IA Knowledge VI

Question 1

A computer network made up of local-area networks over a large area (e.g., nation or world) using multiple transmission media.

Answer 1

Wide-area network (WAN)

Question 2

Self-replicating malicious software that can disrupt networks or computers.

Answer 2

Worm

Question 3

Malicious code that attaches itself to storage media, documents, or executable files and is spread when the files are shared with others.

Answer 3

Virus

Question 4

Use open Internet protocols and standards to create stand-alone, modular software called services that are capable of describing themselves and integrating with other similar services.

Answer 4

Web services

Question 5

The combination of transfer protocol, domain name, directory path, and document name.

Answer 5

Uniform Resource Locator

Question 6

A secure method of connecting two points on the Internet, often run by an Internet service providers.

Answer 6

Virtual private network (VPN)

Question 7

A type of firewall that enhances packet filtering by monitoring packet flows in general.

Answer 7

Stateful inspection

Question 8

Process or transaction-level controls that must be in place for management and governance controls to be effective. They are usually specific to a given application but may also control larger technical processes such as system access rights.

Answer 8

Technical controls

Question 9

Unsolicited bulk e-mail.

Answer 9

Spam

Question 10

A network topology in which each device is wired to a central device that routes data to or from other devices, eliminating the need to wire between devices.

Answer 10

Star network

Question 11

A contract between an organization and a software vendor specifying terms of use.

Answer 11

Software license agreement

Question 12

Making illegal duplicate copies of software or installation of software beyond what is allowed in a license agreement.

Answer 12

Software piracy

Question 13

A powerful computer with high bandwidth dedicated to a specific task such as providing access to files or managing the common application needs of an organization.

Answer 13

Server

Question 14

A software system design that allows for sharing of Web services as needed; a service consumer gets Web services from various service providers.

Answer 14

Service-oriented architecture (SOA)

Question 15

The overall rules for a database.

Answer 15

Schema

Question 16

The processes an organization puts into place so that security controls and expenditures are fully commensurate with the risks to which the organization is exposed.

Answer 16

Security risk management

Question 17

The acceptable levels of variation relative to the achievement of objectives.

Answer 17

Risk tolerance

Question 18

In terms of networking hardware, an intelligent processor that networks devices using protocols.

Answer 18

Router

Question 19

A database management system that is arranged into two-dimensional files called tables, with links between tables that share a common attribute.

Answer 19

Relational database

Question 20

A network topology in which the network is arranged in a circle, so two paths for data are available.

Answer 20

Ring network

Question 21

In a database, a logical grouping of fields.

Answer 21

Record

Question 22

A hardware control in which each transmitted data element receives an additional bit (character) of data mathematically related to the data; abnormal changes will void the mathematical relationship.

Answer 22

Redundant character check

Question 23

Automated error checks built into computer processing as well as segregation of duties such as controlling programmers’ access to files and records. They check that data processing tasks are accurate, complete, and valid.

Answer 23

Processing controls

Question 24

An encryption method in which two keys are created, private and public. The sender places the public key in a directory or an application automatically applies it to lock sent data; to decrypt the data, the private key must be used

Answer 24

Public key encryption

Question 25

In a database, a unique key field number (i.e., a proper noun) used to identify a specific entity.

Answer 25

Primary key

Question 26

An encryption method in which a sender creates an encryption key and sends it to a trusted receiver, who can use it to decrypt all messages in that session.

Answer 26

Private key encryption

Question 27

In terms of networking hardware, a physical connection point to a device

Answer 27

Port

Question 28

A type of proactive control that deters undesirable events from occurring.

Answer 28

Preventive control

Question 29

A type of computer network that is a direct connection between two computers.

Answer 29

Peer-to-peer network

Question 30

The means of preventing access to an asset such as locks and/or key cards preventing access to a building, to data centers, and to key operational areas.

Answer 30

Physical access controls

Question 31

A type of firewall that compares source and destination addresses to an allowed list, examining headers and other fields in packets of data.

Answer 31

Packet filtering

Question 32

The installation of released bug fixes to applications that are already in production.

Answer 32

Patch management

Question 33

Process or transaction-level controls that find errors and verify the accuracy, completeness and validity of output data after processing is complete.

Answer 33

Output controls

Question 34

A general term describing a logical grouping of data passing through network layers.

Answer 34

Packet

Question 35

A method of defining how messages should be sent through a network so that unrelated products can work together.

Answer 35

Open Systems Interconnection (OSI) reference model

Question 36

The software interface between the hardware and the applications and end user.

