Exam 2

Question 1

Programs typically consist of 3 fundamental flow control patterns, which are:

Answer 1

sequence, selection, and repetition. P. 121

Question 2

What does VPN stand for?

Answer 2

Virtual private network

Question 3

The Three primary information security areas are

Answer 3

Authentication and authorization
Are people who they say they are?
Do they have permission?

Prevent and resist a breach
Monitors traffic spanning outside and inside
Prevents a breach

Detection and response (breach occurred)
Respond before damage can be done

Question 4

What is the most common way to identify individual users, and also the most ineffective form of authentication?

Answer 4

User ID and passwords

Question 5

What is phishing?

Answer 5

a technique to gain personal information for the purpose of identity theft (sending an email to someone that appears to be from BYU asking for username and password)

Question 6

What is an example of a simple password?

Answer 6

homer

Question 7

What is an example of a password with requirements?

Answer 7

Homerjs1

Question 8

What is an example of a random password?

Answer 8

@#4Tj`9q

Question 9

What is an example of a passphrase password?

Answer 9

purplemonkeydishwater

Question 10

Smart cards and tokens are (more/less) effective than a user ID and a password

Answer 10

more

Question 11

What is a token?

Answer 11

small electronic devices that change user passwords automatically

Question 12

What is a smart card?

Answer 12

a device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing

Question 13

What are biometrics?

Answer 13

the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting

Question 14

What is the best and most effective way to manage authentication?

Answer 14

biometrics

Question 15

What is the most costly and intrusive way to manage authentication?

Answer 15

biometrics

Question 16

List 3 ways to help prevent and build resistance to attacks

Answer 16

content filtering
encryption
firewall

Question 17

Know that all of these are threats to security

Answer 17

Fire
Water
Vibration and movement (earthquakes, landslides, explosions)
Severe weather (hurricanes, tornadoes, high winds, severe lightening, etc)
Electrostatic discharge
high humidity causes corrosion, low humidity causes ESD
Electrical noise (EMI and RFI interference)
Electrical anomalies (blackout, brownout, fault, spike, sag, surge, inrush)
Lightning strikes
Magnetic fields
Sabotage/terrorism/war/theft/vandalism
Equipment failure
Loss of communications and utilities
Personnel loss

Question 18

What are the 3 elements to the CIA triad and what do they represent?

Answer 18

Confidentiality: authentication and authorization (something you know, something you have, who you are)
Availability: authorized users have access when they need it.
Integrity: Protecting data from unauthorized modification or deletion.

Question 19

What is network sniffing?

Answer 19

Intercepting packages on a wired/wireless network and viewing the contents.

Question 20

What is the difference between a virus and a worm?

Answer 20

A worm can spread itself without needing users to share the virus

Question 21

What is a trojan horse virus?

Answer 21

a malicious program disguised to be legitimate/ useful (hence the name trojan horse)

Question 22

What is the difference between a denial of service and a distributed denial of service?

Answer 22

a denial of service is an army of zombie computers controlled by malware requesting the webpage.
a distributed denial of service is a coordinate effort to flood a system (actual people). For example: registering for classes

Question 23

Social engineering is considered to be a ____ threat.
Small
Average size
Huge

Answer 23

Huge

Question 24

True or False: Only people with ‘highly valued’ information are at risk of becoming victim to costly security breaches?

Answer 24

false

Question 25

What are hactivists?

Answer 25

Hactivists (hackers who are activists) promote political ends through breaking into computers or networks. They may deface a website (changing the appearance or content of a website) that is contrary to their opinion or make confidential information public to accomplish their political objective.

Question 26

What are cyberterrorists?

Answer 26

Cyberterrorists refer to hackers who use the internet to accomplish terrorist acts. Cyberterrorist acts may include disrupting or destroying an organization’s or nation’s infrastructure, such as disrupting a nation’s power supply or communication lines.

Question 27

What is a Non-Malicious Insider Threat?

Answer 27

A good intended employee who compromises security through negligence or ignorance
(those 90%+ people who drive you crazy)

Question 28

what does https stand for?

Answer 28

Hypertext Transfer Protocol Secure

Question 29

Which of the following does not help create a strong password?
Avoiding reusing passwords
Avoiding names of family members, pets, sports teams
Using special characters, numbers, upper and lower case letters
Only allowing a limited number of password guesses
All help create a strong password

Answer 29

All help create a strong password

Question 30

Conventional wisdom states the life span of hard drive is

Answer 30

3-5 years

Question 31

Can a trojan horse virus self-replicate/infect files?

Answer 31

No

Question 32

What does creating a backdoor mean?

Answer 32

Someone taking control of your computer

Question 33

how does a firewall protect you?

Answer 33

by analyzing the information leaving and entering the network and then blocks unauthorized or suspicious content

Question 34

What are file permissions?

Answer 34

rules that specify what can and cannot be done to a file

Question 35

what is version control?

Answer 35

the management of changes to file

Question 36

what are checksums?

Answer 36

unique signature of file contents

Question 37

In order from center to outer, what is the onion model?

Hint: SD/R;E;P;F/IPS/PI;PS.

Answer 37

sensitive data/resources; encryption; permissions; firewalls, IPS, packet inspections; physical security.

Question 38

what does html stand for?

Answer 38

Hyper-Text Markup Language

Question 39

Is html a programming language? why or why not?

Answer 39

No.
Doesn’t calculate totals
Doesn’t validate forms
Doesn’t access databases

Question 40

What is the difference between the internet and the world wide web?

Answer 40

The internet is a global system of interconnected computers and networks.
The WWW is a network of interlinked web pages (a.k.a. “hypertext documents”)

Question 41

Who forces browser makers to adhere to standards?

