Chapter 12 - Managing Systems Support and Security

Question 1

One of four risk control strategies. In __________, the risk is accepted and nothing is done. Risk is usually accepted only if protection from risk is clearly not worth the expense.

Answer 1

acceptance

Question 2

Adds new capability and enhancements to an existing system.

Answer 2

adaptive maintenance

Question 3

An account that allows essentially unrestricted access to the application.

Answer 3

administrator account

Question 4

Documents the system at the end of the design phase and identifies any changes since the functional baseline. The ________________ includes testing and verification of all system requirements and features.

Answer 4

allocated baseline

Question 5

A person who works on new systems development and maintenance.

Answer 5

applications programmer

Question 6

The storage of previous version of a system when a new version is installed.

Answer 6

archived

Question 7

Hardware, software, data, networks, people, or procedures that provide tangible or intangible benefit to an organization.

Answer 7

asset

Question 8

A hostile act that targets an information system, or an organization itself.

Answer 8

attack

Question 9

Enables an application to contact the vendor’s server and check for a needed patch.

Answer 9

automatic update service

Question 10

One of the three main elements of system security: confidentiality, integrity, and _______________ (CIA). ______________ ensures that authorized users have timely and reliable access to necessary information.

Answer 10

availability

Question 11

One of four risk control strategies. In _____________, adding protective safeguards eliminates the risk.

Answer 11

avoidance

Question 12

Data storage options, including tape, hard drives, optical storage, and online storage.

Answer 12

backup media

Question 13

Detailed instructions and procedures for all backups.

Answer 13

backup policy

Question 14

A formal reference point that measures system characteristics at a specific time. Systems analysts use ______________ as yardsticks to document features and performance during the systems development process.

Answer 14

baseline

Question 15

A form of testing used by companies to measure system performance.

Answer 15

benchmark testing

Question 16

Mapping an individual’s facial features, handprint, or eye characteristics for identification purposes.

Answer 16

biometric scanning systems

Question 17

A password that must be entered before the computer can be started. It prevents an unauthorized person from booting a computer by using a secondary device.

Answer 17

BIOS-level password / Power-on Password / Boot-level password

Question 18

A plan that defines how critical business functions can continue in the event of a major disruption.

Answer 18

business continuity plan (BCP)

Question 19

A process that monitors current activity and performance levels, anticipates future activity, and forecasts the resources needed to provide desired levels of service.

Answer 19

capacity planning

Question 20

A process for controlling changes in system requirements during software development; also an important tool for managing system changes and costs after a system becomes operational.

Answer 20

change control (CC)

Question 21

The three main elements of system security: confidentiality, integrity, and availability.

Answer 21

CIA triangle

Question 22

One of the three main elements of system security: ______________, integrity, and availability (CIA). ______________ protects information from unauthorized discloser and safeguards privacy.

Answer 22

confidentiality

Question 23

A process for controlling changes in system requirements during the development phases of the SDLC. __ also is an important tool for managing system changes and costs after a system becomes operational.

Answer 23

configuration management (CM)

Question 24

A real-time streaming backup method that records all system activity as it occurs.

Answer 24

continuous backup

Question 25

Changes to the system to fix errors.

Answer 25

corrective maintenance

Question 26

Formal qualifications that include degrees, diplomas, or certificates granted by learning institutions to show that a certain level of education has been achieved.

Answer 26

credentials

Question 27

When risks are categorized and prioritized, ___________ (those with the highest vulnerability and impact ratings) head the list.

Answer 27

critical risks

Question 28

In normal operating conditions, any transaction that occurs on the primary system must automatically propagate to the hot site.

Answer 28

data replication

Question 29

A person who focuses on creating and supporting large-scale database systems.

Answer 29

database programmer

Question 30

An online attack that occurs when an attacking computer makes repeated requests to a service or services running on certain ports.

Answer 30

denial of service (DOS)

Question 31

A backup that includes only the files that have changed since the last full backup.

Answer 31

differential backup

Question 32

A documented procedure consisting of an overall backup and recovery plan.

Answer 32

disaster recovery plan

Question 33

A service attack involving multiple attacking computers that can synchronize DOS attacks on a server.

Answer 33

distributed denial of service (DDOS)

Question 34

Raiding desks or trash bins for valuable information.

Answer 34

dumpster diving

Question 35

A new feature or capability.

Answer 35

enhancement

Question 36

An attack that takes advantage of a system vulnerability, often due to a combination of one or more improperly configured services.

Answer 36

exploit

Question 37

The timely detection and resolution of operational problems. _____________________ includes monitoring a system for signs of trouble, logging all system failures, diagnosing the problem, and applying corrective action.

Answer 37

fault management

Question 38

A system or application is said to be ________________ if the failure of one component does not disable the rest of the system or application.

Answer 38

fault tolerant

Question 39

The main line of defense between a local network, or intranet, and the Internet.

