CIS EXAM 2 Flashcards

Question

Symmetric

Answer 1

Based on transformations Same key used to encrypt and decrypt

Answer 2

Outlines procedures for keeping an organization operational Prepare for disaster Plan steps for resuming normal operations as soon as possible

Answer 3

Electronic transfer of data from one location to another Enables an information system to deliver information Improves the flexibility of data collection and transmission Basis of virtual organizations Enables e-collaboration

Answer 4

Amount of data that can be transferred from one point to another in a certain time period

Answer 5

�Loss of power in a signal as it travels from device to device

Answer 6

�Data are sent simultaneously to increase the transmission rate

Answer 7

Rules that govern data communication, including error detection, message length, and transmission speed Help ensure compatibility between different manufacturers� devices

Answer 8

Three major types of networks: Local area networks Wide area networks, Metropolitan area networks

Answer 9

Connects workstations and peripheral devices in close proximity Common types of local area networks: Ethernet � most common and token ring

Answer 10

Span several cities, states, or even countries Owned by different parties

Answer 11

Communication for multiple organizations in a city and sometimes nearby cities

Answer 12

Represents a network�s physical layout Five common topologies Star Ring Bus Hierarchical Mesh

Answer 13

Central computer and a series of nodes Advantages Cable layouts are easy to modify Centralized control makes detecting problems easier Nodes can be added to the network easily Better for handling heavy but short bursts of traffic Disadvantages Single point of potential failure Increased cost due to many cables

Answer 14

Each computer manages its own connectivity Each node is connected to two other nodes Upstream neighbor and downstream neighbor Transmission in one direction Implementations Token ring Fiber Distributed Data Interface (FDDI) Needs less cable than star Handles heavy short bursts well

Answer 15

Connects nodes along a network segment Ends of the cable aren�t connected Terminator absorbs signal at each end A node failure has no effect on any other node Advantages Easy to extend Very reliable Wiring layout is simple and uses the least amount of cable of any topology Best for handling steady (even) traffic Disadvantages Fault diagnosis is difficult Bus cable can be a bottleneck when network traffic is heavy

Answer 16

Important networking concepts Protocols TCP/IP Routing Routers Client/server model

Answer 17

Agreed-on methods and rules that electronic devices use to exchange information Deal with hardware connections Control data transmission and file transfers Specify the format of message packets Multiple protocol support is important

Answer 18

The network architecture is layered Descending levels of abstraction Applications at the top Hardware at the bottom The layers do not communicate directly across to their counterparts Each layer relies on the next layer down Getting the layers right has been a subject of debate

Answer 19

Industry-standard suite of communication protocols Main advantage is that it enables interoperability Originally intended for Internet communication Major protocols in the TCP/IP suite: Transmission Control Protocol (TCP) Operates at the Transport layer Internet Protocol (IP) Operates at the Network layer

Answer 20

Collection of binary digits, including message data and control characters for formatting and transmitting Sent from computer to computer over a network When a packet is transmitted from one network device to another, the transmission is called a hop When packets arrive at the destination computer, they need not in the proper order

Answer 21

Process of deciding which path data takes Decisions made using routing table Centralized routing Distributed routing

Answer 22

Network connection device containing software Connects network systems and controls traffic flow between them Must use a common routing protocol Operates at network layer Performs the same functions as a bridge More sophisticated device Chooses the best possible path for packets

Answer 23

Software runs on the local computer (the client) Communicates with the remote server to request information or services Server Remote computer on the network that provides information or services in response to client requests Basic client/server communication Advantage: scalability Three levels of logic: presentation, application, and data management

Answer 24

Client communicates directly with the server Presentation logic is always on the client Data management logic is on the server Application logic located on either or both Effective in small workgroups Only in small workgroups?

Answer 25

Uses wireless instead of wired technology Advantages Mobility, flexibility, ease of installation, and low cost Disadvantages Limited throughput and range, in-building penetration problems, vulnerability to frequency noise, and security

Answer 26

Network operating on a radio frequency (RF), consisting of radio cells served by a base station Advantages Mobility, flexibility, ease of installation, and low cost Disadvantages Limited throughput and range, in-building penetration problems, vulnerability to frequency noise, and security

Answer 27

Integrating voice, video, and data so that multimedia information can be used for decision making required network upgrades

Answer 28

Protecting Information Resources; Data Communication; The Internet, Intranets, and Extranets; HTML, E-Commerce

Answer 29

Misuses of information technology Preventing and Minimizing Policies and procedures Operating system updates Antivirus and antispyware software E-mail security features Firewalls Intrusion detection systems Vulnerability scanners

