CISflashcardslibre

Question 1

Topics Covered

Answer 1

Protecting Information Resources; Data Communication; The Internet, Intranets, and Extranets; HTML, E-Commerce

Question 2

Risks Associated with Information Technologies

Answer 2

Misuses of information technology
Preventing and Minimizing 
Policies and procedures
Operating system updates
Antivirus and antispyware software
E-mail security features
Firewalls
Intrusion detection systems
Vulnerability scanners

Question 3

Computer Crime and Fraud

Answer 3

Computer fraud 
Unauthorized use of computer data for personal gain 
Examples
Denial-of-service attacks 
Identity theft 
Software piracy 
E-mail spamming
Company insiders commit most computer crimes 
�Malicious insider�

Question 4

Phishing

Answer 4

Phishing
Sending fraudulent e-mails that seem to come from legitimate sources
Direct e-mail recipients to false Web sites
To capture private information
Phishing
Sending fraudulent e-mails that seem to come from legitimate sources
Direct e-mail recipients to false Web sites
To capture private information

Question 5

Keystroke Loggers

Answer 5

Keystroke loggers
Monitor and record keystrokes 
Can be software or hardware devices
Both legitimate and illegitimate uses
Keystroke loggers
Monitor and record keystrokes 
Can be software or hardware devices
Both legitimate and illegitimate uses

Question 6

Sniffing

Answer 6

Capturing and recording network traffic

Often used by hackers to intercept information

Question 7

Spoofing

Answer 7

Attempt to gain access to a network by posing as an authorized user to find sensitive information

Question 8

Viruses

Answer 8

Type of malware
Estimating the dollar amount of damage viruses cause can be difficult
Usually given names
I Love You, Michelangelo
Virus: Consists of self-propagating program code that�s triggered by a specified time or event

Question 9

Worms

Answer 9

Travels from computer to computer in a network
Independent programs that can spread themselves without having to be attached to a host program
Replicates into a full-blown version that eats up computing resources
Well-known worms
Code Red, Melissa, and Sasser

Question 10

Trojan Programs

Answer 10

Named after the Trojan horse the Greeks used to enter Troy during the Trojan War
Contains code intended to disrupt a computer, network, or Web site
Usually hidden inside a popular program

Question 11

Logic bomb

Answer 11

Type of Trojan program used to release a virus, worm, or other destructive code
Triggered at a certain time or by an event

Question 12

Backdoors

Answer 12

Programming routine built into a system by its author
Enables the author to bypass security and sneak back into the system later to access programs or files
Users aren�t aware a backdoor has been activated

Question 13

Blended threat

Answer 13

Combines the characteristics of several malicious codes with vulnerabilities on public/private networks
Goal is not to just start/transmit an attack, but to spread it
Multi-layer security system can guard from threats

Question 14

Denial-of-Service Attacks

Answer 14

Floods a network or server with service requests
Prevent legitimate users� access to the system
Targets Internet servers
Distributed denial-of-service (DDoS) attack
Hundreds or thousands of computers work together to bombard a Web site with thousands of requests for information in a short period
Frequently use Botnets

Question 15

Social Engineering

Answer 15

Using �people skills� to trick others into revealing private information
Takes advantage of the human element of security systems
Difficult to track
Use the private information they�ve gathered to break into servers and networks and steal data
Commonly used social-engineering techniques
�Dumpster diving� and �shoulder surfing�

Question 16

Security Concepts The Triad

Answer 16

Confidentiality
System must not allow disclosing information to anyone who isn�t authorized to access it
Integrity
Ensures the accuracy of information resources in an organization
Financial transactions
Availability
Ensures that computers and networks are operating
Authorized users can access the information they need

Plus�
Authentication
Non-repudiation

Question 17

Security Measures and Enforcement: An Overview

Answer 17

Biometric security measures 
Nonbiometric security measures 
Physical security measures 
Access controls 
Virtual private networks 
Data encryption 
E-commerce transaction security measures 
Computer Emergency Response Team

Question 18

Biometric Security Measures

Answer 18

Use a physiological element unique to a person 
Biometric devices and measures
Facial recognition
Fingerprints
Hand geometry
Iris analysis
Palm prints
Retinal scanning
Signature analysis
Use a physiological element unique to a person 
Biometric devices and measures
Facial recognition
Fingerprints
Hand geometry
Iris analysis
Palm prints
Retinal scanning
Signature analysis
Vein analysis 
  Voice recognition

Question 19

Firewalls

Answer 19

Combination of hardware and software
Acts as a filter or barrier between a private network and external computers or networks
Network administrator defines rules for access
Examine data passing into or out of a private network
Decide whether to allow the transmission based on users� IDs, the transmission�s origin and destination, and the transmission�s contents Possible actions after examining packet
Reject the incoming packet
Send a warning to the network administrator
Send a message to the sender that the attempt failed
Allow the packet to enter (or leave) the private network
Main types of firewalls
Packet-filtering firewalls
Application-filtering firewalls
Proxy servers

Question 20

Intrusion Detection Systems

Answer 20

Protect against both external and internal access
Usually placed in front of a firewall
Prevent against DoS attacks
Monitor network traffic
�Prevent, detect, and react� approach
Require a lot of processing power and can affect network performance

Question 21

Passwords

Answer 21

The most common access control
Combination of numbers, characters, and symbols that�s entered to allow access to a system
Length and complexity determines its vulnerability to discovery
Guidelines for effective passwords

Question 22

Virtual Private Networks

Answer 22

Provides a secure �tunnel� through the Internet
For transmitting messages and data via a private network
Remote users have a secure connection to the organization�s network
Low cost
Slow transmission speeds