Answer 39

firewall

Question 40

A complete backup of every file on the system.

Answer 40

full backup

Question 41

The configuration of the system documented at the beginning of the project. It consists of all the necessary system requirements and design constraints.

Answer 41

functional baseline

Question 42

Making a system more secure by removing unnecessary accounts, services, and features.

Answer 42

hardening

Question 43

A separate IT location, which might be in another state or even another country, that can support critical business systems in the event of a power outage, system crash, or physical catastrophe.

Answer 43

hot site

Question 44

Controls and procedures necessary to identify legitimate users and system components.

Answer 44

identity management

Question 45

The stealing of personally identifying information online.

Answer 45

identity theft

Question 46

A security standard for Wi-Fi wireless networks that uses the WPA2 protocol, currently the most secure encryption method for Wi-Fi networks.

Answer 46

IEEE 802.11i

Question 47

Saving a copy of only the files that have changed since the last full backup.

Answer 47

incremental backup

Question 48

One of the three main elements of system security: confidentiality, __________, and availability (CIA). ____________ prevents unauthorized users from creating, modifying, or deleting information.

Answer 48

integrity

Question 49

A bandwidth or throughput measurement.

Answer 49

kilobits per second (Kbps)

Question 50

A device that can be inserted between a keyboard and a computer to record keystrokes

Answer 50

keystroke logger

Question 51

Record typically kept by operating systems and applications that documents all events, including dates, times, and other specific information. ____ can be important in understanding past attacks and preventing future intrusions.

Answer 51

log

Question 52

Changing programs, procedures, or documentation to ensure correct system performance. Adapting the system to changing requirements, and making the system operate more efficiently. Those needs are met by corrective, adaptive, perfective, and preventive maintenance.

Answer 52

maintenance activities

Question 53

Costs that vary significantly during the system’s operational life and include spending to support maintenance activities.

Answer 53

maintenance expenses

Question 54

A formal release of a new system version that contains a number of changes.

Answer 54

maintenance release

Question 55

A system of numbered releases used by organizations (especially software vendors) that helps organize maintenance changes and updates.

Answer 55

maintenance release methodology

Question 56

One or more systems analysts and programmers working on product maintenance issues together

Answer 56

maintenance team

Question 57

Malicious software that might jeopardize the system’s security or privacy.

Answer 57

malware

Question 58

Workload measurements, also called _________, include the number of lines printed, the number of records accessed, and the number of transactions processed in a given time period.

Answer 58

metrics

Question 59

One of four risk control strategies. ___________ reduces the impact of a risk by careful planning and preparation. For example, a company can prepare a disaster recovery plan to mitigate the effects of a natural disaster should one occur.

Answer 59

mitigation

Question 60

Two or more devices that are connected for the purpose of sending, receiving, and sharing data.

Answer 60

network

Question 61

A combination of hardware and software that allows the computer to interact with the network.

Answer 61

network interface

Question 62

Software that monitors network traffic to detect attempted intrusions or suspicious network traffic patterns and sends alerts to network administrators. Can be helpful in documenting the efforts of attackers and analyzing network performance.

Answer 62

network intrusion detection system (NIDS)

Question 63

The practice of storing backup media away from the main business location, in order to mitigate the risk of a catastrophic disaster such as a flood, fire, or earthquake.

Answer 63

offsiting

Question 64

Expenses that are incurred after a system is implemented and continue while the system is in use. Examples include system maintenance, supplies, equipment rental, and annual software license fees.

Answer 64

operational costs

Question 65

Concerned with managerial policies and controls that ensure secure operations.

Answer 65

operational security / procedural security

Question 66

Changes to a system to improve efficiency.

Answer 66

perfective maintenance

Question 67

Data that is not encrypted.

Answer 67

plain text

Question 68

A positive integer that is used for routing incoming traffic to the correct application on a computer.

Answer 68

port

Question 69

An attempt to detect the services running on a computer by trying to connect to various ports and recording the ports on which a connection was accepted.

Answer 69

Port scans

Question 70

Obtaining personal information under false pretenses.

Answer 70

pretexting

Question 71

Changes to a system to reduce the possibility of future failure.

Answer 71

preventive maintenance

Question 72

A common encryption technology called ___. The private key is one of a pair of keys, and it decrypts data that has been encrypted with the second part of the pair, the public key.

Answer 72

private key encryption

Question 73

A dedicated connection, similar to a leased telephone line.

Answer 73

private network

Question 74

An unauthorized attempt to increase permission levels.

Answer 74

privilege escalation attack

Question 75

Describes the system at the beginning of operation. The ________________ incorporates any changes made since the allocated baseline and includes the results of performance and acceptance tests for the operational system.

Answer 75

product baseline

Question 76

A designation for positions that require a combination of systems analysis and programming skills.

Answer 76

programmer/analyst

Question 77

A common encryption technique. Each user on the network has a pair of keys: a public key and a private key. The public key encrypts data that can be decrypted with the private key.

