Business 4: Types of Info Systems and Tech Risks

Question 1

What are the four main risks w/r/t systems?

Answer 1

1) Strategic risk
2) Operating risk
3) Financial risk
4) Information risk

Question 2

What are the four main risks w/r/t systems?

Answer 2

1) Strategic risk
2) Operating risk
3) Financial risk
4) Information risk

Question 3

What does strategic risk include w/r/t systems?

Answer 3

Risk of choosing inappropriate technology

Question 4

What does operating risk include w/r/t systems?

Answer 4

risk of doing the right things in the wrong way

Question 5

What does financial risk include w/r/t systems?

Answer 5

risk of having financial resources lost, wasted, or stolen

Question 6

What does information risk include w/r/t systems?

Answer 6

risk of loss of data integrity, incomplete transactions, or hackers

Question 7

What does information risk include w/r/t systems?

Answer 7

risk of loss of data integrity, incomplete transactions, or hackers

Question 8

Can a virus run independently?

Answer 8

No

Question 9

What is a virus?

Answer 9

Piece of a computer program that inserts itself into some other program to propagate and cause harm to files and programs

Question 10

Can a worm run independently?

Answer 10

Yes

Question 11

What do you call a program that can run independently and normally propagates itself over a network?

Answer 11

Worm

Question 12

Can a worm attach itself to other programs?

Answer 12

No

Question 13

Can a worm attach itself to other programs?

Answer 13

No

Question 14

Does a Trojan horse normally replicate itself?

Answer 14

No

Question 15

What is a Trojan horse?

Answer 15

Program that appears to have a useful f(x) but contains a hidden and unintended f(x) that presents a security risk

Question 16

What is a Trojan horse?

Answer 16

Program that appears to have a useful f(x) but contains a hidden and unintended f(x) that presents a security risk

Question 17

What do you call it when one computer or group of computers bombard another computer with a flood of network traffic?

Answer 17

Denial-of-Service Attack

Question 18

What do you call it when one computer or group of computers (zombies) bombard another computer with a flood of network traffic?

Answer 18

Denial-of-Service Attack

Question 19

What do you call it when one computer or group of computers (zombies) bombard another computer with a flood of network traffic?

Answer 19

Denial-of-Service Attack

Question 20

What is phishing?

Answer 20

• Sending of phony emails to try to lure people to phony websites
• Where they are asked for info that will allow the phisher to impersonate the user

Question 21

What is phishing?

Answer 21

• Sending of phony emails to try to lure people to phony websites
• Where they are asked for info that will allow the phisher to impersonate the user

Question 22

Define risk

Answer 22

Possibility of harm or loss

Question 23

Define threat.

Answer 23

Any eventually that represents a danger to an asset or a capability linked to hostile intent

Question 24

What is the term for a characteristic of a design, implementation, or operation that renders the system susceptible to a threat?

Answer 24

Vulnerability

Question 25

Safeguards and controls are put in place to minimize what?

Answer 25

Minimize vulnerabilities

Question 26

Safeguards and controls are put in place to minimize what?

Answer 26

Minimize vulnerabilities

Question 27

Before risks can be managed, what must be done?

Answer 27

They must be assessed

Question 28

Before risks can be managed, what must be done first?

Answer 28

They must be assessed

Question 29

Before risks can be managed, what must be done first?

Answer 29

They must be assessed

Question 30

Access controls come in what two basic types?

Answer 30

1) Physical access

2) Electronic access

Question 31

Access controls come in what two basic types?

Answer 31

1) Physical access

2) Electronic access

Question 32

Is data integrity risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?

Answer 32

NO

Question 33

Is strategic risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?

Answer 33

YES (includes risks such as choosing inappropriate technology)

Question 34

Is financial risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?

Answer 34

YES (includes risks such as having financial resources lost, wasted, or stolen)

Question 35

Is information risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?

Answer 35

YES (includes risks such as loss of data integrity, incomplete transactions, or hackers)

Question 36

Is information risk a type of reporting risk that an accountant must recognize as a threat to the accuracy of reports?

Answer 36

YES (includes risks such as loss of data integrity, incomplete transactions, or hackers)

Question 37

What do you call the system of user identification and authentication that prevents unauthorized users from gaining access to network resources?

Answer 37

Firewall

Question 38

What is used to identify a user?

Answer 38

Login ID

Question 39

What is use to authenticate a user?

Answer 39

Password

Question 40

What is use to authenticate a user?

Answer 40

Password

Question 41

True or false.

A network server is a type of resource protected by a firewall.

Answer 41

True

Question 42

True or false.

A network server is a type of resource protected by a firewall.

Answer 42

True

Question 43

What do you call a firewall designed to protect specific application services from attack?

Answer 43

Application firewalls

Question 44

Firewall methodologies can be divided into what three categories?

Answer 44

1) Packet filtering
2) Circuit level gateways
3) Application level gateways

Question 45

What is packet filtering?

Answer 45

Examines packets of data as they pass through the firewall according to rules that have been est. for the source of the data, the destination of the data, and the network ports the data was sent from

Question 46

What is the simplest type of firewall configuration?

Answer 46

Packet filtering

Question 47

What is IP spoofing?

Answer 47

Forging an acceptable address

Question 48

Packet filtering can be circumvented by what?

Answer 48

IP spoofing

Question 49

What allows data into a network only when computers inside the network request the data?

Answer 49

Circuit level gateways

Question 50

What examines data coming into the gateway in a more sophisticated fashion?

Answer 50

Application level gateways

Question 51

What are application level gateways also known as?

Answer 51

Proxies

Question 52

What is a disadvantage of a proxy?

Answer 52

Slower

Question 53

What is a disadvantage of a proxy?

Answer 53

Slower

Question 54

What do network firewalls do?

Answer 54

Protect network as a whole

Question 55

True or false.

Firewalls deter but cannot completely prevent intrusion from outsiders.

Answer 55

True

Question 56

Do firewalls prevent or protect against viruses?

Answer 56

NO

Question 57

What do you call a system, often both hardware and software, of user identification and authentication that prevents unauthorized users from gaining access to network resources?

Answer 57

Firewall

Question 58

What do file-level access attributes control?

Answer 58

• Control the privileges a particular user has to a file (e.g. “read only”)

Question 59

What do file attributes control?

Answer 59

• Set to restrict writing, reading, and/or directory privileges for a file

Question 60

What are common access controls?

Answer 60

Assignment and maintenance of security levels