Answer 30

Computer fraud Unauthorized use of computer data for personal gain Examples Denial-of-service attacks Identity theft Software piracy E-mail spamming Company insiders commit most computer crimes �Malicious insider� Computer fraud Unauthorized use of computer data for personal gain Examples Denial-of-service attacks Identity theft Software piracy E-mail spamming Company insiders commit most computer crimes �Malicious insider�

Answer 31

Phishing Sending fraudulent e-mails that seem to come from legitimate sources Direct e-mail recipients to false Web sites To capture private information Phishing Sending fraudulent e-mails that seem to come from legitimate sources Direct e-mail recipients to false Web sites To capture private information

Answer 32

Keystroke loggers Monitor and record keystrokes Can be software or hardware devices Both legitimate and illegitimate uses Keystroke loggers Monitor and record keystrokes Can be software or hardware devices Both legitimate and illegitimate uses

Answer 33

Capturing and recording network traffic Often used by hackers to intercept information

Answer 34

Attempt to gain access to a network by posing as an authorized user to find sensitive information

Answer 35

Type of malware Estimating the dollar amount of damage viruses cause can be difficult Usually given names I Love You, Michelangelo Virus: Consists of self-propagating program code that�s triggered by a specified time or event

Answer 36

Travels from computer to computer in a network Independent programs that can spread themselves without having to be attached to a host program Replicates into a full-blown version that eats up computing resources Well-known worms Code Red, Melissa, and Sasser

Answer 37

Named after the Trojan horse the Greeks used to enter Troy during the Trojan War Contains code intended to disrupt a computer, network, or Web site Usually hidden inside a popular program

Answer 38

Type of Trojan program used to release a virus, worm, or other destructive code Triggered at a certain time or by an event

Answer 39

Programming routine built into a system by its author Enables the author to bypass security and sneak back into the system later to access programs or files Users aren�t aware a backdoor has been activated

Answer 40

Combines the characteristics of several malicious codes with vulnerabilities on public/private networks Goal is not to just start/transmit an attack, but to spread it Multi-layer security system can guard from threats

Answer 41

Floods a network or server with service requests Prevent legitimate users� access to the system Targets Internet servers Distributed denial-of-service (DDoS) attack Hundreds or thousands of computers work together to bombard a Web site with thousands of requests for information in a short period Frequently use Botnets

Answer 42

Using �people skills� to trick others into revealing private information Takes advantage of the human element of security systems Difficult to track Use the private information they�ve gathered to break into servers and networks and steal data Commonly used social-engineering techniques �Dumpster diving� and �shoulder surfing�

Answer 43

Confidentiality System must not allow disclosing information to anyone who isn�t authorized to access it Integrity Ensures the accuracy of information resources in an organization Financial transactions Availability Ensures that computers and networks are operating Authorized users can access the information they need Plus� Authentication Non-repudiation

Answer 44

Biometric security measures Nonbiometric security measures Physical security measures Access controls Virtual private networks Data encryption E-commerce transaction security measures Computer Emergency Response Team

Answer 45

Use a physiological element unique to a person Biometric devices and measures Facial recognition Fingerprints Hand geometry Iris analysis Palm prints Retinal scanning Signature analysis Use a physiological element unique to a person Biometric devices and measures Facial recognition Fingerprints Hand geometry Iris analysis Palm prints Retinal scanning Signature analysis Vein analysis Voice recognition

Answer 46

Combination of hardware and software Acts as a filter or barrier between a private network and external computers or networks Network administrator defines rules for access Examine data passing into or out of a private network Decide whether to allow the transmission based on users� IDs, the transmission�s origin and destination, and the transmission�s contents Possible actions after examining packet Reject the incoming packet Send a warning to the network administrator Send a message to the sender that the attempt failed Allow the packet to enter (or leave) the private network Main types of firewalls Packet-filtering firewalls Application-filtering firewalls Proxy servers

Answer 47

Protect against both external and internal access Usually placed in front of a firewall Prevent against DoS attacks Monitor network traffic �Prevent, detect, and react� approach Require a lot of processing power and can affect network performance

Answer 48

The most common access control Combination of numbers, characters, and symbols that�s entered to allow access to a system Length and complexity determines its vulnerability to discovery Guidelines for effective passwords

Answer 49

Provides a secure �tunnel� through the Internet For transmitting messages and data via a private network Remote users have a secure connection to the organization�s network Low cost Slow transmission speeds

Answer 50

Transforms data, called plaintext or cleartext, into a scrambled form called ciphertext Rules for encryption determine how simple or complex the transformation process should be Known as the �encryption algorithm� Protocols Secure Sockets Layer (SSL) Transport Layer Security (TLS)

Answer 51

Based on mathematical functions Public key � published key used to encrypt data Private key � key known only to individual user used to decrypt data

Answer 52