Answer 36

Operating system (O/S)

Question 37

Hardware and software systems on a network that analyze incoming packet content, dropping malicious packets.

Answer 37

Network IPS (NIPS)

Question 38

Software that allows multiple perspectives for a set of data to be analyzed.

Answer 38

Online analytical processing (OLAP)

Question 39

Networking hardware that combines multiple channels into a single channel, such as multiple phone lines sharing a single physical phone line.

Answer 39

Multiplexer

Question 40

Used by firewalls with packet filtering and stateful inspection to hide the internal host computer IP addresses from sniffer utilities.

Answer 40

Network address translation (NAT)

Question 41

IT controls that determine and mitigate risks to critical assets, sensitive data, or operations, including standards, organizational structure, and physical and environmental controls.

Answer 41

Management controls

Question 42

Type of processing that is halfway between batch and real-time processing. Creates real-time entries that are posted to a temporary memo file (which allows the updated information to be viewed); at a designated time the memo file is batch-processed to update the master file.

Answer 42

Memo posting

Question 43

A type of computer network for a limited geographical area such as a building.

Answer 43

Local-area network (LAN)

Question 44

A large computer capable of supporting massive inputs and outputs and many concurrent users.

Answer 44

Mainframe computer

Question 45

In a database, the field used to identify an entity, such as employee number.

Answer 45

Key field

Question 46

A type of control that requires data to be entered twice, by different persons if possible, and highlights any differences.

Answer 46

Keystroke verification

Question 47

An organization that provides connection to the Internet via a TCP/IP (Transmission Control Protocol/Internet Protocol) connection or provides network services (IP network).

Answer 47

Internet service provider (ISP)

Question 48

An internal network for employees built using thin-client tools, standards, and protocols of the World Wide Web and the Internet.

Answer 48

Intranent

Question 49

A series of high-capacity trunk lines owned and operated by network service providers (e.g., long-distance telephone companies or governments).

Answer 49

Internet backbone

Question 50

Numeric address for a specific computer located on the Internet, e.g., 128.6.13.42.

Answer 50

Internet protocol (IP) address

Question 51

A process designed to provide reasonable assurance regarding the achievement of objectives in the categories of effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.

Answer 51

Internal control

Question 52

A network of networks that have devoted a portion of their processing power and data to public use.

Answer 52

Internet

Question 53

A type of control intended to prevent computer errors by controlling data as it manually or electronically enters the system.

Answer 53

Input controls

Question 54

A type of control that tracks all read-only access to records.

Answer 54

Inquiry log

Question 55

The illegal use of sensitive information to impersonate an individual over computer networks in order to defraud the person or commit a crime without the perpetrator’s true identity being known.

Answer 55

Identity theft

Question 56

The risk that inaccurate information is used to make a business decision.

Answer 56

Information risk

Question 57

Regular and encrypted versions of the communications standard for Internet message formatting and transmission.

Answer 57

HTTP/HTTPS (Hypertext Transfer Protocol/Secure HTTP)

Question 58

In terms of networking hardware, a port switching communications device.

Answer 58

Hub

Question 59

Entity-level IT controls that applies generally to the IT environment or overall mix of systems, networks, data, people, and processes.

Answer 59

General control

Question 60

Software that functions at the operating system kernel level to detect and block abnormal application behavior before it executes.

Answer 60

Host IPS (HIPS)

Question 61

Networking hardware that connects networks with dissimilar architectures.

Answer 61

Gateway

Question 62

A type of firewall that stops traffic flowing to a specific application such as File Transfer Protocol.

Answer 62

Gateway firewall

Question 63

A hardware/software combination that routes all communications to or from the outside world through it, blocking unauthorized traffic.

Answer 63

Firewall

Question 64

A type of control that checks to see that data is entered in an acceptable format.

Answer 64

Format check

Question 65

In a database, a collection of related records.

Answer 65

File

Question 66

Allows transfer of large files between computers on a network or the Internet.

Answer 66

File Transfer Protocol (FTP)

Question 67

In a database, a business object such as a name or an asset.

Answer 67

Field

Question 68

A type of control that involves a check to see if information in an entry field is complete.

Answer 68

Field check

Question 69

A network that is similar to an intranet but is designed for customers, external partners, or suppliers.

Answer 69

Extranet

Question 70

Components that have redundancies in hardware or software to allow continued operations if a system fails.

Answer 70

Fault-tolerant components

Question 71

In a database, a record that relates to a person, place, or thing.

Answer 71

Entity

Question 72

Software systems that capture the knowledge of a professional using a series of decision points; used to automate complex situations requiring judgment, such as the probability of loan default.

