Exam 2 Flashcards
Programs typically consist of 3 fundamental flow control patterns, which are:
sequence, selection, and repetition. P. 121
What does VPN stand for?
Virtual private network
The Three primary information security areas are
Authentication and authorization
Are people who they say they are?
Do they have permission?
Prevent and resist a breach
Monitors traffic spanning outside and inside
Prevents a breach
Detection and response (breach occurred)
Respond before damage can be done
What is the most common way to identify individual users, and also the most ineffective form of authentication?
User ID and passwords
What is phishing?
a technique to gain personal information for the purpose of identity theft (sending an email to someone that appears to be from BYU asking for username and password)
What is an example of a simple password?
homer
What is an example of a password with requirements?
Homerjs1
What is an example of a random password?
@#4Tj`9q
What is an example of a passphrase password?
purplemonkeydishwater
Smart cards and tokens are (more/less) effective than a user ID and a password
more
What is a token?
small electronic devices that change user passwords automatically
What is a smart card?
a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing
What are biometrics?
the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting
What is the best and most effective way to manage authentication?
biometrics
What is the most costly and intrusive way to manage authentication?
biometrics
List 3 ways to help prevent and build resistance to attacks
content filtering
encryption
firewall
Know that all of these are threats to security
Fire
Water
Vibration and movement (earthquakes, landslides, explosions)
Severe weather (hurricanes, tornadoes, high winds, severe lightening, etc)
Electrostatic discharge
high humidity causes corrosion, low humidity causes ESD
Electrical noise (EMI and RFI interference)
Electrical anomalies (blackout, brownout, fault, spike, sag, surge, inrush)
Lightning strikes
Magnetic fields
Sabotage/terrorism/war/theft/vandalism
Equipment failure
Loss of communications and utilities
Personnel loss
What are the 3 elements to the CIA triad and what do they represent?
Confidentiality: authentication and authorization (something you know, something you have, who you are)
Availability: authorized users have access when they need it.
Integrity: Protecting data from unauthorized modification or deletion.
What is network sniffing?
Intercepting packages on a wired/wireless network and viewing the contents.
What is the difference between a virus and a worm?
A worm can spread itself without needing users to share the virus
What is a trojan horse virus?
a malicious program disguised to be legitimate/ useful (hence the name trojan horse)
What is the difference between a denial of service and a distributed denial of service?
a denial of service is an army of zombie computers controlled by malware requesting the webpage.
a distributed denial of service is a coordinate effort to flood a system (actual people). For example: registering for classes
Social engineering is considered to be a ____ threat.
Small
Average size
Huge
Huge
True or False: Only people with ‘highly valued’ information are at risk of becoming victim to costly security breaches?
false
What are hactivists?
Hactivists (hackers who are activists) promote political ends through breaking into computers or networks. They may deface a website (changing the appearance or content of a website) that is contrary to their opinion or make confidential information public to accomplish their political objective.
What are cyberterrorists?
Cyberterrorists refer to hackers who use the internet to accomplish terrorist acts. Cyberterrorist acts may include disrupting or destroying an organization’s or nation’s infrastructure, such as disrupting a nation’s power supply or communication lines.
What is a Non-Malicious Insider Threat?
A good intended employee who compromises security through negligence or ignorance
(those 90%+ people who drive you crazy)
what does https stand for?
Hypertext Transfer Protocol Secure
Which of the following does not help create a strong password?
Avoiding reusing passwords
Avoiding names of family members, pets, sports teams
Using special characters, numbers, upper and lower case letters
Only allowing a limited number of password guesses
All help create a strong password
All help create a strong password
Conventional wisdom states the life span of hard drive is
3-5 years
Can a trojan horse virus self-replicate/infect files?
No
What does creating a backdoor mean?
Someone taking control of your computer
how does a firewall protect you?
by analyzing the information leaving and entering the network and then blocks unauthorized or suspicious content
What are file permissions?
rules that specify what can and cannot be done to a file
what is version control?
the management of changes to file
what are checksums?
unique signature of file contents
In order from center to outer, what is the onion model?
Hint: SD/R;E;P;F/IPS/PI;PS.
sensitive data/resources; encryption; permissions; firewalls, IPS, packet inspections; physical security.
what does html stand for?
Hyper-Text Markup Language
Is html a programming language? why or why not?
No.
Doesn’t calculate totals
Doesn’t validate forms
Doesn’t access databases
What is the difference between the internet and the world wide web?
The internet is a global system of interconnected computers and networks.
The WWW is a network of interlinked web pages (a.k.a. “hypertext documents”)
Who forces browser makers to adhere to standards?
Nobody other than “the market”
What does URL stand for?
Uniform Resource Locator
What does FTP stand for? What is it?
