.
In April 2002, computer hackers calling themselves the "Deceptive Duo" announced that they had begun their mission of breaking into computer systems to ____.
a. | call attention to vulnerabilities in the United States national security |
b. | identify various approaches to reducing online credit card fraud |
c. | protest the NATO bombings in Kosovo |
d. | prove that it is easy to deceive intruders with a honeypot |
89.
Which of the following are actions that can reduce the threat of attack by malicious insiders?
a. | Promptly delete the login IDs and passwords of departing employees |
b. | Create roles and user accounts so that users have the authority to perform their responsibilities and no more |
c. | Rotate people in sensitive positions |
d. | All of the above |
90.
A response plan should be developed well in advance of any incident and be approved by both the ____ and senior management.
a. | system administrator |
b. | legal department |
c. | network administrator |
d. | board of directors |