MIS: Exam 4 - Ch 8

Question 1

Policies, procedures and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.

Answer 1

Security

Question 2

Methods, policies and organizational procedures that ensure safety of organizations assets, accuracy/reliability of records, and operating standards.

Answer 2

Controls

Question 3

Information security expert who attacks a system on behalf of it’s owners/developers in an effort to identify vulnerabilities that a malicious hacker could exploit.

Answer 3

Ethical Hacker

Question 4

A non-technical method of intrusion that relies heavily on human interactions and deception in order to gain access to protected systems and/or information.

Answer 4

Social Engineering

Question 5

Provides some security by assigning unique name to network’s SSID (service set identifiers) and not broadcasting SSID. Using it with VPN technology

Answer 5

WEP (Wired Equivalent Privacy) Security

Question 6

Uses continually changing keys and encrypted authentication system with central server. Replaced WEP with stronger standards. Wi-Fi Alliance finalized it.

Answer 6

WPA2

Question 7

Rogue software program that attaches itself to other software programs or data files in order to be executed

Answer 7

Viruses

Question 8

Independent computer programs that copy themselves from one computer to other computers over a network.

Answer 8

Worms

Question 9

Software program that appears to be benign but then does something other than expected.

Answer 9

Trojan Horses

Question 10

Hackers submit data to Web forms that exploits site’s unprotected software and sends rogue SQL query to database

Answer 10

SQL Injection Attacks

Question 11

Small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising

Answer 11

Spyware

Question 12

Record every keystroke on computer to steal serial numbers, passwords, launch Internet attacks

Answer 12

Key Loggers

Question 13

What Hackers and Crackers have in common?

Answer 13

Both gain access by finding and exploiting security weaknesses

Question 14

A person who gains unauthorized access to a computer network for profit, criminal mischief, or personal pleasure

Answer 14

Hacker

Question 15

Used to denote a Hacker with criminal intent

Answer 15

Cracker

Question 16

Any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution.

Answer 16

Computer Crime

Question 17

In computer crime, the computer may be the _______ of crime OR the _______ of crime

Answer 17

Computer may be target of crime OR instrument of crime

Question 18

Computer/Cyber crime activities include:

Answer 18

system intrusion, system damage, Hacktivism, Cybervandalism

Question 19

Intentional disruption, defacement, destruction of Web site or corporate information system

Answer 19

Cybervandalism

Question 20

Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else OR Redirecting Web link to address different from intended one, with site masquerading as intended destination

Answer 20

Spoofing

Question 21

Eavesdropping program that monitors information traveling over network. Enables hackers to steal proprietary information such as e-mail, company files, etc.

Answer 21

Sniffer

Question 22

Flooding server with thousands of false requests to crash the system/network.

Answer 22

DOS - Denial of Service Attacks

Question 23

Use of numerous computers to launch a DoS

Answer 23

DDos - Distributed Denial-of-service attacks

Question 24

Networks of “zombie” PCs infiltrated by malware. Worldwide, 6 - 24 million computers serve as zombie PCs in thousands of ______s

Answer 24

Botnets

Question 25

Medical security and privacy rules and procedures

Answer 25

HIPAA

Question 26

Requires financial institutions to ensure the security and confidentiality of customer data

Answer 26

Gramm-Leach-Bliley Act

Question 27

Imposes responsibility on companies and their management to safeguard the accuracy and integrity of financial information that is used internally and released externally

Answer 27

Sarbanes-Oxley Act

Question 28

Example of authentication method, Something you know:

Answer 28

Password

Question 29

Example of authentication method, Something you have:

Answer 29

Smart Card / Token

Question 30

Example of authentication method, Something you are:

Answer 30

Biometric Authentication - Finger prints, iris, voice recognition

Question 31

Combination of hardware and software that prevents unauthorized users from accessing private networks. Scans and identifies network traffic

Answer 31

Firewall

Question 32

Place between the Corporate Network and the WWW where certain info can be accessed from outside the company while the rest of the corporate network is guarded by 2 firewalls.

Answer 32

Demilitarized Zone

Question 33

Monitor hot spots on corporate networks to detect and deter intruders. Examines events as they are happening to discover attacks in progress

Answer 33

Intrusion Detection System

Question 34

Checks computers for presence of malware and can often eliminate it as well. Requires continual updating

Answer 34

Antivirus/Anti-Spyware

Question 35

Security Appliance: firewall, VPN, intrusion detection, filtering, anti-spam/mal-ware

Answer 35

UTM Unified Threat Management Systems

Question 36

Data is encrypted using a secret numerical code, called an encryption key, which transforms plain data into cipher text. Messages must be decrypted by the receiver

Answer 36

Encryption

Question 37

Encryption Method: Sender and receiver use single, shared key

Answer 37

Symmetric Key Encryption

Question 38

Uses two, mathematically related keys: Public key and private key. Sender encrypts message with recipient’s public key. Recipient decrypts with private key

Answer 38

Public Key Encryption

Question 39

Data file used to establish the identity of users and electronic assets for protection of online transactions. Using a trusted 3rd party Certification Authority (CA), CA verifies user’s identity, stores information in CA server, which generates encrypted digital certificate containing owner ID information and copy of owner’s public key

Answer 39

Digital Certificate

Question 40

Encrypts at the Transport Layer of the TCP/IP protocol

Answer 40

SSL Secure Sockets Layer and TLS successor Transport Layer Security

Question 41

Encrypts at the Application Layer of the TCP/IP protocol

Answer 41

S-HTTP Secure Hypertext Transfer Protocol

Question 42

Online transaction processing requires 100% availability, no downtime

Answer 42

Ensuring System Availability

Question 43

Contain redundant hardware, software, and power supply components that create an environment that provides continuous, uninterrupted service. For continuous availability, e.g. stock markets. Put into effect to ensure 100% availability

Answer 43

Fault-Tolerant Computer Systems

Question 44

Designing systems that recover quickly with capabilities to help operators pinpoint and correct of faults in multi-component systems

Answer 44

Recovery-Oriented Computing