4.1 COMMON TECHNOLOGY COMPONENTS (ISACA) Flashcards

1
Q

Computer-system hardware components are interdependent components that perform specific functions and can be classified

A

as either processing or input/output.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The central component of a computer is

A

the central processing unit (CPU).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Computers may:

A
  • Have the CPU on a single chip (microprocessors)
  • Have more than one CPU (multi-processor)
  • Contain multiple CPUs on a single chip (multi-core processors)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The CPU consists of

A

(1) an arithmetic logic unit (ALU),
(2) a control unit and
(3) an internal memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The control unit contains

A

electrical circuits that control/direct all operations in the computer system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The ALU

A

performs mathematical and logical operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The internal memory (i.e., CPU

registers) is used for

A

processing transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Other key components of a computer include:

A
  • Motherboard
  • Random access memory (RAM)
  • Read-only memory (ROM)
  • Permanent storage devices (hard disk drive or solid-state drive [SSD])
  • A power supply unity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An SSD is a

A

nonvolatile storage device that stores persistent data on solid-state flash memory.

(SSDs have no moving components and, therefore, require less energy. This distinguishes them from hard disk drives, which contain spinning disks and movable read/write heads.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The input/output (I/O) components are used to

A

pass instructions/information to the computer and to display or record the output generated by the computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Some components, such as the ________ and _________, are input-only devices, while others, such as the touch screen, are both input and output devices.

A

keyboard

mouse,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

________ are an example of an output-only device.

A

PRINTERS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Computers can be categorized according to several criteria—mainly their

A

(1) processing power,
(2) size and
(3) architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Although increased innovation, productivity and services offer benefits, IoT users also risks _______ and ________, among others.

A

(1) data leakage

(2) privacy issues

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Print servers

A

Businesses of all sizes require that printing capability be made available to users across multiple sites and domains. Generally, a network printer is configured based on where the printer is physically located and who within the organization needs to use it. Print servers allow businesses to consolidate printing resources for cost savings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

File servers

A

File servers provide for organization wide access to files and programs. Document repositories can be centralized to a few locations within the organization and controlled with an access-control matrix.
Group collaboration and document management are easier when a document repository is used, rather than dispersed storage across multiple workstations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Application (program) servers

A

Application servers typically host the software programs that provide application access to client computers, including processing the application business logic and communication with the application’s database. Consolidation of applications and licenses in servers enables centralized management and a more secure environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Web servers

A

Web servers provide information and services to external customers and internal employees through web pages. They are normally
accessed by their uniform resource locators (URLs).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Supercomputers

A

Very large and expensive computers with the highest processing speed, designed to be used for specialized purposes or fields that require extensive processing power (e.g., complex mathematical or logical calculations). They are typically dedicated to a few specific specialized system or application programs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Mainframes

A

Large, general-purpose computers that are made to share their processing power and facilities with thousands of internal or external users. Mainframes accomplish this by executing a large variety of tasks almost simultaneously. The range of capabilities of these computers is extensive. A mainframe computer often has its own proprietary OS that can support background (batch) and real- time (online) programs operating parallel applications. Mainframes have traditionally been the main data processing and data warehousing resource of large organizations and, as such, have long been protected by a number of the early security and control tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

High-end and Multiprocessing Systems

A

High-end and Multiprocessing systems capable of supporting thousands of simultaneous midrange servers
users. In size and power, they can be comparable to a mainframe. High- end/midrange servers have many of the control features of mainframes such as online memory and CPU management, physical and logical partitioning, etc.
Their capabilities are also comparable to mainframes in terms of speed for processing data and execution of client programs, but they cost much less than mainframes. Their OSs and system software base components are often commercial products. The higher-end devices generally use UNIX and, in many cases, are used as database servers while smaller devices are more likely to utilize the Windows OS and be used as application servers and file/print servers.

