4.1 COMMON TECHNOLOGY COMPONENTS (ISACA)

Question 1

Computer-system hardware components are interdependent components that perform specific functions and can be classified

Answer 1

as either processing or input/output.

Question 2

The central component of a computer is

Answer 2

the central processing unit (CPU).

Question 3

Computers may:

Answer 3

• Have the CPU on a single chip (microprocessors)
• Have more than one CPU (multi-processor)
• Contain multiple CPUs on a single chip (multi-core processors)

Question 4

The CPU consists of

Answer 4

(1) an arithmetic logic unit (ALU),
(2) a control unit and
(3) an internal memory.

Question 5

The control unit contains

Answer 5

electrical circuits that control/direct all operations in the computer system.

Question 6

The ALU

Answer 6

performs mathematical and logical operations.

Question 7

The internal memory (i.e., CPU

registers) is used for

Answer 7

processing transactions.

Question 8

Other key components of a computer include:

Answer 8

• Motherboard
• Random access memory (RAM)
• Read-only memory (ROM)
• Permanent storage devices (hard disk drive or solid-state drive [SSD])
• A power supply unity

Question 9

An SSD is a

Answer 9

nonvolatile storage device that stores persistent data on solid-state flash memory.

(SSDs have no moving components and, therefore, require less energy. This distinguishes them from hard disk drives, which contain spinning disks and movable read/write heads.)

Question 10

The input/output (I/O) components are used to

Answer 10

pass instructions/information to the computer and to display or record the output generated by the computer.

Question 11

Some components, such as the ________ and _________, are input-only devices, while others, such as the touch screen, are both input and output devices.

Answer 11

keyboard

mouse,

Question 12

________ are an example of an output-only device.

Answer 12

PRINTERS

Question 13

Computers can be categorized according to several criteria—mainly their

Answer 13

(1) processing power,
(2) size and
(3) architecture

Question 14

Although increased innovation, productivity and services offer benefits, IoT users also risks _______ and ________, among others.

Answer 14

(1) data leakage

(2) privacy issues

Question 15

Print servers

Answer 15

Businesses of all sizes require that printing capability be made available to users across multiple sites and domains. Generally, a network printer is configured based on where the printer is physically located and who within the organization needs to use it. Print servers allow businesses to consolidate printing resources for cost savings

Question 16

File servers

Answer 16

File servers provide for organization wide access to files and programs. Document repositories can be centralized to a few locations within the organization and controlled with an access-control matrix.
Group collaboration and document management are easier when a document repository is used, rather than dispersed storage across multiple workstations.

Question 17

Application (program) servers

Answer 17

Application servers typically host the software programs that provide application access to client computers, including processing the application business logic and communication with the application’s database. Consolidation of applications and licenses in servers enables centralized management and a more secure environment.

Question 18

Web servers

Answer 18

Web servers provide information and services to external customers and internal employees through web pages. They are normally
accessed by their uniform resource locators (URLs).

Question 19

Supercomputers

Answer 19

Very large and expensive computers with the highest processing speed, designed to be used for specialized purposes or fields that require extensive processing power (e.g., complex mathematical or logical calculations). They are typically dedicated to a few specific specialized system or application programs.

Question 20

Mainframes

Answer 20

Large, general-purpose computers that are made to share their processing power and facilities with thousands of internal or external users. Mainframes accomplish this by executing a large variety of tasks almost simultaneously. The range of capabilities of these computers is extensive. A mainframe computer often has its own proprietary OS that can support background (batch) and real- time (online) programs operating parallel applications. Mainframes have traditionally been the main data processing and data warehousing resource of large organizations and, as such, have long been protected by a number of the early security and control tools.

Question 21

High-end and Multiprocessing Systems

Answer 21

High-end and Multiprocessing systems capable of supporting thousands of simultaneous midrange servers
users. In size and power, they can be comparable to a mainframe. High- end/midrange servers have many of the control features of mainframes such as online memory and CPU management, physical and logical partitioning, etc.
Their capabilities are also comparable to mainframes in terms of speed for processing data and execution of client programs, but they cost much less than mainframes. Their OSs and system software base components are often commercial products. The higher-end devices generally use UNIX and, in many cases, are used as database servers while smaller devices are more likely to utilize the Windows OS and be used as application servers and file/print servers.

