What is the meaning of morals in the context of ethical judgment?
a) A habit that inclines an individual to do what is generally unacceptable
b) The code of behavior defined by a group an individual belongs to
c) The personal principles that determine what an individual considers to be right or wrong
d) A habit that inclines an individual to do what is generally acceptable
c) The personal principles that determine what an individual considers to be right or wrong
Morals are the personal principles that determine what an individual considers to be right or wrong.
What is the primary goal for a supply chain relating to corporate social responsibility (CSR)?
a) Sustainability
b) Efficiency
c) Maximum profitability
d) Immediate availability
a) Sustainability
The primary objective of a supply chain in the context of CSR is its sustainability.
Which factor is primarily used by deontology to evaluate morality of human actions?
a) Outcome
b) Duty
c) Cost-benefit analysis
d) Norms of a person’s culture
b) Duty
According to deontology, morality is evaluated based on duty, without considering probable outcomes or consequences.
Which part of the decision-making process involves defining a transition plan?
a) Implementing the decision
b) Choosing alternatives
c) Identifying alternatives
d) Developing a problem statement
a) Implementing the decision
Implementing the decision involves defining a transition plan.
Which measure of the confidentiality, integrity, and availability (CIA) triad should be used by IT professionals at the organization level to supply validation of non-repudiation regarding data access in IT?
a) Data encryption
b) Security audit
c) Antivirus software
d) Intrusion detection
b) Security audit
A security audit is an organization-level measure of the CIA triad that supplies validation of non-repudiation regarding data access in IT.
An IT professional wants the proper credentials and knowledge that is required to collect data from devices affected by cyberattacks to ensure such data would be admissible as evidence in a court of law.
Which certification should the IT professional obtain?
a) Certified Computer Examiner
b) Certified Security Analyst
c) CompTIA Security+
d) Certified Analytics Professional
a) Certified Computer Examiner
Certified Computer Examiner is a certification in the field of computer forensics. It confirms that a person has the skills required to collect data from devices affected by cyberattacks in the manner that ensures such data is admissible as evidence in a court of law.
What are TWO reasons why professional codes of ethics in IT are important?
a) They identify the acceptable behaviors for interacting with customers.
b) They identify the unacceptable behaviors for interacting with customers.
c) They enforce desired conduct through penalties such as imprisonment and loss of civil rights.
d) They enforce desired conduct through penalties such as the loss of the right to practice.
a) They identify the acceptable behaviors for interacting with customers.
b) They identify the unacceptable behaviors for interacting with customers.
Professional codes of ethics within IT find the acceptable behaviors for interacting with customers. Professional codes of ethics within IT find the unacceptable behaviors for interacting with customers.
What are TWO main elements of a professional code of ethics in IT?
a) Core values
b) Common beliefs
c) Primary responsibilities
d) Criminal penalties
a) Core values
b) Common beliefs**
In IT, a professional code of ethics includes core values and common beliefs that serve as guidelines for ethical decision-making. In IT, a professional code of ethics provides guidance in addressing primary responsibilities in an ethical manner, but it does not cover these responsibilities.
Which scenario may create a conflict of interest between IT workers and clients?
a) A consulting firm that provides security services publicly discloses a flaw in software made by another company.
b) A consulting firm that provides audit services is conducting an independent security audit for a company and is recommending remediation methods.
c) A consulting firm that provides audit services contacts another company privately about a flaw in the company’s software.
d) A consulting firm that provides security services is conducting an independent security audit for a company and is recommending remediation methods.
d) A consulting firm that provides security services is conducting an independent security audit for a company and is recommending remediation methods.
Conducting an independent security audit and recommending remediation methods is a clear conflict of interest if the firm has financial ties to those recommendations. If the same firm that performs the audit also sells security services, it has a financial incentive to recommend fixes that require its own services. That can compromise the independence of the audit and create a conflict between the firm’s business interests and the client’s best interests.
Which type of guidance is provided by professional codes of ethics within IT?
a) Course of action in cases of conflict of interest
b) Basic terms of whistleblower policies
c) Detailed definition of a material breach of contract
d) General definition of a breach of contract
a) Course of action in cases of conflict of interest
Professional codes of ethics within IT provide the course of action in cases of conflict of interest.