22
Q

Personal computer

A

Small computer systems referred to as PCs or workstations that are designed for computers (PCs)
individual users, inexpensively priced and based on microprocessor technology.
Their use includes office automation functions such as word processing, spreadsheets and email; small database management; interaction with web-based applications; and others such as personal graphics, voice, imaging, design, web access and entertainment. Although designed as single-user systems, these computers are commonly linked together to form a network.

23
Q

Thin client

A
These are personal computers that are generally configured with minimal computers
hardware features (e.g., diskless workstation) with the intent being that most processing occurs at the server level using software, such as Microsoft Terminal Services or Citrix Presentation Server, to access a suite of applications.
24
Q

Laptop computers

A

Lightweight (under 10 pounds/5 kilograms) personal computers that are easily transportable and are powered by a normal AC connection or by a rechargeable battery pack. Similar to the desktop variety of personal computers in capability, they have similar CPUs, memory capacity and disk storage capacity, but the battery pack makes them less vulnerable to power failures.
Being portable, these are vulnerable to theft. Devices may be stolen to obtain information contained therein and hijack connectivity, either within an internal local area network (LAN) or remotely.

25
Q

Smartphones,

A

Handheld devices that enable their users to use a small computing device as a tablets and other
substitute for a laptop computer. Some of its uses include a scheduler, a handheld devices
telephone and address book, creating and tracking to-do lists, an expense manager, eReader, web browser, and an assortment of other functions. Such devices can also combine computing, telephone/fax and networking features together so they can be used anytime and anywhere. Handheld devices are also capable of interfacing with PCs to back up or transfer important information.

26
Q

Proxy servers

A

Proxy servers provide an intermediate link between users and resources. As opposed to direct access, proxy servers will access services on a user’s behalf. Depending on the services being proxied, a proxy server may render more secure and faster response than direct access.

27
Q

Database servers

A

Database servers store data and act as a repository. The servers concentrate on storing information rather than presenting it to be usable. Application servers and web servers use the data stored in database servers and process the data into usable information.

28
Q

Appliances (specialized devices)

A

Appliances provide a specific service and normally are not capable of running other services. As a result, the devices are significantly smaller and faster, and very efficient. Capacity and performance demands require certain services to be run on appliances instead of generic
servers.

29
Q

Examples of appliances are:

A
– Firewalls
– Intrusion detection systems (IDSs) – Intrusion prevention systems (IPSs) – Switches
– Routers
– Virtual private networks (VPNs)
– Load balancers
30
Q

Universal Serial Bus

A

The universal serial bus (USB) is a serial bus standard that interfaces devices with a host. USB was designed to allow connection of many peripherals to a single standardized interface socket and to improve the plug-and-play capabilities by allowing hot swapping or allowing devices to be connected and disconnected without rebooting the computer or turning off the device.
Other convenient features include providing power to low-consumption devices without the need for an external power supply and allowing many devices to be used without requiring installation of manufacturer-specific, individual device drivers.
USB ports overcome the limitations of the serial and parallel ports in terms of speed and the actual number of connections that can be made. USB 2.0
specifications support data transfer at up to 480 megabits per second (Mbps).
USB 3.0 can transfer data at up to ten times that speed, five gigabits per second (Gbps), and the latest version USB3.1 is capable of transfer speeds up to 10 Gbps.

31
Q

USB ports can connect computer peripherals, such as

A

(1) mice,
(2) keyboards,
(3) tablets,
(4) gamepads,
(5) joysticks,
(6) scanners,
(7) digital cameras,
(8) printers,
(10) personal media players, (11) flash drives and
(12) external hard drives.

32
Q

Most operating systems (OSs) recognize when a _____ device is connected and load the necessary device drivers.

A

USB

33
Q

A memory card or flash drive is a ___________ electronic data storage device that is used with digital cameras, handheld and mobile computers, telephones, music players, video game consoles and other electronics.

A

solid-state

34
Q

______ or ________ offer high recordability, power-free storage, a small form factor and rugged environmental specifications.