Answer 72

Expert systems

Question 73

A portfolio of technologies that help disparate applications communicate.

Answer 73

Enterprise application integration (EAI)

Question 74

Modular suites of business applications that share data between modules seamlessly and store all data in a single repository.

Answer 74

Enterprise resource planning (ERP) systems

Question 75

A type of control that involves automated tests on data fields.

Answer 75

Edit check

Question 76

Use of a mathematical algorithm to scramble data so that it cannot be unscrambled without a numeric key code.

Answer 76

Encryption

Question 77

A hardware control in which a process is done twice and compared.

Answer 77

Duplicate process check

Question 78

A hardware control in which received data is returned to the sender for comparison.

Answer 78

Echo check

Question 79

A hierarchical server network that maintains the domain names for conversion to IP addresses.

Answer 79

Domain name system (DNS)

Question 80

An input/output node for a mainframe system, consisting of either just a display and entry devices or a PC running terminal emulation software.

Answer 80

Dumb terminal

Question 81

Uses public key encryption and a hashing algorithm (information about the transmitted data) to prevent an original message from being reconstructed.

Answer 81

Digital signature

Question 82

A plain language label referring to a numeric IP address.

Answer 82

Domain name

Question 83

An application that links users and programs to a database and allows the database to be manipulated by multiple applications.

Answer 83

Database management system (DBMS)

Question 84

A broad category of software systems designed not to make decisions but to enhance information available to management in making decisions.

Answer 84

Decision support systems (DSS)

Question 85

Database designed to collect the information from one or more transactional databases for purposes of multiyear storage of records and reporting.

Answer 85

Data warehouse

Question 86

Any repository of data in a computer system.

Answer 86

Database

Question 87

A user-friendly method of querying a database for information.

Answer 87

Data query language

Question 88

An input/output node for a mainframe system, consisting of either just a display and entry devices or a PC running terminal emulation software.

Answer 88

Data terminal

Question 89

A language that has commands for viewing or changing a database.

Answer 89

Data manipulation language

Question 90

The capability of sifting through and analyzing large volumes of data to find certain patterns or associations.

Answer 90

Data mining

Question 91

A master record concerning the data in a database.

Answer 91

Data dictionary

Question 92

In a database, the specific data in fields.

Answer 92

Data items

Question 93

The removal of redundancies and errors in a database.

Answer 93

Data cleansing

Question 94

Describes the data and the relationships between data in a database, including logical access paths and records.

Answer 94

Data definition language

Question 95

Files intended to be accessible only by the creator that are used to store data about a user’s preferences.

Answer 95

Cookies

Question 96

IT controls that are used once errors, fraud, or other control issues have been detected. These are designed to allow manual or automated correction of errors or irregularities discovered by detective controls.

Answer 96

Corrective controls

Question 97

A computer network formed by a group of organizations to assist in intercommunications.

Answer 97

Consortium network

Question 98

A system of internal controls for managing the availability of computer and other resources and data after a processing disruption.

Answer 98

Contingency planning

Question 99

A network architecture that uses servers for specialized functions; clients (the recipients of these functions) are PCs that send requests to the servers.

Answer 99

Client/server architecture

Question 100

The sum of all infrastructure and applications required to connect two or more network nodes (computers and devices).

Answer 100

Computer network

Question 101

Any alphanumeric key; the item that is second-lowest in the database hierarchy.

Answer 101

Character

Question 102

A type of control in which an extra digit is added that has an algorithmic relationship to the remaining digits to show if the number was incorrectly entered such as by transposition.

Answer 102

Check digits

Question 103

A network topology that has a main line (bus); all devices are connected to the line.

Answer 103

Bus network

Question 104

A set of processes developed for the entire enterprise, outlining the actions to be taken by the information technology (IT) organization, executive staff, and various business units in order to quickly resume operations in the event of a business disruption or service outage.

Answer 104

Business continuity plan

Question 105

A binary digit; the item that is lowest in the database hierarchy.

Answer 105

Bit

Question 106

Networking hardware that connects two or more LANs with similar architectures.

Answer 106

Bridge

Question 107

In a database, fields relating to entities.

Answer 107

Attributes

Question 108

A type of processing that accumulates data changes until a set time and then releases them to the database.

Answer 108

Batch processing

Question 109

An IT control related to the specific functioning of an application system that supports a specific business process.

Answer 109

Application control

Question 110

A type of firewall that serves as an intermediary for communications between the external world and private internal servers; intercepts external packets and, after inspection, relays a version of the information, called a proxy, to the private server, and vice versa.

Answer 110

Application gateway/proxy server