What are TWO components of the concept of information privacy?
a) Communication privacy
b) Data privacy
c) Consumer privacy
d) Personal privacy
a) Communication privacy
b) Data privacy
Data privacy is part of the information privacy concept, which deals with restricting access to an individual’s personal data. Communication privacy is part of the information privacy concept, which deals with protecting the exchange of data from being surveilled.
Which aspect of the computer security triad provides guidance when dealing with data accuracy in IT?
a) Integrity
b) Confidentiality
c) Availability
d) Immutability
a) Integrity
The integrity aspect of the confidentiality, integrity, and availability (CIA) triad deals with data accuracy.
How should an IT professional respond to a cyberattack prior to the incident eradication?
a) Perform a root cause analysis
b) Communicate the extent of damage to the general public
c) Preserve evidence and activity logs
d) Pursue the perpetrator
c) Preserve evidence and activity logs
In response to a cyberattack, prior to the incident eradication, an IT professional should capture evidence and activity logs.
Which philosophy is doing what is morally correct instead of following a law?
a) Deontology
b) Egoism
c) Altruist
d) Pluralism
a) Deontology
Deontology says to do what is morally correct instead of following a law.
Why not the others?
b) Egoism - Egoism is people doing what is best for themselves.
c) Altruist - Altruists assume what is morally correct will help others.
d) Pluralism - Pluralism beliefs state that there can be multiple good ways to handle situations.
Which type of attack is a common cause of data-level breaches with global scope?
a) Spear phishing
b) Phishing
c) SQL injection
d) DDoS attack
b) Phishing
Phishing is a common cause of data-level breaches with global scope.
Why not the others?
a) Spear phishing - By definition, spear phishing is targeted, so it does not have a global scope.
c) SQL injection - SQL injection targets individual websites that use relational databases as their data store, so their scope is limited.
d) DDoS attack - Distributed Denial of Service (DDoS) attacks do not directly result in data breaches due to their purpose being to affect service availability.
A senior executive at a hospital requests unauthorized access to sensitive patient information. The data management team denies the request after a thorough review. What best describes the data management team’s actions?
a) Ethical/illegal
b) Ethical/legal
c) Unethical/legal
d) Unethical/illegal
b) Ethical/legal
HIPPA compliance requires control over patient data, and the team members are acting as good stewards of the data in their care.
Why not the others?
a) Ethical/illegal - HIPPA compliance requires control over patient data.
c) Unethical/legal - The team members are acting as good stewards of the data in their care.
d) Unethical/illegal - HIPPA compliance requires control over patient data, and the team members are acting as good stewards of the data in their care.
A software developer publishes an application that can download and play animal videos. Employees of a company can download the application to their company-issued device from a third-party application store. The videos are being watched during business hours despite acceptable use policies that prohibit this.
How might Epicurus respond to the question of whether it is ethical to obey or disobey the acceptable use policies?
a) Pleasure is the greatest downfall for human beings.
b) Moral obligation is the greatest downfall for human beings.
c) Pleasure is the greatest good for human beings.
d) Moral obligation is the greatest good for human beings.
c) Pleasure is the greatest good for human beings.
Epicurus would assert that pleasure is the greatest good for human beings, emphasizing the importance of pursuing enjoyment in life.
Why not the others?
a) Pleasure is the greatest downfall for human beings. - Viewing pleasure as a downfall contradicts Epicurean philosophy, which values pleasure as a key component of a fulfilling life.
b) Moral obligation is the greatest downfall for human beings. - Epicurus would argue that viewing moral obligation as a downfall undermines the pursuit of pleasure and happiness.
d) Moral obligation is the greatest good for human beings. - Considering moral obligation as the greatest good conflicts with Epicurus’s belief that pleasure and happiness are paramount.
-
Lesson 1: Quiz - Overview of Ethics5
-
Lesson 2: Quiz - Intro to Ethical Frameworks6
-
Lesson 3: Quiz - Professional Ethics8
-
Lesson 4: Quiz - Cyberattacks and Cybersecurity4
-
Section 1: Test17
-
Lesson 5: Quiz - Privacy7
-
Lesson 6: Quiz - Freedom of Expression5
-
Lesson 7: Quiz - Intellectual Property6
-
Section 2: Test6