A

Memory Card or

Flash Drive

35
Q

Risk Related to USBs

A
  • Viruses and other malicious software
  • Data theft
  • Data and media loss
  • Corruption of data
  • Loss of confidentiality
36
Q

Security Controls Related to USBs

A
  • Encryption
  • Granular control
  • Security personnel education
  • The lock desktop policy enforcement
  • Antivirus policy
  • Use of secure devices only
  • Inclusion of return information
37
Q

• Encryption

A

An ideal encryption strategy allows data to be stored on the USB drive but renders the data useless without the required encryption key, such as a strong password or biometric data. Products are available to
implement strong encryption and comply with the latest Federal Information Processing Standards (FIPS). Encryption is a good method to protect information written to the device from loss or theft of the device.
But unless the information is also encrypted on the network or local workstation hard drive, sensitive data still are exposed to theft.

38
Q

Granular control

A

Products are available to provide centralized management of ports. Because management is accomplished via the use of specialized software, centralized management from the enterprise to the individual system is possible. As with all security issues, a technological solution in isolation is insufficient. Strong policies, procedures, standards and guidelines must be put in place to ensure secure operation of memory card and USB drives. Further, an aggressive user awareness program is necessary to effect changes in employee behavior.

39
Q

Security personnel education

A

Flash drives are so small and unobtrusive that they are easily concealed and removed from an enterprise. Physical security personnel should understand USB devices and the risk they present.

40
Q

The lock desktop policy enforcement

A

In higher-risk environments, desktop computers should be configured to automatically lock after short intervals.

41
Q

Antivirus policy

A

Antivirus software should be configured to scan all attached drives and removable media. Users should be trained to scan files before opening them.

42
Q

Use of secure devices only

A

Enforce the use of encryption. Software is available to manage USBs, enforcing encryption or only accepting encrypted devices.

43
Q

Inclusion of return information

A

If a USB drive is lost or misplaced, including a small, readable text file containing return information may help with device retrieval. It would be prudent to NOT include company details, but rather a phone number or post office box. It also would be prudent to include a legal disclaimer that clearly identifies the information on the drive as confidential and protected by law.

44
Q

Radio frequency identification (RFID)

A

Radio frequency identification (RFID) uses radio waves to identify tagged objects within a limited radius. A tag consists of a microchip and an antenna.
The microchip stores information along with an ID to identify a product, while the antenna transmits the information to an RFID reader.
The power needed to drive the tag can be derived in two modes. The first mode, used in passive tags, draws power from the incidental radiation arriving from the reader. The second and more expensive mode, used in active tags, derives its power from batteries and therefore is capable of using higher frequencies and achieving longer communication distances. An active tag is reusable and can contain more data.
Tags can be used to identify an item based on either direct product identification or carrier identification. In the case of the latter, an article’s ID is manually fed into the system (e.g., using a bar code) and is used along with strategically placed radio frequency readers to track and locate the item.

45
Q

Asset management

A

RFID-based asset management systems are used to manage inventory of any item that can be tagged. Asset management systems using RFID technology offer significant advantages over paper-based or bar- code systems, including the ability to read the identifiers of multiple items nearly simultaneously without optical line of sight or physical contact.

46
Q

Tracking

A

RFID asset management systems are used to identify the location of an item or, more accurately, the location of the last reader that detected the presence of the tag associated with the item.

47
Q

Authenticity verification

A

The tag provides evidence of the source of a tagged item. Authenticity verification often is incorporated into a tracking application.

48
Q

Matching

A

Two tagged items are matched with each other and a signal (e.g., a light or tone) is triggered if one of the items is later matched with an incorrect tagged item.

49
Q

Process control

A

This allows business processes to use information associated with a tag (or the item attached to the tag) and to take a customized action.

50
Q

Access control

A

The system uses RFID to automatically check whether an individual is authorized to physically access a facility (e.g., a gated campus or a specific building) or logically access an information technology system.

51
Q

Supply chain management (SCM)

A

SCM involves the monitoring and control of products from manufacture to distribution to retail sale. SCM
typically bundles several application types, including asset management, tracking, process control and payment systems.