Question 23

Data Encryption

Answer 23

Transforms data, called plaintext or cleartext, into a scrambled form called ciphertext
Rules for encryption determine how simple or complex the transformation process should be
Known as the �encryption algorithm�
Protocols
Secure Sockets Layer (SSL)
Transport Layer Security (TLS)

Question 24

Asymmetric

Answer 24

Based on mathematical functions
Public key � published key used to encrypt data
Private key � key known only to individual user used to decrypt data

Question 25

Symmetric

Answer 25

Based on transformations | Same key used to encrypt and decrypt

Question 26

Business Continuity Planning

Answer 26

Outlines procedures for keeping an organization operational Prepare for disaster Plan steps for resuming normal operations as soon as possible

Question 27

Data Communication

Answer 27

Electronic transfer of data from one location to another Enables an information system to deliver information Improves the flexibility of data collection and transmission Basis of virtual organizations Enables e-collaboration

Question 28

Bandwidth

Answer 28

Amount of data that can be transferred from one point to another in a certain time period

Question 29

�Attenuation

Answer 29

�Loss of power in a signal as it travels from device to device

Question 30

�Broadband data transmission

Answer 30

�Data are sent simultaneously to increase the transmission rate

Question 31

�Protocols

Answer 31

Rules that govern data communication, including error detection, message length, and transmission speed Help ensure compatibility between different manufacturers� devices

Question 32

Types of Networks

Answer 32

Three major types of networks: Local area networks Wide area networks, Metropolitan area networks

Question 33

Local Area Networks

Answer 33

Connects workstations and peripheral devices in close proximity Common types of local area networks: Ethernet � most common and token ring

Question 34

Wide Area

Answer 34

Span several cities, states, or even countries | Owned by different parties

Question 35

�MAN

Answer 35

Communication for multiple organizations in a city and sometimes nearby cities

Question 36

Network Topologies

Answer 36

``` Represents a network�s physical layout Five common topologies Star Ring Bus Hierarchical Mesh ```

Question 37

Star Topology

Answer 37

``` Central computer and a series of nodes Advantages Cable layouts are easy to modify Centralized control makes detecting problems easier Nodes can be added to the network easily Better for handling heavy but short bursts of traffic Disadvantages Single point of potential failure Increased cost due to many cables ```

Question 38

Ring Topology

Answer 38

Each computer manages its own connectivity Each node is connected to two other nodes Upstream neighbor and downstream neighbor Transmission in one direction Implementations Token ring Fiber Distributed Data Interface (FDDI) Needs less cable than star Handles heavy short bursts well

Question 39

Bus Topology

Answer 39

``` Connects nodes along a network segment Ends of the cable aren�t connected Terminator absorbs signal at each end A node failure has no effect on any other node Advantages Easy to extend Very reliable Wiring layout is simple and uses the least amount of cable of any topology Best for handling steady (even) traffic Disadvantages Fault diagnosis is difficult Bus cable can be a bottleneck when network traffic is heavy ```

Question 40

Major Networking Concepts

Answer 40

``` Important networking concepts Protocols TCP/IP Routing Routers Client/server model ```

Question 41

Protocols

Answer 41

Agreed-on methods and rules that electronic devices use to exchange information Deal with hardware connections Control data transmission and file transfers Specify the format of message packets Multiple protocol support is important

Question 42

Layered Network Architecture

Answer 42

The network architecture is layered Descending levels of abstraction Applications at the top Hardware at the bottom The layers do not communicate directly across to their counterparts Each layer relies on the next layer down Getting the layers right has been a subject of debate

Question 43

Transmission Control Protocol/Internet Protocol

Answer 43

Industry-standard suite of communication protocols Main advantage is that it enables interoperability Originally intended for Internet communication Major protocols in the TCP/IP suite: Transmission Control Protocol (TCP) Operates at the Transport layer Internet Protocol (IP) Operates at the Network layer

Question 44

Packet

Answer 44

Collection of binary digits, including message data and control characters for formatting and transmitting Sent from computer to computer over a network When a packet is transmitted from one network device to another, the transmission is called a hop When packets arrive at the destination computer, they need not in the proper order

Question 45

Routing

Answer 45

Process of deciding which path data takes Decisions made using routing table Centralized routing Distributed routing

Question 46

Routers

Answer 46

Network connection device containing software Connects network systems and controls traffic flow between them Must use a common routing protocol Operates at network layer Performs the same functions as a bridge More sophisticated device Chooses the best possible path for packets

Question 47

Client/Server Model

Answer 47

Software runs on the local computer (the client) Communicates with the remote server to request information or services Server Remote computer on the network that provides information or services in response to client requests Basic client/server communication Advantage: scalability Three levels of logic: presentation, application, and data management

Question 48

Two-Tier Architecture

Answer 48

Client communicates directly with the server Presentation logic is always on the client Data management logic is on the server Application logic located on either or both Effective in small workgroups Only in small workgroups?

Question 49

Wireless network

Answer 49

Uses wireless instead of wired technology Advantages Mobility, flexibility, ease of installation, and low cost Disadvantages Limited throughput and range, in-building penetration problems, vulnerability to frequency noise, and security

Question 50

Mobile network

Answer 50

Network operating on a radio frequency (RF), consisting of radio cells served by a base station Advantages Mobility, flexibility, ease of installation, and low cost Disadvantages Limited throughput and range, in-building penetration problems, vulnerability to frequency noise, and security

Question 51

Convergence

Answer 51

Integrating voice, video, and data so that multimedia information can be used for decision making required network upgrades