Vulnerability of Information Systems

Question 1

Antivirus Software

Answer 1

An antivirus program is a software program that scans files on the
network against known virus patterns.

Question 2

Cloud Computing

Answer 2

Cloud computing refers to Internet-based computing, where
computers obtain infrastructure such as software and information
from common centers on demand.

Question 3

CRM System

Answer 3

A customer-relationship management (CRM) system manages the
company’s client interactions, such as in sales, marketing, and
customer service.

Question 4

Data Mining and Visualization

System

Answer 4

A data mining and visualization system derives patterns from data.

Question 5

E-Commerce System

Answer 5

An e-commerce system is used for buying and selling products or
providing services over the Internet.

Question 6

ERP System

Answer 6

An enterprise resource planning (ERP) system supports and
integrates the various functions within the organization, including
planning, manufacturing, sales, marketing, and accounting.

Question 7

Firewall

Answer 7

A firewall is a piece of a hardware or software program that prevents
hackers, viruses, and worms from reaching a computer or network
on the Internet.

Question 8

MIS

Answer 8

A management information system (MIS) provides information

needed to effectively manage an organization.

Question 9

Proxy Server

Answer 9

A proxy server is an enhanced firewall that intercepts incoming and
outgoing traffic over the network. It also masks the true network
address.

Question 10

RFID

Answer 10

Radio-frequency identification (RFID) technology involves the use of
tags that can be read using radio waves for the purpose of
identification of an object, person, or animal. RFID are small tags
that can be read by sensors and, as an example, can track products
at supermarkets and other places. They should not be confused with
universal product codes (UPCs), which are still the most popular
method of scanning and reading bar codes on most products at
checkout.

Question 11

Transaction Processing

System

Answer 11

A transaction processing system manages the data transactions of
an organization.

Question 12

DNS (Domain Name Service)

Answer 12

resolves domain names to IP addresses

Question 13

FTP (File Transfer Protocol)

Answer 13

transfers data over a network from one computer to another

Question 14

HTTP (Hypertext Transfer Protocol)

Answer 14

used for Web pages

HTTPS: HTTP using SSL

Question 15

HTTPS

Answer 15

HTTP using SSL

Question 16

IMAP (Internet Message Access Protocol)

Answer 16

an e-mail receiving protocol that maintains messages on a server

Question 17

LDAP (Lightweight Directory Access Protocol)

Answer 17

provides logon to network environments

Question 18

POP3 (Post Office Protocol Version 3)

Answer 18

an e-mail receiving protocol for MTA-to-UA transmissions

Question 19

SMTP (Simple Mail Transfer Protocol)

Answer 19

an e-mail sending protocol for UA-to-MTA or MTA-to-MTA transmissions

Question 20

SSL (Secure Sockets Layer)

Answer 20

a cryptographic protocol that provides secure communications on the Internet (there are hundreds of these protocols - this is an illustrative example).

Question 21

Telnet

Answer 21

a protocol for virtual terminal-to-host network connections

Question 22

TFTP (Trivial File Transfer Protocol)

Answer 22

a simple, basic file transfer protocol with limited functionalities

Question 23

X.500 Directory Service

Answer 23

the OSI directory service

Question 24

AES (Advanced Encryption Standard)

Answer 24

an NIST standard secret key encryption algorithm

Question 25

ASN.1 (Abstract Syntax Notation One)

Answer 25

an ISO and ITU standard for describing abstract data structures for encoding and decoding data for transmission

Question 26

CDR (Common Data Representation)

Answer 26

a protocol used to represent data that is passed in CORBA object invocations

Question 27

ITU-T X.216/ISO 8822

Answer 27

the OSI presentation service definition

Question 28

ITU-T X.226/ISO 8823

Answer 28

the OSI connection-oriented presentation protocol specification

Question 29

Java Serialization

Answer 29

a Java communication mechanism that saves and restores an object

Question 30

Bot-network operators

Answer 30

Bot-network operators are hackers; however, instead of breaking into systems for the challenge or bragging rights, they take over multiple systems in order to coordinate attacks and to distribute phishing schemes, spam, and malware attacks. The services of these networks are sometimes made available in underground markets (e.g., purchasing a denial-of-service attack, servers to relay spam, or phishing attacks, etc.).

Question 31

Criminal groups

Answer 31

Criminal groups seek to attack systems for monetary gain. Specifically, organized crime groups are using spam, phishing, and spyware/malware to commit identity theft and online fraud. International corporate spies and organized crime organizations also pose a threat to the United States through their ability to conduct industrial espionage and large-scale monetary theft and to hire or develop hacker talent.

Question 32

Foreign intelligence services

Answer 32

Foreign intelligence services use cyber tools as part of their information-gathering and espionage activities. In addition, several nations are aggressively working to develop information warfare doctrine, programs, and capabilities. Such capabilities enable a single entity to have a significant and serious impact by disrupting the supply, communications, and economic infrastructures that support military power - impacts that could affect the daily lives of U.S. citizens across the country.

Question 33

Hackers

Answer 33

Hackers break into networks for the thrill of the challenge or for bragging rights in the hacker community. While remote cracking once required a fair amount of skill or computer knowledge, hackers can now download attack scripts and protocols from the Internet and launch them against victim sites. Thus while attack tools have become more sophisticated, they have also become easier to use. According to the Central Intelligence Agency, the large majority of hackers do not have the requisite expertise to threaten difficult targets such as critical U.S. networks. Nevertheless, the worldwide population of hackers poses a relatively high threat of an isolated or brief disruption causing serious damage.

Question 34

Insiders

Answer 34

The disgruntled organization insider is a principal source of computer crime. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a target system often allows them to gain unrestricted access to cause damage to the system or to steal system data. The insider threat also includes outsourcing vendors as well as employees who accidentally introduce malware into systems.