Answer 77

public key encryption (PKE)

Question 78

A _____ system may be part of an organization’s backup and recovery plans. A _____ system mirrors the data while processing continues. _____ systems are called fault-tolerant, because a failure of any one disk does not disable the system.

Answer 78

redundant array of independent disks (RAID)

Question 79

The process of restoring data and restarting a system after an interruption.

Answer 79

recovery

Question 80

Applications that allow IT staff to take over a user’s workstation and provide support and troubleshooting.

Answer 80

remote control software

Question 81

The overall time between a request for system activity and the delivery of the response. In the typical online environment, ______________ is measured from the instant the user presses the ENTER key or clicks a mouse button until the requested screen display appears or printed output is ready.

Answer 81

response time

Question 82

Backups are stored for a specific _________________ after which they are either destroyed or the backup media is reused.

Answer 82

retention period

Question 83

Measures the likelihood and impact of risks.

Answer 83

risk assessment

Question 84

Develops safeguards that reduce the likelihood and impact of risks.

Answer 84

risk control

Question 85

Hardware, software, and procedural controls that safeguard and protect a system and its data from internal or external threats.

Answer 85

security

Question 86

Created by a combination of one or more improperly configured services.

Answer 86

security hole

Question 87

A plan that addresses the three main elements of system security: confidentiality, integrity, and availability.

Answer 87

security policy

Question 88

A physical device that authenticates a legitimate user, such as a smart card or keychain device.

Answer 88

security token

Question 89

An application that monitors, or listens on, a particular port.

Answer 89

service

Question 90

A maintenance release supplied by commercial software suppliers.

Answer 90

service packs

Question 91

An intruder uses social interaction to gain access to a computer system.

Answer 91

social engineering

Question 92

Communications, interpersonal skills, perceptive abilities, and critical thinking are __________. IT professionals must have ____________ as well as technical skills.

Answer 92

soft skills

Question 93

Uses analytical techniques to identify potential quality and performance improvements in an information system.

Answer 93

software reengineering

Question 94

A login account that allows essentially unrestricted access to the application.

Answer 94

superuser account

Question 95

A person who is responsible for the CM and maintenance of an organization’s computer networks.

Answer 95

system administrator

Question 96

A person who concentrates on operating system software and utilities.

Answer 96

systems programmer

Question 97

A case designed to show any attempt to open or unlock the case.

Answer 97

Tamper-evident cases

Question 98

An application that is not developed in-house.

Answer 98

third-party software

Question 99

In risk management, an internal or external or external entity that could endanger an asset.

Answer 99

threat

Question 100

A measurement of actual system performance under specific circumstances and is affected by network loads and hardware efficiency.________________, like bandwidth, is expressed as a data transfer rate, such as Kbps, Mbps, or Gbps.

Answer 100

throughput

Question 101

One of four risk control strategies. In ________________, risk is shifted to another asset or party, such as an insurance company.

Answer 101

transference

Question 102

A secure network connection established between the client and the access point of the local intranet.

Answer 102

tunnel

Question 103

A measure applied to centralized batch processing operations, such as customer billing or credit card statement processing. __________________ measures the time between submitting a request for information and the fulfillment of the request. ____________________ also can be used to measure the quality of IT support or services by measuring the time from a user request for help to the resolution of the problem.

Answer 103

turnaround time

Question 104

Data that is not encrypted.

Answer 104

unencrypted

Question 105

Battery-powered backup power source that enables operations to continue during short-term power outages and surges.

Answer 105

uninterruptible power supply (UPS)

Question 106

Can be fastened to a cable lock or laptop alarm.

Answer 106

Universal Security Slot (USS)

Question 107

User-specific privileges that determine the type of access a user has to a database, file, or directory.

Answer 107

user rights / permissions

Question 108

The main objective of a _____________________ is to show users how the system can help them perform their jobs.

Answer 108

user training package

Question 109

The process of tracking system releases.

Answer 109

version control

Question 110

Uses a public network to connect remote users securely. Allows a remote client to use a special key exchange that must be authenticated by the ___.

Answer 110

virtual private network (VPN)

Question 111

A security weakness or soft spot.

Answer 111

vulnerability

Question 112

A feature of business support systems that allows analysis to define and account for a wide variety of issues (including issues not completely defined).

Answer 112

what-if analysis

Question 113

A common method used to secure a wireless network. This approach requires each wireless client be configured manually to use a special, pre-shared key, rather than key pairs. The most recent and more secure version is WPA2.

Answer 113

Wi-Fi Protected Access (WPA)

Question 114

One of the earliest methods used to secure a wireless network, superseded by WPA and WPA2.

Answer 114

Wired Equivalent Privacy (WEP)

Question 115

A wireless security standard based on 802.11i that provides a significant increase in protection over WEP and WPA.

Answer 115

WPA2