Answer 41

Nobody other than “the market”

Question 42

What does URL stand for?

Answer 42

Uniform Resource Locator

Question 43

What does FTP stand for? What is it?

Answer 43

File transfer protocol.

Protocol for transferring files over the internet

Question 44

Html tags are called

Answer 44

elements

Question 45

What does CSS stand for?

Answer 45

Cascading Style Sheets

Question 46

What is metadata?

Answer 46

data about the page (in css)

Question 47

If the body style set font-size to 14 pt., the p style set font-size to 12 pt., the p.contact style set font-size to 18 pt., and the .subHeading style set font-size to 11 pt., what would the font-size be for the email address?

Answer 47

it would be 11pt because the .subHeading style is nested closest to the text.

Question 48

What are the 4 parts of the box model and what area do they describe?

Answer 48

Margin. The margin clears an area around the border. Margins have no background color and are always transparent.
Border. The border goes around the padding and content. To make the border visible, you must define the “border-style” property.
Padding. Padding clears an area around the content area.
Content. The content area is where text and images occur.

Question 49

What if you specified a background color for the tag as well as a <p> tag? Which would show up behind the paragraph?

Answer 49

the color specified for the <p> tag would show up over the tag because it is closer to the content, i.e. nested inside of the tag

Question 50

What is the advantage of using an external (versus internal) stylesheet?

Answer 50

Most importantly, the external stylesheet allows you to reuse your styles across ANY page on your site which contains a tag pointing to that stylesheet.

Question 51

is the href value in the tag an absolute or relative reference?

Answer 51

it’s relative because it doesn’t include the full path from website URL to styles.css file. However, you can use either an absolute or relative reference for stylesheets just like the <a> tag.</a>

Question 52

What are the 3 elements of the quality constraint triangle?

Answer 52

Time, cost, scope

Question 53

What does COTS stand for and what is it?

Answer 53

Commercial off the shelf.

Buy a ready made solution

Question 54

What is the agile system development method?

Answer 54

“quick” & “flexible”

Small projects delivered quickly & frequently; daily collaboration with users

Question 55

What does RAD stand for and what is it?

Answer 55

Rapid Application Development (RAD)

Rapid prototyping; interactive user involvement

Question 56

What does XP stand for and what is it?

Answer 56

Extreme programming

Tiny manageable phases; iterate with user feedback

Question 57

What is the success rate for the waterfall method?

Answer 57

10%

Question 58

What is the biggest problem with the waterfall methodology?

Answer 58

it assumes users can specify all business requirements in advance

Question 59

The primary difference between the waterfall and agile methodologies is that

Answer 59

agile divides its phases into iterations with user feedback

Question 60

What are the 7 phases to the waterfall method?

Answer 60

Planning, Analysis, Design, Development, Testing, Implementation, Maintenance. PADDTIM

Question 61

The following description describes which phase of the waterfall method?
Select the system project (strategic)
Assess project feasibility
Produce Project plan (Project Management)
Assign Team members, Develop Schedule (milestones)
Choose methodology
(COTS, Waterfall, RAD, Extreme Programming, Agile)
Probably use PM software: PERT, Gantt (“MS Project”)
Economical
Do benefits exceed costs? (e.g. ROI)
Technical
Is technology available - are we up to it?
Operational
Can our organization operate it?
Legal
Does it meet all regulations and laws?
Scheduling
Is the implementation schedule practical? Have we allowed time to build, test, train, etc.?

Answer 61

Planning

Question 62

The following description describes which phase of the waterfall method?
Collect/Analyze Data: Study the current system
Determine business/ customer requirements
Write requirements definition document
Sign Off

Answer 62

analysis

Question 63

The following description describes which phase of the waterfall method?
Design the IT infrastructure
Hardware
Software
Design the System Components (details)
Screen layouts; reports; procedures
Program logic
Database structure (data models/ERDs)

Answer 63

Design

Question 64

The following description describes which phase of the waterfall method?
Physical Implementation
Construct the physical infrastructure (power, AC, etc.)
Purchase/Install Hardware and Software
Write the programs
Structure & Build the databases

Answer 64

Development

Question 65

The following description describes which phase of the waterfall method?
Develop test conditions
Types of Testing
Unit – Does the component work as specified?
Application/System – Will components work together?
Backup/Recovery – Will it restart after disaster or failure?
Documentation – Are instructions accurate and helpful?
Integration – does it work with other systems?
Regression – are other functions still working?
User Acceptance Test (UAT) – Does the system satisfy user needs?

Answer 65

Testing

Question 66

The following description describes which phase of the waterfall method?
Complete detailed user documentation
Choose the conversion method 
Prepare users (Train on new system)
Convert/start new system
Get user acceptance

Answer 66

Implimentation

Question 67

The following description describes which phase of the waterfall method?
Implement backup procedures
Help users, fix problems, Optimize
Types of maintenance:
Adaptive, Corrective, Perfective, Preventative.
Carefully Manage Change: 
Change Control Board (CCB)
Also part of implementation

Answer 67

Maintenance

Question 68

Describe the 4 conversion techniques

Answer 68

Direct (Plunge) conversion: Switch from the old system to the new one “overnight”
Parallel conversion: Avoids some risk; run the old system until the new one is activated and working.
Phased conversion: Activate a new system one module at a time.
Pilot conversion: Activate and test the new system in one branch of an organization

Question 69

What is the most expensive part of the waterfall method?

Answer 69

Maintenance

Question 70

What are the 5 types of feasibility in planning?

Answer 70

TELOS
Technical
Economic
Legal
Operational
Scheduling

Question 71

What are the 4 types of testing?

Answer 71

UISUA
Unit
Integration
System
User acceptance