File transfer protocol.
Protocol for transferring files over the internet
Html tags are called
elements
What does CSS stand for?
Cascading Style Sheets
What is metadata?
data about the page (in css)
If the body style set font-size to 14 pt., the p style set font-size to 12 pt., the p.contact style set font-size to 18 pt., and the .subHeading style set font-size to 11 pt., what would the font-size be for the email address?
it would be 11pt because the .subHeading style is nested closest to the text.
What are the 4 parts of the box model and what area do they describe?
Margin. The margin clears an area around the border. Margins have no background color and are always transparent.
Border. The border goes around the padding and content. To make the border visible, you must define the “border-style” property.
Padding. Padding clears an area around the content area.
Content. The content area is where text and images occur.
What if you specified a background color for the tag as well as a <p> tag? Which would show up behind the paragraph?
the color specified for the <p> tag would show up over the tag because it is closer to the content, i.e. nested inside of the tag
What is the advantage of using an external (versus internal) stylesheet?
Most importantly, the external stylesheet allows you to reuse your styles across ANY page on your site which contains a tag pointing to that stylesheet.
is the href value in the tag an absolute or relative reference?
it’s relative because it doesn’t include the full path from website URL to styles.css file. However, you can use either an absolute or relative reference for stylesheets just like the <a> tag.</a>
What are the 3 elements of the quality constraint triangle?
Time, cost, scope
What does COTS stand for and what is it?
Commercial off the shelf.
Buy a ready made solution
What is the agile system development method?
“quick” & “flexible”
Small projects delivered quickly & frequently; daily collaboration with users
What does RAD stand for and what is it?
Rapid Application Development (RAD)
Rapid prototyping; interactive user involvement
What does XP stand for and what is it?
Extreme programming
Tiny manageable phases; iterate with user feedback
What is the success rate for the waterfall method?
10%
What is the biggest problem with the waterfall methodology?
it assumes users can specify all business requirements in advance
The primary difference between the waterfall and agile methodologies is that
agile divides its phases into iterations with user feedback
What are the 7 phases to the waterfall method?
Planning, Analysis, Design, Development, Testing, Implementation, Maintenance. PADDTIM
The following description describes which phase of the waterfall method?
Select the system project (strategic)
Assess project feasibility
Produce Project plan (Project Management)
Assign Team members, Develop Schedule (milestones)
Choose methodology
(COTS, Waterfall, RAD, Extreme Programming, Agile)
Probably use PM software: PERT, Gantt (“MS Project”)
Economical
Do benefits exceed costs? (e.g. ROI)
Technical
Is technology available - are we up to it?
Operational
Can our organization operate it?
Legal
Does it meet all regulations and laws?
Scheduling
Is the implementation schedule practical? Have we allowed time to build, test, train, etc.?
Planning
The following description describes which phase of the waterfall method?
Collect/Analyze Data: Study the current system
Determine business/ customer requirements
Write requirements definition document
Sign Off
analysis
The following description describes which phase of the waterfall method? Design the IT infrastructure Hardware Software Design the System Components (details) Screen layouts; reports; procedures Program logic Database structure (data models/ERDs)
Design
The following description describes which phase of the waterfall method?
Physical Implementation
Construct the physical infrastructure (power, AC, etc.)
Purchase/Install Hardware and Software
Write the programs
Structure & Build the databases
Development
The following description describes which phase of the waterfall method?
Develop test conditions
Types of Testing
Unit – Does the component work as specified?
Application/System – Will components work together?
Backup/Recovery – Will it restart after disaster or failure?
Documentation – Are instructions accurate and helpful?
Integration – does it work with other systems?
Regression – are other functions still working?
User Acceptance Test (UAT) – Does the system satisfy user needs?
Testing
The following description describes which phase of the waterfall method? Complete detailed user documentation Choose the conversion method Prepare users (Train on new system) Convert/start new system Get user acceptance
Implimentation
The following description describes which phase of the waterfall method? Implement backup procedures Help users, fix problems, Optimize Types of maintenance: Adaptive, Corrective, Perfective, Preventative. Carefully Manage Change: Change Control Board (CCB) Also part of implementation
Maintenance
Describe the 4 conversion techniques
Direct (Plunge) conversion: Switch from the old system to the new one “overnight”
Parallel conversion: Avoids some risk; run the old system until the new one is activated and working.
Phased conversion: Activate a new system one module at a time.
Pilot conversion: Activate and test the new system in one branch of an organization
What is the most expensive part of the waterfall method?
Maintenance
What are the 5 types of feasibility in planning?
TELOS Technical Economic Legal Operational Scheduling
What are the 4 types of testing?
UISUA Unit Integration System User acceptance