Question 35

Phishers

Answer 35

Individuals, or small groups, who execute phishing schemes in an attempt to steal identities or information for monetary gain. Phishers may also use spam and spyware/malware to accomplish their objectives.

Question 36

Spammers

Answer 36

Individuals or organizations who distribute unsolicited e-mail with hidden or false information in order to sell products, conduct phishing schemes, distribute spyware/malware, or attack organizations (i.e., denial of service).

Question 37

Spyware/malware authors

Answer 37

Individuals or organizations with malicious intent carry out attacks against users by producing and distributing spyware and malware. Several destructive computer viruses and worms have harmed files and hard drives, including the Melissa Macro Virus, the Explore.Zip worm, the CIH (Chernobyl) Virus, Nimda, Code Red, Slammer, and Blaster.

Question 38

Terrorists

Answer 38

Terrorists seek to destroy, incapacitate, or exploit critical infrastructures in order to threaten national security, cause mass casualties, weaken the U.S. economy, and damage public morale and confidence. Terrorists may use phishing schemes or spyware/malware in order to generate funds or gather sensitive information.

Question 39

NFS (Network File System)

Answer 39

accesses remote resources transparently and represents files and directories as if they were local to the user

Question 40

SAP (Session Announcement Protocol)

Answer 40

assists in the advertisement of a multicast session over multicast IP addresses

Question 41

SCP (Session Control Protocol)

Answer 41

designed for multiple sessions over a single TCP Connection

Question 42

SDP (Session Description Protocol)

Answer 42

describes streaming media initialization parameters, published by IETF as RFC 4566

Question 43

SQL (Structured Query Language)

Answer 43

functions as a query language that requests, updates, and manages databases

Question 44

SSH (Secure Shell)

Answer 44

a protocol used in Telnet sessions for remote login

Question 45

SSL (Secure Sockets Layer)

Answer 45

a cryptographic protocol that provides secure communications on the Internet (there are hundreds of these protocols

Question 46

SCTP(Stream Control Transmission Protocol)

Answer 46

a reliable, general-purpose protocol that provides stable, ordered message delivery

Question 47

TCP (Transmission Control Protocol)

Answer 47

provides a connection-oriented point-to-point connection between two hosts

Question 48

TLS (Transport Layer Security)

Answer 48

a successor to SSL for providing secured communications on the Internet

Question 49

UDP (User Datagram Protocol)

Answer 49

provides a connectionless communication, which broadcasts message to one or more hosts

Question 50

AH (Authentication Header)

Answer 50

a protocol that provides source authentication and data integrity

Question 51

CHAP (Challenge Handshake Authentication Protocol)

Answer 51

uses a three-way handshake to provide dial-up security

Question 52

ESP (Encapsulating Security Payload)

Answer 52

a protocol that provides privacy, source authentication, and data integrity

Question 53

ICMP (Internet Control Message Protocol)

Answer 53

used in handling errors and controlling traffic

Question 54

IP (Internet Protocol)

Answer 54

used to carry data in Microsoft and Internet networks

Question 55

IPSec (Internet Protocol Security)

Answer 55

a collection of protocols that provide security for Internet packets

Question 56

IPX (Internet Packet Exchange)

Answer 56

a protocol used to carry data in Novell networks

Question 57

ISAKMP (Internet Security Association and Key Management Protocol)

Answer 57

used to establish security associations and cryptographic keys

Question 58

OSPF (Open Shortest Path First)

Answer 58

a routing protocol based on the shortest path to the destination

Question 59

PAP (Password Authentication Protocol)

Answer 59

used to validate the identity of a dial-up user

Question 60

RIP (Routing Information Protocol)

Answer 60

a routing protocol based on the hop count to the destination

Question 61

ATM (Asynchronous Transfer Mode)

Answer 61

a high-speed protocol that makes use of 53-byte frames

Question 62

BSC (Binary Synchronous Control)

Answer 62

a character-oriented protocol that uses control characters

Question 63

CSMA/CD (Carrier Sense Multiple Access/Collision Detect)

Answer 63

a protocol that transmits data when the link is clear; and detects any collisions

Question 64

Frame Relay

Answer 64

a protocol for WAN connections

Question 65

HDLC (High-Level Data Link Control)

Answer 65

a bit-oriented protocol for synchronous transmissions

Question 66

IEEE 802

Answer 66

a series of data link protocols promulgated by the Institute of Electrical and Electronic Engineers

Question 67

IEEE 802.3 (Ethernet)

Answer 67

also known as CMSA/CD

Question 68

IEEE 802.4 (Token Bus)

Answer 68

a token-passing protocol used on a bus network

Question 69

IEEE 802.5 (Token Ring)

Answer 69

a token-passing protocol used on a ring network

Question 70

IEEE 802.11

Answer 70

wireless network protocols and standards

Question 71

PPP (Point-to-a protoPoint Protocol)

Answer 71

used for dial-up connections

Question 72

WEP (Wired Equivalent Privacy)

Answer 72

a wireless LAN protocol that provides authentication and encryption

Question 73

WPA (Wi-Fi Protected Access) and WPA2

Answer 73

wireless LAN protocols that provide authentication and encryption

Question 74

IrDA

Answer 74

a protocol that supports infrared point-to-point and multipoint communication between devices

Question 75

V.24

Answer 75

a protocol that transmits data between the Data Terminate Emulator (DTE) and Data Communication Emulator (DCE)

Question 76

V.92

Answer 76

a protocol for standard dial-up modems

Question 77

X21

Answer 77

a specification for serial communications over synchronous lines

Question 78

X21 bis

Answer 78

indicates the connection when flags are detected