Question 22

Personal computer

Answer 22

Small computer systems referred to as PCs or workstations that are designed for computers (PCs)
individual users, inexpensively priced and based on microprocessor technology.
Their use includes office automation functions such as word processing, spreadsheets and email; small database management; interaction with web-based applications; and others such as personal graphics, voice, imaging, design, web access and entertainment. Although designed as single-user systems, these computers are commonly linked together to form a network.

Question 23

Thin client

Answer 23

These are personal computers that are generally configured with minimal computers
hardware features (e.g., diskless workstation) with the intent being that most processing occurs at the server level using software, such as Microsoft Terminal Services or Citrix Presentation Server, to access a suite of applications.

Question 24

Laptop computers

Answer 24

Lightweight (under 10 pounds/5 kilograms) personal computers that are easily transportable and are powered by a normal AC connection or by a rechargeable battery pack. Similar to the desktop variety of personal computers in capability, they have similar CPUs, memory capacity and disk storage capacity, but the battery pack makes them less vulnerable to power failures.
Being portable, these are vulnerable to theft. Devices may be stolen to obtain information contained therein and hijack connectivity, either within an internal local area network (LAN) or remotely.

Question 25

Smartphones,

Answer 25

Handheld devices that enable their users to use a small computing device as a tablets and other
substitute for a laptop computer. Some of its uses include a scheduler, a handheld devices
telephone and address book, creating and tracking to-do lists, an expense manager, eReader, web browser, and an assortment of other functions. Such devices can also combine computing, telephone/fax and networking features together so they can be used anytime and anywhere. Handheld devices are also capable of interfacing with PCs to back up or transfer important information.

Question 26

Proxy servers

Answer 26

Proxy servers provide an intermediate link between users and resources. As opposed to direct access, proxy servers will access services on a user’s behalf. Depending on the services being proxied, a proxy server may render more secure and faster response than direct access.

Question 27

Database servers

Answer 27

Database servers store data and act as a repository. The servers concentrate on storing information rather than presenting it to be usable. Application servers and web servers use the data stored in database servers and process the data into usable information.

Question 28

Appliances (specialized devices)

Answer 28

Appliances provide a specific service and normally are not capable of running other services. As a result, the devices are significantly smaller and faster, and very efficient. Capacity and performance demands require certain services to be run on appliances instead of generic
servers.

Question 29

Examples of appliances are:

Answer 29

– Firewalls
– Intrusion detection systems (IDSs) – Intrusion prevention systems (IPSs) – Switches
– Routers
– Virtual private networks (VPNs)
– Load balancers

Question 30

Universal Serial Bus

Answer 30

The universal serial bus (USB) is a serial bus standard that interfaces devices with a host. USB was designed to allow connection of many peripherals to a single standardized interface socket and to improve the plug-and-play capabilities by allowing hot swapping or allowing devices to be connected and disconnected without rebooting the computer or turning off the device.
Other convenient features include providing power to low-consumption devices without the need for an external power supply and allowing many devices to be used without requiring installation of manufacturer-specific, individual device drivers.
USB ports overcome the limitations of the serial and parallel ports in terms of speed and the actual number of connections that can be made. USB 2.0
specifications support data transfer at up to 480 megabits per second (Mbps).
USB 3.0 can transfer data at up to ten times that speed, five gigabits per second (Gbps), and the latest version USB3.1 is capable of transfer speeds up to 10 Gbps.

Question 31

USB ports can connect computer peripherals, such as

Answer 31

(1) mice,
(2) keyboards,
(3) tablets,
(4) gamepads,
(5) joysticks,
(6) scanners,
(7) digital cameras,
(8) printers,
(10) personal media players, (11) flash drives and
(12) external hard drives.

Question 32

Most operating systems (OSs) recognize when a _____ device is connected and load the necessary device drivers.

Answer 32

USB

Question 33

A memory card or flash drive is a ___________ electronic data storage device that is used with digital cameras, handheld and mobile computers, telephones, music players, video game consoles and other electronics.

Answer 33

solid-state

Question 34

______ or ________ offer high recordability, power-free storage, a small form factor and rugged environmental specifications.

