Final Exam

Question 1

Determining identity via a trusted process

Answer 1

Authentication

Question 2

Act of recognizing an authenticated person

Answer 2

Authorization

Question 3

Allowing authorized person access to a resource

Answer 3

Access Control

Question 4

Network hosts and valuable information

Answer 4

Asset

Question 5

Something that allows user to attack and/or compromise the system

Answer 5

Vulnerability

Question 6

Procedure used to exploit a vulnerability

Answer 6

Threat

Question 7

Person, process, or host used to wage a threat

Answer 7

Threat Agent

Question 8

Overall exposure experienced by a network or business

Answer 8

Risk

Question 9

Event in which a threat exploits a vulnerability

Answer 9

Attack/incident exposure

Question 10

Event in which a system loses integrity

Answer 10

Compromise

Question 11

Procedure taken to minimize a vulnerability or threat

Answer 11

Counter-measure

Question 12

User who attempts to defeat authentication and gain illicit access to resources

Answer 12

Malicious user

Question 13

Use of code or procedures in an attack

Answer 13

Exploit

Question 14

Any data used to prove idenitity

Answer 14

Authentication Information

Question 15

Process by which use of resources and services is granted or denied

Answer 15

Access Control

Question 16

Process of tracking users and their actions on the network

Answer 16

Auditing or accounting

Question 17

a U.S. intelligence agency responsible for providing the US government with encrypted communications (information assurance) and the reading of encrypted communications (signals intelligence) of other nations

Answer 17

National Security Agency (NSA)

Question 18

An American computer professional, former employee of the Central Intelligence Agency (CIA) and former contractor for the National Security Agency (NSA). In May 2013, he flew from Hawaii to Hong Kong, where he met w/ journalists Glenn Greenwald and Laura Poitras and released numerous documents to them. With his permission, the journalist later revealed his identity to the international media

Answer 18

Edward Joseph Snowden

Question 19

What did Russian government grant Snowden?

Answer 19

A one-year temporary renewable asylum

Question 20

a statement that describes what the organization’s practices are

Answer 20

Privacy policy

Question 21

The information contained in the privacy policies of companies usually follow what?

Answer 21

Fair Information Practices Principles (FIPP) set fourth by the Federal Trade Commission (FTC)

Question 22

A type of trust seal that are an attempt by companies at self-regulation regarding privacy of consumers and company verification

Answer 22

Privacy Seals

Question 23

Trust Seals are available for a free

Answer 23

Got it!?

Question 24

Types of government privacy regulations

Answer 24

USA Patriot act of 2001
Gramm-Leach-Bliley Financial services Modernization Act of 1999 (GLBA)
Family Educational Rights and Privacy Act (FERPA)
Children’s Online Privacy Protection Act of 1998 (COPPA)

Question 25

An act that repealed part of the Glass-Steagall act of 1933, removing barriers in the market among banking companies, securities companies and insurance companies that prohibited any one institution from acting as any combination of an investment bank, commercial bank, and an insurance company

Answer 25

Gramm-Leach-Bliley Act (GLB) or Financial Services Modernization Act of 1999

Question 26

Must communicate with users about how information is shared and give them a chance to opt out

Answer 26

Financial privacy rule

Question 27

Requires financial institutions to develop a written information security plan that describes how the company is prepared for, and plans to contribute to protect clients’ nonpublic personal information

Answer 27

Safeguards Rule

Question 28

Encourages the organizations covered by the GLB to implement safeguards against pretexting

Answer 28

Pretexting (social engineering) Protection

Question 29

Permits a school to disclose personally identifiable information from educational records of an “eligible student” to his or her parents, if student if a dependent

Answer 29

FERPA (Family Educational Rights and Privacy Act

Question 30

Via what is private data collected during web activities, when when no private info is entered?

Answer 30

Online forms, clickstreams, and cookies

Question 31

Small text files located on your computer to store information about you, your accounts, and your computer. A text data passed to a browser from a Web server. Then the text data is sent back to the Web server with every subsequent request to the Web server. Used by Web applications to store state and user information.

Answer 31

Cookies

Question 32

Who is Edward Snowden?

Answer 32

Former NSA Contractor

Question 33

In what phase is preliminary investigation?

Answer 33

Planning

Question 34

A set of components that interact to achieve a common goal

Answer 34

System

Question 35

A collection of hardware, software, data, people, and procedures that work together to produce quality information

Answer 35

Information System

Question 36

System development activities are group into..?

Answer 36

Phases and is called system development life cycle (SDLC)

Question 37

Scope, schedule, and resources

Answer 37

Iron Triangle

Question 38

The liaison between users and IT professionals

Answer 38

Systems analyst

Question 39

SDCL

Answer 39

System Development Life Cycle

Question 40

Why build the system? Who should be responsible for building it? Begins when the steering committee receives a project request.

Answer 40

Planning

Question 41

Who uses the system? What will it do? Where and when will the system be used? What will the system look like?

Answer 41

Analysis/Requirements

Question 42

How will the system work?

Answer 42

Design/Development

Question 43

Build, deliver, and maintain system

Answer 43

Implementation/Maintenance

Question 44

Who initiates a system development project?

Answer 44

FRSS - Request for system services

Question 45

Decision-making body for the company

Answer 45

Steering committee

Question 46

What does project management do?

Answer 46

Planning, scheduling, and controlling the activities during system development

Question 47

Key deliverables

Answer 47

System Request

Question 48

Determines and defines the exact nature of the problem improvement, interview the user who submitted the request, determine if request is feasible

Answer 48

Preliminary feasibility investigation

Question 49

Study how the current system works, determine the users’ wants, needs, and requirements, recommend a solution, know as logical design

Answer 49

Detailed Analysis

Question 50

A measure of how suitable the development of a system will be to the organization

Answer 50

Feasibility

Question 51

Key deliverable for analysis/requirements

Answer 51

Feasibility Analysis/system proposal (assess feasibility)

Question 52

An analysis and design technique that describes processes that transform inputs into outputs

Answer 52

Process modeling (data flow diagrams)
General term for diagram techniques: modeling
General term for outputs: schematics

Question 53

a tool that graphically shows the connections among entities

Answer 53

Entity-relationship diagram (ERD)