Answer 34

Memory Card or

Flash Drive

Question 35

Risk Related to USBs

Answer 35

• Viruses and other malicious software
• Data theft
• Data and media loss
• Corruption of data
• Loss of confidentiality

Question 36

Security Controls Related to USBs

Answer 36

• Encryption
• Granular control
• Security personnel education
• The lock desktop policy enforcement
• Antivirus policy
• Use of secure devices only
• Inclusion of return information

Question 37

• Encryption

Answer 37

An ideal encryption strategy allows data to be stored on the USB drive but renders the data useless without the required encryption key, such as a strong password or biometric data. Products are available to
implement strong encryption and comply with the latest Federal Information Processing Standards (FIPS). Encryption is a good method to protect information written to the device from loss or theft of the device.
But unless the information is also encrypted on the network or local workstation hard drive, sensitive data still are exposed to theft.

Question 38

Granular control

Answer 38

Products are available to provide centralized management of ports. Because management is accomplished via the use of specialized software, centralized management from the enterprise to the individual system is possible. As with all security issues, a technological solution in isolation is insufficient. Strong policies, procedures, standards and guidelines must be put in place to ensure secure operation of memory card and USB drives. Further, an aggressive user awareness program is necessary to effect changes in employee behavior.

Question 39

Security personnel education

Answer 39

Flash drives are so small and unobtrusive that they are easily concealed and removed from an enterprise. Physical security personnel should understand USB devices and the risk they present.

Question 40

The lock desktop policy enforcement

Answer 40

In higher-risk environments, desktop computers should be configured to automatically lock after short intervals.

Question 41

Antivirus policy

Answer 41

Antivirus software should be configured to scan all attached drives and removable media. Users should be trained to scan files before opening them.

Question 42

Use of secure devices only

Answer 42

Enforce the use of encryption. Software is available to manage USBs, enforcing encryption or only accepting encrypted devices.

Question 43

Inclusion of return information

Answer 43

If a USB drive is lost or misplaced, including a small, readable text file containing return information may help with device retrieval. It would be prudent to NOT include company details, but rather a phone number or post office box. It also would be prudent to include a legal disclaimer that clearly identifies the information on the drive as confidential and protected by law.

Question 44

Radio frequency identification (RFID)

Answer 44

Radio frequency identification (RFID) uses radio waves to identify tagged objects within a limited radius. A tag consists of a microchip and an antenna.
The microchip stores information along with an ID to identify a product, while the antenna transmits the information to an RFID reader.
The power needed to drive the tag can be derived in two modes. The first mode, used in passive tags, draws power from the incidental radiation arriving from the reader. The second and more expensive mode, used in active tags, derives its power from batteries and therefore is capable of using higher frequencies and achieving longer communication distances. An active tag is reusable and can contain more data.
Tags can be used to identify an item based on either direct product identification or carrier identification. In the case of the latter, an article’s ID is manually fed into the system (e.g., using a bar code) and is used along with strategically placed radio frequency readers to track and locate the item.

Question 45

Asset management

Answer 45

RFID-based asset management systems are used to manage inventory of any item that can be tagged. Asset management systems using RFID technology offer significant advantages over paper-based or bar- code systems, including the ability to read the identifiers of multiple items nearly simultaneously without optical line of sight or physical contact.

Question 46

Tracking

Answer 46

RFID asset management systems are used to identify the location of an item or, more accurately, the location of the last reader that detected the presence of the tag associated with the item.

Question 47

Authenticity verification

Answer 47

The tag provides evidence of the source of a tagged item. Authenticity verification often is incorporated into a tracking application.

Question 48

Matching

Answer 48

Two tagged items are matched with each other and a signal (e.g., a light or tone) is triggered if one of the items is later matched with an incorrect tagged item.

Question 49

Process control

Answer 49

This allows business processes to use information associated with a tag (or the item attached to the tag) and to take a customized action.

Question 50

Access control

Answer 50

The system uses RFID to automatically check whether an individual is authorized to physically access a facility (e.g., a gated campus or a specific building) or logically access an information technology system.

Question 51

Supply chain management (SCM)

Answer 51

SCM involves the monitoring and control of products from manufacture to distribution to retail sale. SCM
typically bundles several application types, including asset management, tracking, process control and payment systems.